Security in Software Development Lifecycle with Threat Modelling

£1,835.00 inc. VAT

Do you develop software? Whether bespoke or off the shelf, does it put your customers at risk of a security breach? Do you choose components for your enterprise architecture with security in mind and an awareness of how they impact your exposure? Beyond a pre-release penetration test, do you follow secure development best practices throughout the product’s lifecycle?

This course demonstrates the approach you should take in planning and developing a secure software development lifecycle.

 

The 3 day course will take place online between 9am and 5pm (GMT) on 21–23 March 2022.

Out of stock

SKU: 44CON-TRN-M22-SSDLCTM Category: Tags: , , , , ,

Live Online Training

Presented by NCC Group

The 3 day course will take place online between 9am and 5pm (GMT) on 21–23 March 2022.

The price is £2,202 (inc VAT/£1,835 ex VAT).

This course has been cancelled.

Do you develop software? Whether bespoke or off the shelf, does it put your customers at risk of a security breach? Do you choose components for your enterprise architecture with security in mind and an awareness of how they impact your exposure? Beyond a pre-release penetration test, do you follow secure development best practices throughout the product’s lifecycle?

This course demonstrates the approach you should take in planning and developing a secure software development lifecycle.

Agenda – 3 days

  • SDLC place in organisation’s security program. Maturity models.
  • Types of SDLC: waterfall, agile, lean etc.
  • Stages of SDLC: requirements gathering, architecture and design, development, testing/ validation, release/maintenance.
  • Detailed coverage of security activities suitable for each stage. Software-centric threat modelling.
  • Analysing and decomposing the application.
  • Applying STRIDE to identify potential threats.
  • DREAD and other methods of prioritisation. Determining the countermeasures and mitigations.

Who should take this course?

This course is aimed at senior software developers, QA engineers, software architects, technical project/ product/program managers, business analysts and team leaders who want to understand how to satisfy expectations around security and privacy for software and hardware over which they have responsibility or liability.

Requirements

  • There is no requirement to have programming skills, however, a technical understanding would be beneficial to follow secure design principles and architecture decomposition.
  • One computer per delegate running Windows that you have the rights to install applications on.

Deliverables

  • Modular PDF slide-deck of the material covered during the training
  • Answers to the threat modelling exercises

 

About the trainers

NCC Group is a global expert in cyber security and risk mitigation, working with businesses to protect their brand, value and reputation against the ever-evolving threat landscape.

With their knowledge, experience and global footprint, they are best placed to help businesses identify, assess, mitigate & respond to the risks they face.

%d bloggers like this: