DOCSLIB.ORG

LEARNING PATHS Software Security Role-Based Curriculum

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
LEARNING PATHS Software Security Role-Based Curriculum LEARNING PATHS Software Security Role-Based Curriculum www.securityinnovation.com | @SecInnovation | 978.694.1008 1 .NET Developer ........................................................................................................................................... 4 Android Developer ..................................................................................................................................... 4 Back-End Developer ................................................................................................................................... 5 C Developer ................................................................................................................................................ 6 C# Developer .............................................................................................................................................. 7 C++ Developer ............................................................................................................................................ 7 Front-End Developer .................................................................................................................................. 8 HTML5 Developer ....................................................................................................................................... 9 iOS Developer ........................................................................................................................................... 10 Java Developer ......................................................................................................................................... 11 JavaScript Developer ................................................................................................................................ 12 Mobile Developer ..................................................................................................................................... 13 PHP Developer .......................................................................................................................................... 14 Python Developer ..................................................................................................................................... 15 Ruby on Rails Developer .......................................................................................................................... 15 Web Developer ......................................................................................................................................... 16 Node.js Developer .................................................................................................................................... 17 Swift Developer ........................................................................................................................................ 18 Microsoft SDL Developer ......................................................................................................................... 19 Cloud Developer ....................................................................................................................................... 20 PCI Developer ........................................................................................................................................... 21 IoT & Embedded Developer ..................................................................................................................... 22 Core Developer ......................................................................................................................................... 22 DevOps Practitioner ................................................................................................................................. 23 Network Engineer..................................................................................................................................... 24 Automation Engineer ............................................................................................................................... 24 Embedded Test Engineer ......................................................................................................................... 25 QA Test Engineer ...................................................................................................................................... 26 IT Architect ............................................................................................................................................... 27 Embedded Architect ................................................................................................................................. 28 Software Architect ................................................................................................................................... 28 Business Analyst ....................................................................................................................................... 29 www.securityinnovation.com | @SecInnovation | 978.694.1008 2 Systems Analyst ........................................................................................................................................ 30 Systems Administrator ............................................................................................................................. 31 Database Administrator ........................................................................................................................... 32 Linux Administrator.................................................................................................................................. 32 Product Owner ......................................................................................................................................... 33 Project Manager ....................................................................................................................................... 33 Cyber Security Professional ..................................................................................................................... 34 Operations/IT Manager ........................................................................................................................... 35 Application Security Champion ............................................................................................................... 36 Information Security Specialist ................................................................................................................ 37 Systems Leadership .................................................................................................................................. 38 Development Manager ............................................................................................................................ 38 www.securityinnovation.com | @SecInnovation | 978.694.1008 3 .NET Developer The .NET learning path includes a variety of security courses that will vary depending on whether you are seeking core, advanced or elite paths. It is designed to provide a solid foundation of .NET security features for building secure web applications, sophisticated desktop applications, or modern mobile applications. Security concepts covered within this learning path include: • Code Access Security (CAS) • .NET cryptographic technologies • Secure Coding best practices More advanced courses offer application framework specific secure coding best practices for ASP.NET to extend the .NET Developer platform with tools and libraries for building web applications. Round off security expertise with knowledge and skills to apply security principles for creating secure application architecture and conduct effective security code reviews. Details 34 Courses, 12 Hours, 14 CPE Credits Core Advanced Elite AWA 101 Fundamentals of COD 216-217 Creating Secure Code COD 308-309 Creating Secure Application Security .NET Framework Foundations Series ASP.NET MVC Applications Series (2) (2) AWA 102 Secure Software COD 255 Creating Secure Code – Web DES 311 Creating Secure Concepts API Foundations Application Architecture COD 102-108 Fundamentals of DES 204 The Role of Cryptography in DSO 307 Secure Secrets SDLC Security Series (7) Application Development Management DES 101 Fundamentals of Secure DES 212 Architecture Risk Analysis ENG 312 How to Perform a Architecture and Remediation Security Code Review DES 222-231 Applying OWASP 2017 SDT 314 Testing for Unrestricted Mitigation Series (10) Upload of File with Dangerous Type ENG 205 Fundamentals of Threat Modeling ENG 211 How to Create Application Security Design Requirements ENG 212 Implementing Secure Software Operations Android Developer The Android Developer learning path includes a variety of security courses that will vary depending on whether you are seeking core, advanced or elite paths. It is designed to provide a solid foundation of security features necessary to develop applications for devices powered by the Android operating system. The Android Developer learning path provides secure coding best practices for designing and building android applications including: • Identifying common android application risks • Creating a mobile application threat model www.securityinnovation.com | @SecInnovation | 978.694.1008 4 • Applying android platform specific knowledge Round off security expertise with knowledge and skills to apply security principles for creating secure application architecture and conduct effective security
Load more

Recommended publications
  • Agile Playbook V2.1—What’S New?
    AGILE P L AY B O OK TABLE OF CONTENTS INTRODUCTION ..........................................................................................................4 Who should use this playbook? ................................................................................6 How should you use this playbook? .........................................................................6 Agile Playbook v2.1—What’s new? ...........................................................................6 How and where can you contribute to this playbook?.............................................7 MEET YOUR GUIDES ...................................................................................................8 AN AGILE DELIVERY MODEL ....................................................................................10 GETTING STARTED.....................................................................................................12 THE PLAYS ...................................................................................................................14 Delivery ......................................................................................................................15 Play: Start with Scrum ...........................................................................................15 Play: Seeing success but need more fexibility? Move on to Scrumban ............17 Play: If you are ready to kick of the training wheels, try Kanban .......................18 Value ......................................................................................................................19
    [Show full text]
  • Devnet Module 3
    Module 3: Software Development and Design DEVASCv1 1 Module Objectives . Module Title: Software Development and Design . Module Objective: Use software development and design best practices. It will comprise of the following sections: Topic Title Topic Objective 3.1 Software Development Compare software development methodologies. 3.2 Software Design Patterns Describe the benefits of various software design patterns. 3.3 Version Control Systems Implement software version control using GIT. 3.4 Coding Basics Explain coding best practices. 3.5 Code Review and Testing Use Python Unit Test to evaluate code. 3.6 Understanding Data Formats Use Python to parse different messaging and data formats. DEVASCv1 2 3.1 Software Development DEVASCv1 3 Introduction . The software development process is also known as the software development life cycle (SDLC). SDLC is more than just coding and also includes gathering requirements, creating a proof of concept, testing, and fixing bugs. DEVASCv1 4 Software Development Life Cycle (SDLC) . SDLC is the process of developing software, starting from an idea and ending with delivery. This process consists of six phases. Each phase takes input from the results of the previous phase. SDLC is the process of developing software, starting from an idea and ending with delivery. This process consists of six phases. Each phase takes input from the results of the previous phase. Although the waterfall methods is still widely used today, it's gradually being superseded by more adaptive, flexible methods that produce better software, faster, with less pain. These methods are collectively known as “Agile development.” DEVASCv1 5 Requirements and Analysis Phase . The requirements and analysis phase involves the product owner and qualified team members exploring the stakeholders' current situation, needs and constraints, present infrastructure, and so on, and determining the problem to be solved by the software.
    [Show full text]
  • Development Using Software Quality Control Techniques of a Modern Application for the Shop Floor
    Development using Software Quality Control Techniques of a Modern Application for the Shop Floor Report submitted to the Universidade Federal de Santa Catarina as a requirement to approval on the subject: DAS 5511: Projeto de Fim de Curso Rafael Scheffer Berlin, November 2018 Development using Software Quality Control Techniques of a Modern Application for the Shop Floor Rafael Scheffer This paper was judged in the context of the subject: DAS 5511: Projeto de Fim de Curso and approved in its final form by the Course Engenharia de Controle e Automação Prof. Rômulo Silva de Oliveira Examiner Committee: Ricardo Grützmacher Mentor at Rolls-Royce Prof. Rômulo Silva de Oliveira Mentor at UFSC Hector Bessa Silveira Responsible for the Course Leonardo Martins Rodrigues, Committee member Matheus Felipe Souza Valin, Committee member Ígor Assis Rocha Yamamoto, Committee member Abstract Traditional companies, such as Rolls-Royce, are heavily investing in the digitalization of their manual and analog processes. In the department of Assembly and Test, a good example of this type of process is the monitoring of jet engines production in the shop floor, which is done by in-person verification of the module builds, Excel spreadsheets and paper-based systems. These methods are intrinsically slow, inefficient and error prone. As a solution, the development of Shopino, a modern web application for monitoring and data visualization for the shop floor, was proposed. In order to lower costs and save time, the application was developed on top of an existing platform, called Engino. However, since Engino was not finished, it had to be improved and tested.
    [Show full text]
  • Coding Best Practices for Building Intelligent B2C Cloud Native Applications September 4, 2020
    Coding Best practices for building Intelligent B2C Cloud Native Applications September 4, 2020 By Ovidiu Mura [email protected] Software Engineer at PacteraEdge In a highly interconnected world where technology changes rapidly data privacy and securing the applications from bad actors is essential. The B2C Cloud Native applications are opened to the public internet to be able to reach all possible customers but this comes with risks. The B2C Cloud Native applications can have vulnerabilities in design, source code, network security policies, or the vulnerability which comes with the deployment on the Cloud platforms. Bad actors can exploit vulnerabilities which can be exposed by a negligent development process, but if the software development engineers and security engineers work together and use the best coding practices in their software development process, vulnerabilities can be mitigated completely. B2C (Business-to-Consumer) applications are applications which have a design model where the products or services move directly from a business to the customer who purchases them for personal use via the internet. Cloud-Native is an approach that takes advantage of the cloud computing delivery model for building and running applications. Cloud Native Applications are applications which are built from ground up, and are optimized for cloud scale and performance. They are built based on microservices architectures, use managed services, and take advantage of continuous delivery to achieve reliability and faster time to market. Cloud-native computing takes advantage of many modern techniques, including PaaS, multi- cloud, microservices, agile methodology, containers, CI/CD, and devops. [1] © PacteraEDGE. Confidential. All rights reserved. Cloud-Native Applications run on cloud-based compute solutions so that the developers don’t worry about the infrastructure details; the resources can be easily scaled up or scaled out as the application usage grows.
    [Show full text]
  • Intermediate Topics in Mainframe Application Development
    Intermediate Topics in Mainframe Application Development Venkat Balabhadrapatruni [email protected] August 4th, 2014 Session: 15478 Insert Custom Session QR if Desired. Purpose and Presentation flow • Purpose … to present the features in Rational Developer for System z that help organizations enhance code quality and streamline the delivery of new functions into existing code. • Flow • Code quality and governance • Importance of code quality and governance • Tools available • Unit testing • Why Unit test ? • Tools available 2 DISCLAIMER IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion. Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user’s job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here. Information is confidential and must not be shared or redistributed without permission from IBM.
    [Show full text]
  • Diving Into Code Quality: Factors Affecting Code Quality
    1 Diving Into Code Quality: Factors Affecting Code Quality By Elizabeth So, formerly of DisputeSoft Businesses across all industries hire software development companies to implement information-technology systems. However, studies conducted by firms such as The Standish Group International, Inc. have shown that a majority of software projects experience serious technical issues, which often result in project failure. One variable that may contribute to the success or failure of a software project is code quality. Code quality refers to a combination of non-functional attributes of software code, including maintainability, reliability, and security, which together indicate how well code is written. Developers should strive to maintain high code quality across the duration of a software project such that their code adheres to project requirements and technical specifications and meets industry standards for code quality. Benefits of high code quality include increased maintainability of code, reduction of time spent correcting defects in earlier versions of code, and prevention of critical problems (e.g., medical device malfunction). However, project managers and stakeholders may deprioritize maintaining high code quality during a project’s software development lifecycle (SDLC) to achieve competing goals, such as adherence to a project timeline or staying within budget. In software failure cases, experts may analyze source code produced during a software project to determine whether poor code quality contributed to project failure. Experts may also review produced documents related to software development processes and project management that provide insight into the factors contributing to poor code quality. Factors Affecting Code Quality 2 Factors including skill of the development team, stability of existing software development environments and processes, and strength of project management can affect the code quality of a software project.
    [Show full text]
  • Automating Your Code Review: Moving to a Saas Model For
    White Paper Automating Your Code Review: Moving to a SaaS Model for Application Security Contents Overview ................................................................................................................................. 3 Executive Summary ................................................................................................................. 3 Code Review and Security Analysis Methods ........................................................................... 5 Source Code Review 5 Penetration Testing 6 Binary Code Review 7 Application Rating and Remediation ....................................................................................... 7 Veracode and Automated Code Reviews ................................................................................. 8 Binary application analysis 8 Application Reviews and Ratings for Software Procurement 9 Remediation 9 Multiple Vulnerability Detection Technologies 10 Summary ............................................................................................................................... 10 About Veracode .................................................................................................................... 10 © 2008 Veracode, Inc. 2 Overview Today’s application has become the enterprise’s ‘‘new perimeter’’. With better network‐level security technology hardening the network perimeter, malicious attackers are now focusing their efforts to strike at the least defended points ‐ the application. While hackers were once satisfied with defacing
    [Show full text]
  • The Application of a New Secure Software Development Life Cycle (S-SDLC) with Agile Methodologies
    electronics Article The Application of a New Secure Software Development Life Cycle (S-SDLC) with Agile Methodologies Juan de Vicente Mohino, Javier Bermejo Higuera , Juan Ramón Bermejo Higuera and Juan Antonio Sicilia Montalvo * Escuela Superior de Ingeniería y Tecnología, Universidad Internacional de La Rioja, Avda. de La Paz 137, 26006 Logroño, La Rioja, Spain; [email protected] (J.d.V.M.); [email protected] (J.B.H.); [email protected] (J.R.B.H.) * Correspondence: [email protected] Received: 17 September 2019; Accepted: 21 October 2019; Published: 24 October 2019 Abstract: The software development environment is focused on reaching functional products in the shortest period by making use of the least amount of resources possible. In this scenario, crucial elements such as software quality or software security are not considered at all, and in most cases, the high value offered to the projects is not taken into account. Nowadays, agile models are booming. They are defined by the way they achieve the interaction and integration of everyone involved in the software life cycle, the advantages of the quick reaction to change, and the implementation of artifacts or deliverables which display the level of progress reached at any time. In this context, it seems clearly necessary to define a new software development model, which prioritizes security aspects at any phase of the software life cycle and takes advantage of the benefits of the agile models. The proposed methodology shows that if security is considered from the beginning, vulnerabilities are easily detected and solved during the time planned for the project, with no extra time nor costs for the client and it increases the possibilities of reaching success in terms of not only functionality but also quality.
    [Show full text]
  • SOFTWARE ASSURANCE GUIDANCE and EVALUATION (SAGE) TOOL Luiz L
    SOFTWARE ASSURANCE GUIDANCE AND EVALUATION (SAGE) TOOL Luiz L. Antunes, Ebonie McNeil, Robert B. Schiela, and Hasan Yasar May 2021 Overview Introduction The Software Assurance (SwA) Evaluation was developed by the Carnegie Mellon University Soft- ware Engineering Institute (SEI) to assess systems development and operations practices and to iden- tify potential vulnerabilities and opportunities to improve and secure processes. The creation of the Software Assurance Guidance and Evaluation (SAGE) tool required a thorough analysis of the most popular standards and frameworks for software assurance, secure coding, Agile, and secure DevOps, used both in industry and government settings. As a result of this analysis, both the questions and the provided guidance draw from modern practices used in software design, devel- opment, test, and operation. The appendix contains a list of some of the standards and frameworks used in the elaboration of this tool. The evaluation questions are distributed across the software production and operation phases. To achieve the best results, the questionnaire should be applied as a survey to people working in different stages of the production/operation line. Due to overlaps in responsibilities, participants will find that many questions apply to their work, even if they initially appear to be outside of their areas. The mul- tiple evaluation responses, from participants in different roles, will provide different perceptions of the same processes, contributing to the richness of the answers. How to Apply the SAGE Tool This document is composed of two complementary parts: a questionnaire section, which can be dis- tributed to different teams across the software development and operations areas in your organization, and a guidance section, containing a compendium of best practices executed today in both industry and government settings.
    [Show full text]
  • Nova Software Quality Assurance Process White Paper
    Chongqing Nova Software Development Ltd Nova Software Quality Assurance Process White Paper Atlantic International Building 15F No.2 Ke Yuan Yi Road, Shiqiaopu, Chongqing, P.R.C. 400039 Tel: 86- 23- 68795169 Fax: 86-23- 68795169 Quality Assurance Process Nova Software 2011 1 / 12 Chongqing Nova Software Development Ltd Table of Contents Table of Contents ..................................................................................................................................... 2 Preface ...................................................................................................................................................... 3 1. Introduction ...................................................................................................................................... 3 1.1. Intended Audience ............................................................................................................... 3 1.2. Scope ................................................................................................................................... 3 1.3. Reference Document ........................................................................................................... 3 2. Approach .......................................................................................................................................... 4 2.1 Overview ............................................................................................................................. 4 2.2 Methodology - Agile Software Development
    [Show full text]
  • Embracing Agile Methodology During Devops Developer Internship Program
    Embracing Agile methodology during DevOps Developer Internship Program Amol S Patwardhan, Jon Kidd, Tiffany Urena, Aishwarya Rajgopalan. Introduction: The DevOps team adopted agile methodologies [1] during the summer internship program as an initiative to move away from waterfall. The DevOps team implemented the Scrum software development strategy [2] to create an internal data dictionary web application. This article reports on the transition process [3] and lessons learned from the pilot program. Waterfall methodology: For several decades the development teams have used waterfall process [4] for implementing software. But in the recent years several software companies, technical articles and research papers have acknowledged the benefits of agile methodologies over waterfall and have attempted to adopt agile processes. Software industry is constantly trying to keep up with competition to deliver products to market in a short duration, while also maintaining quality and meeting customer expectations and adopting new technologies at the same time. Vendors facilitating the switch to agile provide plenty of presentations about advantages of agile but lack definitive steps detailing how an organization can change the deeply rooted processes and overcome resistance to change. The transition needs to occur from within an organization and the DevOps [5] team decided to take the first step towards going agile. DevOps: The DevOps team serves as facilitator between the software development team and the information technology (IT) operations team. The DevOps team at our company had an opening to hire a developer intern for the summer. The team saw an opportunity to use the internship as a stepping- stone for adopting agile in development process.
    [Show full text]
  • The Foundations of Successful Test Automation
    WHITE PAPER The Foundations of Successful Test Automation Automating the test process applies computational power to what it does best, the repetitive exercise of software systems. And yet, anyone who has been in the software testing field for more than a few years has seen a test automation effort fail. Learn what you need to know to make your test automation effort a success. Table of Contents Overview 3 The Choice to Automate 4 Developing a Test Automation Strategy 5 Cultivate a Test Automation Culture 5 How to Prepare for the Test Automation Effort 7 Optimize & Scale Your Automation Project 8 Coding Best Practices for Test Automation 10 Best Practices for Test Creation & Maintenance 11 Choosing the Right Test Automation Tools 13 Dumb Record & Playback Test Tools 14 Smart Record & Playback Test Tools 14 AI Assisted Auto Discovery & Playback 14 Abstract Syntax Test Tools 15 Hand Coded Test Development 15 Quantifying Your Automation ROI 16 Helping You Achieve Success 18 Summary 19 White Paper: The Foundations of Successful Test Automation 2 Overview Software development has progressed from the Waterfall method that allowed months and even years for creating, assembling, and testing a software release to the Agile and Continuous Integration methodologies that crank out releases in a week or two. As a result, test automation has become an integral component of software development. In the software marketplace, development efforts must get it right the first time. The modern user community has very little tolerance for content format issues or slow performance, much less functional failures. The immediacy of market requirements that are desperately trying to distinguish a product from dozens of competitors makes little space for a careful measured approach to testing.
    [Show full text]