Secure Software Development Fundamentals by Linux Foundation
Skills Covered: Secure Software Development, Secure Design Principles, Reusing External Software, Threat Modeling, Cryptography, Vulnerability Disclosures, Assurance Cases, Distributing, Fielding, Operations and Disposal, Formal Methods, Top Vulnerability Lists
ABOUT THIS PROFESSIONAL CERTIFICATION
Almost all software is under attack today, and many organizations are unprepared in their defense. This professional certificate program, developed by the Open Source Security Foundation (OpenSSF), a project of the Linux Foundation, is geared towards software developers, DevOps professionals, software engineers, web application developers, and others interested in learning how to develop secure software, focusing on practical steps that can be taken, even with limited resources to improve information security. The program enables software developers to create and maintain systems that are much harder to successfully attack, reduce the damage when attacks are successful, and speed the response so that any latent vulnerabilities can be rapidly repaired. The best practices covered in the course apply to all software developers, and it includes information especially useful to those who use or develop open source software.
The program discusses risks and requirements, design principles, and evaluating code (such as packages) for reuse. It then focuses on key implementation issues: input validation (such as why allowlists and not denylists should be used), processing data securely, calling out to other programs, sending output, cryptography, error handling, and incident response. This is followed by a discussion on various kinds of verification issues, including tests, including security testing and penetration testing, and security tools. It ends with a discussion on deployment and handling vulnerability reports.
The training courses included in this program focus on practical steps that you (as a developer) can take to counter most common kinds of attacks. It does not focus on how to attack systems, how attacks work, or longer-term research.
Modern software development depends on open source software, with open source now being pervasive in data centers, consumer devices, and services. It is important that those responsible for cybersecurity are able to understand and verify the security of the open source chain of contributors and dependencies. Thanks to the involvement of OpenSFF, a cross-industry collaboration that brings together leaders to improve the security of open source software by building a broader community, targeted initiatives, and best practices, this program provides specific tips on how to use and develop open source securely.
WHAT YOU WILL LEARN
- Security basics: Learn about risk management, the “CIA” triad, and requirements.
- Secure design principles: Discuss principles such as “least privilege” and how to apply these principles.
- Supply chain evaluation: Learn tips on how to choose packages to reuse, and how to reuse them so that you can rapidly be alerted & update the software.
- Implementation: Learn how to implement more secure software (how to do input validation, process data securely, call out to other programs, and send output), and more specialized approaches (such as basics of cryptography and handling problems).
- Security Verification: Learn how to examine software, include some key tool types, how to apply them in continuous integration (CI).
- Fielding: Learn how to deploy and operate secure software, handle vulnerability reports, and how to rapidly update when reused components have publicly-known vulnerabilities.
- Learn how to securely use and develop open source software.
- Security Software Developers earn 35% more than Software Developers in a US nationwide average according to ZipRecruiter Sep 25, 2020 data.
- The US Bureau of Labor Statistics reports employment of Information Security Analysts is projected to grow 31% from 2019 to 2029, much faster than the average for all occupations, and higher than the growth for Software Developers in general (22%).
Only logged in customers who have purchased this product may leave a review.