Ir al contenido principal

LinuxFoundationX: Secure Software Development: Verification and More Specialized Topics

Learn how to verify software for security, and take a deeper dive into the basics of applying threat models and cryptography.

Secure Software Development: Verification and More Specialized Topics
7 semanas
1–2 horas por semana
A tu ritmo
Avanza a tu ritmo
Gratis
Verificación opcional disponible

Hay una sesión disponible:

Una vez finalizada la sesión del curso, será archivadoAbre en una pestaña nueva.
Comienza el 23 abr
Inscríbete
Secure Software Development: Verification and More Specialized Topics

Sobre este curso

Omitir Sobre este curso

Modern software is under constant attack, but many software developers have never been told how to effectively counter those attacks. This course works to solve that problem, by explaining the fundamentals of developing secure software. Geared towards software developers, DevOps professionals, software engineers, web application developers, and others interested in learning how to develop secure software, this course focuses on practical steps that can be taken, even with limited resources to improve information security. This course will enable software developers to create and maintain systems that are much harder to successfully attack, reduce the damage when attacks are successful, and speed the response so that any latent vulnerabilities can be rapidly repaired.

This course discusses how to verify software for security. In particular, it discusses the various static and dynamic analyses approaches, as well as how to apply them (e.g., in a continuous integration pipeline). It also discusses more specialized topics, such as the basics of how to develop a threat model and how to apply various cryptographic capabilities.

This is the third of the three courses in the Secure Software Development Fundamentals Professional Certificate program, and was developed by the Open Source Security Foundation (OpenSSF), a project of the Linux Foundation focused on securing the open source ecosystem. The training courses included in this program focus on practical steps that you (as a developer) can take to counter most common kinds of attacks.

De un vistazo

  • Institution LinuxFoundationX
  • Subject Informática
  • Level Introductory
  • Prerequisites

    We presume that the student already knows how to develop software to some degree.

  • Language English
  • Video Transcripts اَلْعَرَبِيَّةُ, Deutsch, English, Español, Français, हिन्दी, Bahasa Indonesia, Português, Kiswahili, తెలుగు, Türkçe, 中文
  • Associated programs
  • Associated skillsLinux, DevOps, Cryptography, Continuous Integration, Software Engineering, Threat Modeling, Software Development, Open Source Technology

Lo que aprenderás

Omitir Lo que aprenderás
  • Security Verification: How to examine software, include some key tool types, and how to apply them in continuous integration (CI). This includes learning about security code scanners/static application security testing (SAST) tools, software component analysis (SCA)/dependency analysis tools, fuzzers, and web application scanners.
  • Threat modeling/Attack modeling: How to consider your system from an attacker’s point of view and how to apply a simple design analysis approach called STRIDE.
  • Fielding: How to deploy and operate secure software, handle vulnerability reports, and how to rapidly update when reused components have publicly-known vulnerabilities.
  • Assurance cases & formal methods: The basics of approaches to more strongly analyze and justify that your software is secure.

Plan de estudios

Omitir Plan de estudios
  • Welcome!
  • Chapter 1. Verification (basics of verification; static analysis; software component analysis - SCA/dependency analysis; dynamic analysis; other verification topics - combining verification approaches)
  • Chapter 2. Threat Modeling
  • Chapter 3. Cryptography (symmetric/shared key encryption; cryptographic hashes (digital fingerprints); public-key (asymmetric) cryptography; cryptographic pseudo-random number generator (PRNG); storing passwords; transport layer security (TLS); other topics in cryptography)
  • Chapter 4. Other Topics (vulnerability disclosures; assurance cases; distributing, fielding/deploying, operations and disposal; formal methods; top vulnerability lists)
  • Final Exam (Verified Certificate track only)

¿Quién puede hacer este curso?

Lamentablemente, las personas residentes en uno o más de los siguientes países o regiones no podrán registrarse para este curso: Irán, Cuba y la región de Crimea en Ucrania. Si bien edX consiguió licencias de la Oficina de Control de Activos Extranjeros de los EE. UU. (U.S. Office of Foreign Assets Control, OFAC) para ofrecer nuestros cursos a personas en estos países y regiones, las licencias que hemos recibido no son lo suficientemente amplias como para permitirnos dictar este curso en todas las ubicaciones. edX lamenta profundamente que las sanciones estadounidenses impidan que ofrezcamos todos nuestros cursos a cualquier persona, sin importar dónde viva.

Este curso es parte del programa Secure Software Development Fundamentals Professional Certificate

Más información 
Instrucción por expertos
3 cursos de capacitación
A tu ritmo
Avanza a tu ritmo
5 meses
1 - 2 horas semanales

Formas de realizar este curso

Elige tu camino al inscribirte.

Verified Track

Audit Track

Costo

249 US$

Free

Acceso a los materiales del curso

Ilimitado

Limitado

Caduca el 11 jun

World class institutions and universities

Asistencia de edX

Certificado para compartir al finalizar

Tareas con calificación y exámenes

Visita la sección de Preguntas frecuentesen una pestaña nueva con preguntas frecuentes sobre estas modalidades.

¿Te interesa este curso para tu negocio o equipo?

Capacita a tus empleados en los temas más solicitados con edX para Negocios.
ComprarSolicitar información