Training > Cybersecurity > Developing Secure Software (LFD121)
Training Course

Developing Secure Software (LFD121)

Learn the security basics to develop software that is hardened against attacks, and understand how you can reduce the damage and speed the response when a vulnerability is exploited. This course includes specific tips on how to use and develop open source and other software securely. It was developed by the Open Source Security Foundation (OpenSSF), a cross-industry collaboration that brings together leaders to improve the security of open source software by building a broader community, targeted initiatives, and best practices.

Who Is It For

Geared towards software developers, DevOps professionals, software engineers, web application developers, and others interested in learning about developing secure software, this course focuses on practical steps that can be taken, even with limited resources, to improve information security.
read less read more
What You’ll Learn

Modern software is under constant attack, but many software developers have never been told how to effectively counter those attacks. This course works to solve that problem, by explaining the fundamentals of developing secure software. This course starts by discussing the basics of cybersecurity, such as what risk management really means. It discusses how to consider security as part of the requirements of a system, and what potential security requirements you might consider. This first part of the course then focuses on how to design software to be secure, including various secure design principles that will help you avoid bad designs and embrace good ones. It also considers how to secure your software supply chain, that is, how to more securely select and acquire reused software (including open source software) to enhance security. The second part of this course focuses on key implementation issues: input validation (such as why allowlists should be used and not denylists), processing data securely, calling out to other programs, sending output, and error handling. It focuses on practical steps that you (as a developer) can take to counter the most common kinds of attacks. The third part of the course discusses how to verify software for security. In particular, it discusses the various static and dynamic analysis approaches, as well as how to apply them (e.g., in a continuous integration pipeline). It also discusses more specialized topics, such as the basics of how to develop a threat model and how to apply various cryptographic capabilities.
read less read more
What It Prepares You For

This course will enable software developers to create and maintain systems that are much harder to successfully attack, reduce the damage when attacks are successful, and speed the response so that any latent vulnerabilities can be rapidly repaired.
read less read more
Course Outline
1. Introduction
2. Part 1: Requirements, Design and Reuse - Overview
3. Security Basics
4. Secure Design Principles
5. Reusing External Software
6. Part 2: Implementation - Overview
7. Input Validation
8. Processing Data Securely
9. Calling Other Programs
10. Sending Output
11. Part 3: Verification and More Specialized Topics
12. Verification
13. Threat Modeling
14. Cryptography
15. Other Topics
16. Final Exam

Prerequisites
We presume that the student already knows how to develop software to some degree.
Reviews
Jun 2024
This course has lots of information, and a wide coverage of different areas related to security, many links provided for in-depth study of the topic, and real stories about discovered vulnerabilities. Plus the text format suits me very well.
Jun 2024
I think it's great that the course is provided for free, we need to increase awareness on security topics in the industry, and lowering the barrier for access to the information is a great way to start!
May 2024
I have done many different courses, but this was by far the best one - informative and short, but contains all the required detail. All the required fields, cases, etc are mentioned (almost). Very good for everyone.
Apr 2024
I like the more holistic view that this course takes, compared to most other security courses I've taken, which were more focused on specific topics (e.g. cryptography).
Mar 2024
The security concepts and topics covered as part of this course are really helpful! It's all in one (covering all major/important security topics/concepts), and the quickest and best starting point for any Security Professional I have ever seen!
Mar 2024
The course is a good primer for those of us who have previously not had the opportunity to be a part of the secure design of systems.
Feb 2024
The real-world scenarios were so actual, and I can see the impact of the vulnerability we're talking about, which helps to understand in a better way all the risks of a security vulnerability.
Feb 2024
Excellent course! Great content, highly relevant and (mostly) up-to-date. It strikes a good balance between theory, principles, and practical, immediately applicable recipes.
Feb 2024
The synthesis of many different software security topics into a comprehensible and approachable course for any kind of software engineer.
Feb 2024
The information was practical and very up-to-date.
Sep 2023
I will take advantage of the lessons learned, to implement them in my daily work.
Sep 2023
I liked the practical examples of vulnerabilities, and their exploitation from the real world.
Sep 2023
It's a nice overview of the topic, and provides enough references to follow up where necessary.
Jun 2023
Very easy and understandable explanations of topics. I really enjoyed the course.
Jun 2023
Covered relevant material, current information, good examples, lots of hyperlinks to relevant information.