Training > Cybersecurity > Developing Secure Software (LFD121)
Training Course

Developing Secure Software (LFD121)

Learn the security basics to develop software that is hardened against attacks, and understand how you can reduce the damage and speed the response when a vulnerability is exploited. Thanks to the involvement of OpenSSF, a cross-industry collaboration that brings together leaders to improve the security of open source software by building a broader community, targeted initiatives, and best practices, this course provides specific tips on how to use and develop open source and other software securely.

Course Rating
4.5/5 Stars
Who Is It For

Geared towards software developers, DevOps professionals, software engineers, web application developers, and others interested in learning how to develop secure software, this course focuses on practical steps that can be taken, even with limited resources, to improve information security.
read less read more
What You’ll Learn

Modern software is under constant attack, but many software developers have never been told how to effectively counter those attacks. This course works to solve that problem, by explaining the fundamentals of developing secure software. This course starts by discussing the basics of cybersecurity, such as what risk management really means. It discusses how to consider security as part of the requirements of a system, and what potential security requirements you might consider. This first part of the course then focuses on how to design software to be secure, including various secure design principles that will help you avoid bad designs and embrace good ones. It also considers how to secure your software supply chain, that is, how to more securely select and acquire reused software (including open source software) to enhance security. The second part of this course focuses on key implementation issues: input validation (such as why allowlists should be used and not denylists), processing data securely, calling out to other programs, sending output, and error handling. It focuses on practical steps that you (as a developer) can take to counter the most common kinds of attacks. The third part of the course discusses how to verify software for security. In particular, it discusses the various static and dynamic analysis approaches, as well as how to apply them (e.g., in a continuous integration pipeline). It also discusses more specialized topics, such as the basics of how to develop a threat model and how to apply various cryptographic capabilities.
read less read more
What It Prepares You For

This course will enable software developers to create and maintain systems that are much harder to successfully attack, reduce the damage when attacks are successful, and speed the response so that any latent vulnerabilities can be rapidly repaired.
read less read more
Course Outline
1. Introduction
2. Part 1: Requirements, Design and Reuse - Overview
3. Security Basics
4. Secure Design Principles
5. Reusing External Software
6. Part 2: Implementation - Overview
7. Input Validation
8. Processing Data Securely
9. Calling Other Programs
10. Sending Output
11. Part 3: Verification and More Specialized Topics
12. Verification
13. Threat Modeling
14. Cryptography
15. Other Topics
16. Final Exam

Prerequisites
We presume that the student already knows how to develop software to some degree.
Reviews
Sep 2022
I like that it is an introductory level course, but it does actually teach much about a wide variety of subjects regarding security and privacy.
Sep 2022
Broad coverage of principles and techniques, some of which I had not previously come across.
Sep 2022
The content was very precise and complete. A mix of technical and high-level knowledge.
Sep 2022
This course contains very well-documented concepts. I am happy to have learned many concepts thanks to this course, and its all free. This is important according to me, because not many people can afford paid courses and exams. Well done!
Aug 2022
Opened my eyes to the huge area of software security in a very accessible way. The course explained complex concepts such as cryptography in easy-to-understand terms. Ultimately, the course will help me be more conscious of security concerns throughout SDLC.
Jul 2022
Very detailed, with a lot of topics covered in an easy-to-understand form. Even for someone already familiar with the domain, there were many new things I haven't come across yet.
Jun 2022
I'm not a developer, but I work with a team, so this was helpful for me to understand a lot of what they are doing/discussing. It was written at a high enough level, so I could mostly keep up with the points.
Jun 2022
The structure of this course is great. I was able to connect the topics with each other, while gaining confidence in how to secure the code.