Старт курса:
03 March 2020
Пн, Ср, Пт с 18:30-20:30
30 Hours
2 часа/ 3 раза в неделю
Осталось мест:
Secure Software Development
Начало через:
д ч м с
This course has been created for software engineers who want to improve their skills in security software development. The course introduces Security Development Lifecycle (SDL) paradigm by Microsoft and covers the following practices: defining security requirements, reducing attack surface, threat modeling, secure coding and cryptography standards, static and dynamic code analysis, and various types of security testing to identify security vulnerabilities and risks and then provide mitigations.

After completion of the course, you will know:

  • SDL paradigm and practices
  • Typical software vulnerabilities and mitigation / defensive techniques

After completion of the course, you will be able to:

  • Apply SDL practices to the software engineering process
  • Discover vulnerabilities in a source and binary code
о курсе
Программа курса
  • Security Development Lifecycle (SDL)
    1. Security Requirements (NFR)
    2. Attack Surface
    3. Security risk of using third-party components. Supply-chain attacks
    4. Incident Response Plan
  • Threat Modeling
    1. STRIDE
    2. OCTAVE
  • Secure Programming
    1. Users and privileges
    2. Environment variables
    3. Files and processes
    4. Session management
    5. Security checks by a compiler
    6. Buffer overflow example
    7. Numeric overflow example
    8. Racing conditions example
    9. Dynamic loading attacks.
    10. DLL side-loading exploitation of Google Updater
    11. Input Injections
    12. Authentication and Authorization
    13. Logging and monitoring
  • Cryptography
    1. Randomness
    2. Hashing
    3. Key management
    4. Standards
  • Software Security Testing
  • Static and dynamic code analysis
    1. Symbolic execution
    2. Memory debugging and analysis
    3. Detecting memory errors
  • Fuzzing
  • Web App Security (OWASP Top 10)
    1. Injection
    2. Broken Authentication
    3. Sensitive Data Exposure
    4. XML External Entities (XXE)
    5. Broken Access Control
    6. Security Misconfiguration
    7. Cross-Site Scripting (XSS)
    8. Insecure Deserialization
    9. Using Components with Known Vulnerabilities
    10. Insufficient Logging & Monitoring
  • App Sustainability
    1. Attacks on security software
    2. Software self-defense techniques
  • Penetration testing
Alexander Adamov
Alexander Adamov - Ph.D., the head of research laboratory called NioGuard Security Lab (https://www.nioguard.com/) with 15-year experience in the analysis of cyberattacks. He teaches cyber security at Kharkiv National University of Radio Electronics in Ukraine and Blekinge Institute of Technology in Sweden and conducts scientific activities in the areas of malware analysis and development of methods for cyber threats detection using AI and ML. He is a co-author of the EU Master's Program in Cyber Security within ENGENSEC project. In cooperation with OSCE, he has given the training in Reverse Engineering of Cyberattacks to the Cyberpolice of Ukraine. Alexander has spoken at various security conferences and workshops such as International Virus Bulletin Conference, Virus Analyst Summit, OpenStack Summit, OWASP, HackIT, UISGCON, and BSides.