Course curriculum

  • 1

    Domain Introduction

    • Domain Intro

    • Module 1 Objectives

  • 2

    Module 1: SLDC and Security Touchpoints

    • SDLC and Security Touchpoints

    • Software Release, Maintenance and Disposal

  • 3

    Module1: Software Development Methodologies

    • Software Development Models

    • Build and Fix Method

    • Waterfall Model

    • Incremental Model

    • Spiral Model

    • Cleanroom Model

    • Joint Application Development (JAD)

    • Rapid Application Development (RAD)-

    • Agile Software Development

    • Agile- Scrum-

    • Extreme Programming and TDD

  • 4

    Module1: SDLC Other Approaches

    • SDLC Other Approaches-

    • Continuous Integration / Continuous Delivery ( CI/CD)

    • DevOps

    • DevSecOps

    • Integrated Product Team (IPT)

  • 5

    Module 1 : Software Change Management

    • Software Development Change Management

  • 6

    Module 1: Software Development Process Maturity

    • Software Development Maturity Model

  • 7

    M2- Secure Coding Standards and Practices

    • Secure Coding Practices

    • Secure Coding Practices

    • Code Vulnerabilities

    • Citizen Programmers

    • Covert Channel and Trap Door

    • Data Reuse and Garbage Collector

    • Mobile Code and Social Engineering

    • Secure Coding Best Practices

    • D8M2-31 - Software Runtime

    • D8M2-32 - Programming Languages

    • D8M2-33 - Object Oriented Programming

    • D8M2-34 -Distributed Applications and Middleware

    • D8M2-35 -Applciation Programming Interface

    • D8M2-36 -Programming Tools

  • 8

    Security Controls in Development Environment

    • D8M3-37 - Security Controls in Development Environment

    • D8M3-38 -Database Management Systems (DBMS)

    • D8M3-39 -Hierarchical DBMS

    • D8M3-40 - Network DBMS

    • D8M3-41 - Relational DBMS

    • D8M3-42 -Relational DBMS

    • D8M3-43 -NoSQL Database

    • D8M3-44 - DBMS Connectivity

    • D8M3-45 - DBMS Threats

    • D8M3-46 -Securing Knowledge Management Systems

    • D8M3-47 -Web Applciation Security

    • D8M3-48- Injection Vulnerability

    • D8M3-49-Cross Site Scripting Vulnerability

    • D8M3-50 - Broken Access Control Vulnerability

    • D8M3-51- Cross Site Request Forgery (CSRF)

    • D8M3-52- External Entitiy Vulnerability (XXE)

    • D8M3-53- Sensitive Data Exposure Vulnerability

    • D8M3-54 - Other OWASP Vulnerabilities

    • D8M3-55 - Malware Threats and Security

  • 9

    Control Effectiveness in Software Security

    • Effectiveness of Software Security