» Home » About Us » Services » Training » News » Resources » Podcast » Blog
Cigital Home > Training

Training

Software security doesn't mean security software.

The training you need for everyone who contributes to your secure software development lifecycle.

Improving software security means applying a number of best practices throughout the software development lifecycle. Such best practices (or touchpoints) allow software professionals to build applications that behave appropriately even when attacked. Integrating these best practices into a secure SDLC requires knowing and understanding non-functional security requirements, common attacks, secure design, and defensive programming, and also subjecting all software artifacts to thorough, objective threat modeling, risk analyses, and security testing.

Most companies have only begun to apply real solutions, often because the problem simply seems too large to manage. Applying the security touchpoints reinforced throughout our software security training courses is a solid start toward producing secure software.

As shown in the diagram below, our training covers topics such as software security fundamentals, security requirements, architectural risk analysis, defensive programming, secure code review, static analysis tools, risk-based testing strategy, and SOA, Web Services, and XML security. These topics provide technical training for every role in a secure SDLC. Software security training is available for on-site delivery and some courses are offered as eLearning modules for computer-based training (CBT). We can also combine courses to create multi-day curriculums. See the complete listing of the Cigital Security Training Series.

Course applicability by role graphic - Foundations of Software Security and Core Principals, Detailed Principals and For Executives; Attack and Defense; Architecture and Risk Analysis; Software Security Requirements; SOA, Web Services and XML Security; Defensive Programming (C/C++/C#/VB.NET/Java EE); Risk-Based Testing Strategy; Secure Code Review and Static Analysis, Fortify Add-Ons

Cigital can also work with you to customize a proficiency maturity program for all secure SDLC stakeholders. By determining the current state of software security knowledge within your organization and defining career tracks for each major role, organizations can quickly improve their overall ability to produce secure software. The diagram below gives an example of such a program.

Proficiency Maturity graphic - Organized by: Software Developers, Architects & Designers, Development & Project Managers, Business Analysts & Product Managers, Security Auditors & Compliance Assessors, Testers & QA Planners

Cigital can customize a course to meet your specific needs; call us at 800-824-0022 or e-mail us discuss a tailored solution. To see the greatest improvement toward a secure SDLC, software security training may be needed for each of the following roles within software development and quality assurance organizations.



Training
> Overview
> Security Series
> Courses
> Security Touchpoints
Your Account
Login to your account to download white papers and more, or

Create an account if you don't have one!

Copyright ©1995-2008, Cigital, Inc.

Contact Us
Free White Paper

Training: the secret to ongoing compliance
Hundreds of thousands of companies around the world have collectively spent billions of dollars in response to the security- and privacy-related compliance mandates of the past 10 years. So, why are data breaches and other security failures still a common occurrence?