SECURE CODINGSECURITY BY DESIGN + PRIVACY BY DEFAULT

Secure Coding - Workshops mit dem Ziel Security by Design zu implementieren

Secu­re Coding is part of the “Secu­ri­ty by Design” and “Pri­va­cy by Design and Default” stra­tegy and a neces­sa­ry pre­re­qui­si­te for the deve­lo­p­ment of secu­re soft­ware. Secu­re coding should alre­a­dy be taken into account accor­din­gly in the plan­ning pha­se of new pro­ducts with soft­ware com­pon­ents. In prac­ti­ce, unfort­u­na­te­ly, secu­ri­ty-cri­ti­cal errors are far too often only dis­co­ver­ed in the cour­se of pene­tra­ti­on tests or through suc­cessful hack­ing attacks. The eli­mi­na­ti­on of the­se errors, most of which could have been avo­ided, usual­ly cau­ses hig­her cos­ts than secu­re coding.

In an indi­vi­du­al cus­to­mer work­shop, we pro­vi­de a com­pre­hen­si­ve over­view of the topic of “Secu­re Coding”. Start­ing with the requi­re­ments or the ela­bo­ra­ti­on of Secu­re Coding stan­dards up to the actu­al appli­ca­ti­on in dai­ly prac­ti­ce. Using num­e­rous prac­ti­cal examp­les, we teach the deve­lo­p­ment team the cor­rect pro­ce­du­re and the team can app­ly the know­ledge they have gai­ned to their own projects.

Work­shop Content

  • Basics of Secu­re Coding
  • Typi­cal appli­ca­ti­on vul­nerabi­li­ties and cau­ses, e.g.
    • miss­ing input validation
    • Use of unin­itia­li­zed data structures
    • Exe­cu­ti­on of functions
  • Risk assess­ment
  • Over­view of stan­dards and orga­niza­ti­ons, e.g. OWASP
  • Deve­lo­p­ment of secu­re coding stan­dards for own projects
  • Prac­ti­cal examp­les and pit­falls based on con­cre­te examp­les in dif­fe­rent pro­gramming languages
  • Good prac­ti­ce and suc­cess factors
  • Importance of pene­tra­ti­on tests and code reviews

Goal

You will learn about the chal­lenges and suc­cess fac­tors of secu­re coding and will be able to assess typi­cal vul­nerabi­li­ties and miti­ga­te their risks through appro­pria­te pro­gramming. You know the importance of secu­re coding stan­dards and are able to deve­lop and app­ly them.

Opti­mal mixed tar­get group

  • Pro­ject manager
  • Deve­lo­p­ment managers
  • Soft­ware architects
  • Soft­ware developers
  • Tes­ters
  • Test mana­ger
  • Qua­li­ty manager

YOUR ADVANTAGES

  • Secu­re design of pro­ducts and software

 

  • Imple­men­ta­ti­on of “Secu­ri­ty by Design”, “Pri­va­cy by Design” and “Pri­va­cy by Default”.

 

  • Sen­si­tiza­ti­on of deve­lo­p­ment teams for data pro­tec­tion and IT security

 

  • Lear­ning of secu­ri­ty stan­dards and secu­re coding best practices

 

  • Cost savings through effec­ti­ve and effi­ci­ent design in the plan­ning phase

 

Ques­ti­ons about Secu­re Coding? Would you like to talk to an expert?