Log4Shell, SolarWinds Compromise, Heartbleed – cybersecurity breaches have become household names in recent years. These issues are costing organizations billions of dollars in prevention and remediation costs, yet at the same time they are becoming ever more common. Reacting to breaches after the fact is useful, but not enough; such reactions fail to protect users in the first place. Security needs to instead be baked into software before it’s released. Unfortunately, most software developers don’t know how to do this.
To alleviate this issue and improve access to cybersecurity training for everyone from developers to operations teams to end users, the Open Source Security Foundation (OpenSSF) has partnered with Linux Foundation Training & Certification to release a new, free, online training course, Developing Secure Software. Those who complete the course and pass the final exam will earn a certificate of completion valid for two years.
Geared towards software developers, DevOps professionals, software engineers, web application developers, and others interested in learning how to develop secure software, this course focuses on practical steps that can be taken, even with limited resources, to improve information security. The goal is to make it easier to create and maintain systems that are much harder to successfully attack, reduce the damage when attacks are successful, and speed the response so that any latent vulnerabilities can be rapidly repaired.
This course starts by discussing the basics of cybersecurity, such as what risk management really means. It discusses how to consider security as part of the requirements of a system, and what potential security requirements you might consider. It then focuses on how to design software to be secure, including various secure design principles that will help you avoid bad designs and embrace good ones. It also considers how to secure your software supply chain, that is, how to more securely select and acquire reused software (including open source software) to enhance security.
The course also focuses on key implementation issues and practical steps that you can take to counter the most common kinds of attacks. Discussion follows on how to verify software for security, including various static and dynamic analysis approaches, as well as how to apply them (e.g., in a continuous integration pipeline). It also discusses more specialized topics, such as the basics of how to develop a threat model and how to apply various cryptographic capabilities. The course content mirrors that in the Secure Software Development program we offer with edX, but in a single course instead of three.
The self-paced course can be completed in about 14-18 hours and includes quizzes to test the knowledge gained. Upon completion, participants will receive a digital badge verifying that they have been successful in all required coursework and have learned the material. This digital badge can be added to resumes and social media profiles.
Enroll today to start improving your cybersecurity skills and practices!