CSEC214
Secure Software Development
Faculty Profiles
Alexey Kuznetsov
Head of Penetration Testing services at BI.ZONE
Vladislav Lazarev
Head of Penetration Testing at BI.ZONE, CISSP
Course length
Duration
Total hours
Credits
Language
Course type
Fee for single course
Fee for degree students
Skills you’ll learn
Overview
In today’s world, where development becomes faster, and companies are rushing their products to the market, it is crucial to apply security practices as early as possible. Software developers must understand security concepts, and cybersecurity engineers should adjust their practices to agile environments. The course covers the modern approach to secure coding from both the development and security point of view.
Learning highlights
- Understand Modern Software Development Concepts
- Become Familiar With Security Vulnerabilities, and Ways To Mitigate Them
- Apply Security Principles to Software Development and to Fix Vulnerabilities in the code
Course outline
15 classes
Session 1
A modern approach to application development in practice
Session 2
Basic Security Principles:
- Least privilege
- Separation of privilege
- Security through obscurity
- AAA
Session 3
Approaches to threat modelling (STRIDE, DREAD, etc.)
Basics of risk management
Session 4
Authentication, Authorization, Accounting Session management, password storage JWT, OAUTH
Session 5
OWASP Top 10
Injection problem
Database security
Session 6
Input validation (OS command injections), Race conditions, TOC/TOU
Session 7
Working with files and storages
Directory traversal
Managing external sources
Session 8
Binary vulnerabilities
Buffer overflow, integer overflow, canaries
Session 9
Client-side security
Cookies, XSS, CSRF, SOP, CSP, CORS
Session 10
Microservice architecture security Inter-service authentication
Session 11
Platform security
Web Server Configuration
User management
Session 12
Network security
Service Management
Network Configuration
3rd party services usage
Session 13
Cloud Security
AWS, GCE, k8s
Session 14
Integrating security controls into CI/CD
Dependency checks, SAST and DAST
Session 15
Exam
Course materials
Books
Prerequisites
Good programming skills in one of the object-oriented or functional programming languages
Basic DevOps understanding
Good knowledge of command-line scripting
Basic knowledge of OS
Methodology
Lectures and labs:
14 hours of lectures
28 hours of labs
3 hours of the final exam (practical exam)
Homework after every session
Grading
Alexey has more than 6 years of work experience in projects related to Cybersecurity. Currently he is the Head of Penetration testing team in BiZone, subsidiary of Sberbank (the largest Russian bank). His responsibilities involve planning, conducting and reporting penetration testing, as well as security assessment. During his career he designed and developed a wide range of software security systems and conducted some research in the area of hardware virtualization. He is also experienced in mobile application security analysis, web application security auditing. Furthermore, he is interested in IoT information security (connected cars, smart houses, smart city systems) and won a couple of competitions in this area.
Alexey actively participates in CTF competitions. He is also one of the organizers of CTF.Zone contest.
See full profileVladislav have more than six years experience in both defensive and offensive information security with a solid background in information security-related software development. He took part in more than 50 penetration testing, red team and vulnerability assessment projects as a penetration tester and a team lead. Vladislav graduated from the National Research Nuclear University MEPhI (Moscow Engineering and Physics Institute) with a degree in information security. Currently he is a Head of Penetration testing in BiZone.
See full profileApply for this course
Secure Software Development
by Alexey Kuznetsov, Vladislav Lazarev
Total hours
45 Hours
Dates
Aug 02 - Aug 20, 2021
Fee for single course
€1500
Fee for degree students
€750
How to secure your spot
Complete the form below to kickstart your application
Schedule your Harbour.Space interview
If successful, get ready to join us on campus
FAQ
Will I receive a certificate after completion?
Yes. Upon completion of the course, you will receive a certificate signed by the director of the program your course belonged to.
Do I need a visa?
This depends on your case. Please check with the Spanish or Thai consulate in your country of residence about visa requirements. We will do our part to provide you with the necessary documents, such as the Certificate of Enrollment.
Can I get a discount?
Yes. The easiest way to enroll in a course at a discounted price is to register for multiple courses. Registering for multiple courses will reduce the cost per individual course. Please ask the Admissions Office for more information about the other kinds of discounts we offer and what you can do to receive one.