• Onboard For Tech Teams

    • Reduce initial time to productivity.
    • Increase employee tenure.
    • Plug-and-play into HR onboarding and career pathing programs.
    • Customize for ad-hoc and cohort-based hiring approaches.

    Learn more
  • Upskill For Tech Teams

    • Upgrade and round out developer skills.
    • Tailor to tech stack and specific project.
    • Help teams, business units, centers of excellence and corporate tech universities.

    Learn more
  • Reskill For Tech Teams

    • Offer bootcamps to give employees a running start.
    • Create immersive and cadenced learning journeys with guaranteed results.
    • Supplement limited in-house L&D resources with all-inclusive programs to meet specific business goals.

    Learn more
  • Design For Tech Teams

    • Uplevel your existing tech learning framework.
    • Extend HR efforts to provide growth opportunities within the organization.
    • Prepare your team for an upcoming tech transformation.

    Learn more

Cybersecurity by Design

Get your team started on a custom learning journey today!

Our Boulder, CO-based learning experts are ready to help!

Get A Quote!

Course Summary

Home > Courses >Secure Coding Training >Cybersecurity >Cybersecurity by Design

The Cybersecurity by Design training course reframes the importance of security coding by examining proven design principles that create more secure code. Security should be design-first instead of code-last.

The course begins with a quick review of the common security attacks and strategies to prevent those attacks. Using these concepts as a baseline to illustrate the ineffectiveness of a code-last strategy, the course then moves into a discussion on the importance of reframing security and thinking about security in the context of design. Through the reframing journey, the course introduces Domain-Driven-Design as a useful mechanism to apply a secure-first strategy. Throughout this discussion, the course looks at implementation strategies and techniques and common issues that introduce threats into the codebase. The course concludes with a discussion about security best practices as well as a design workshop customized for the client organization.

Purpose
Learn how security can be designed into, managed and maintained within a development lifecycle.
Audience
Anyone with an interest in building and maintaining secure systems lifecycle. Some development experience preferred.
Role
Software Developer - Technical Manager - Web Developer
Skill Level
Intermediate
Style
Workshops
Duration
5 Days
Related Technologies
Download
imgprinter
  • Productivity Objectives:
    • Explain the main SDLC Models and their principal differences.
    • Apply secure development techniques from the initial design stage and throughout a development lifecycle.
    • Recognize some of the latest vulnerabilities and how to counter/mitigate them.
    • Interpret various testing strategies.
Learn About Virtual Training

Request Information

Get your team upskilled or reskilled today. Chat with one of our experts to create a custom training proposal. Fully customized at no additional cost.

100secure

If you are not completely satisfied with your training class, we'll give you your money back.

secure100 secure100 secure100 secure100

about our training

  • keywordicon1
    Real-World Content

    Project-focused demos and labs using your tool stack and environment, not some canned "training room" lab.

  • keywordicon2
    Expert Practitioners

    Industry experts with 15+ years of industry experience that bring their battle scars into the classroom.

  • keywordicon3
    Experiential Learning

    More coding than lecture, coupled with architectural and design discussions.

  • keywordicon4
    Fully Customized

    One-size-fits-all doesn't apply to training teams. That's where we come in!

What You'll Learn

In the Cybersecurity by Design training course, you'll learn:

  • Common Security Attacks
    • Denial of Service (DoS)
    • SQL Injection
    • Large files
    • XML and HTML issues
    • LDAP injection
    • XPath injection
    • Password storage
  • Is Defensive Programming Enough?
    • Error handling in the Java EE space
    • Type annotation syntax and the Checker Framework
    • Application-layer security
    • Transport-layer security
    • Message-layer security
    • Secure connection using SSL
  • Reframing Secure Coding 
    • What is security?
    • What is design?
    • Common security implementation strategies
    • Reframing security – It’s a design concern and an implementation concern
  • Common Design Approaches
    • UML, OOAD and Design Patterns
    • N-Tier Architectures, Java and Enterprise Architecture Patterns
    • Modern design approaches (microservices, servless, etc.)
    • Domain-Driven-Design
  • Domain-Driven-Design Concepts
    • Discovering the model
    • Building the model
      • Entities
      • Value Objects
      • Aggregates
    • Improving the model
      • Contexts
      • Interactions between contexts
  • Key OO Design Concepts to Promote Security
    • Immutability
    • Contract-based programming
    • Validation
  • Defining Domain Primitives
    • Read-once / read-only
    • Simple design is better than complex design
    • Detecting tainted input
  • Creating Entities
    • Object consistency
    • Constructors and object state
    • Ensuring consistent construction through builders
    • Ensuing consistent construction through Factories
    • Singletons
  • Entity Integrity
    • Well-formed Java objects
    • Getters and setters 
    • Immutable entities
    • Objects in collections
  • Managing State
    • Immutable state
    • Decoupling entity state from the entity
    • Entity snapshots
    • Entity relays
  • Other Security Concerns
    • Scoping
    • Thread safety
    • Classloading
  • Managing Failure
    • Defining exceptions
    • Throwing exceptions
    • Managing exceptions
      • Expected
      • Unexpected
      • Errors
    • Logging
  • Refactoring 
    • Refactoring your cluttered domain
    • Refactoring code
    • Strategies to refactor successfully
    • Ensuring integrity
  • Managing Legacy Code
    • Refactoring legacy code
    • Refactoring interfaces into APIs
    • Refactoring contracts
    • Handing Strings and Uncheck parameter/return types
    • Expanding test coverage
  • Modern Design Trends
    • Securing Microservices
    • Cloud infrastructure
    • Working with 3rd party APIs
  • Best Practices
    • Security and code reviews
    • Penetration tests
    • Incident handling 
  • Secure by Design Workshop – Customized to Client Use Case
Real-world content

Project-focused demos and labs using your tool stack and environment, not some canned "training room" lab.

Expert Practitioners

Industry experts that bring their battle scars into the classroom.

Experiential Learning

More coding than lecture, coupled with architectural and design discussions.

Fully Customized

One-size-fits-all doesn't apply to training teams. That's where we come in!

Elite Instructor Program

We recently launched our internal Elite Instructor Program. The community driven instructor program is designed to support instructors in transforming students’ lives by consistently showing a world-class level of engagement, ability, and teaching prowess. Reach out today to learn more about our instructors.

Customized Technical Learning Solutions to Help Attract and Retain Talented Developers

Get In Touch
Talk to one of our Learning Solution Architects today

Let DI help you design solutions to onboard, upskill or reskill your software development organization. Fully customized. 100% guaranteed.

DevelopIntelligence leads technical and software development learning programs for Fortune 500 companies. We provide learning solutions for hundreds of thousands of engineers for over 250 global brands.

99statisfaction1 Educate learners using experienced practitioners.
pularsight Proven customization process is guaranteed.
budgetnewlogo We're a strategic partner, not just another vendor.

“I appreciated the instructor’s technique of writing live code examples rather than using fixed slide decks to present the material.”

VMware
vmware View more