Skip to content

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.

Cybersecurity by Design

Course Summary

The Cybersecurity by Design training course reframes the importance of security coding by examining proven design principles that create more secure code. Security should be design-first instead of code-last.

The course begins with a quick review of the common security attacks and strategies to prevent those attacks. Using these concepts as a baseline to illustrate the ineffectiveness of a code-last strategy, the course then moves into a discussion on the importance of reframing security and thinking about security in the context of design. Through the reframing journey, the course introduces Domain-Driven-Design as a useful mechanism to apply a secure-first strategy. Throughout this discussion, the course looks at implementation strategies and techniques and common issues that introduce threats into the codebase. The course concludes with a discussion about security best practices as well as a design workshop customized for the client organization.

Purpose
 Learn how security can be designed into, managed and maintained within a development lifecycle.
Audience
 Anyone with an interest in building and maintaining secure systems lifecycle. Some development experience preferred.
Role
Software Developer - Technical Manager - Web Developer
Skill Level
Intermediate
Style
Workshops
Duration
5 Days
Related Technologies
Software Engineering Training | Design Patterns

 

Productivity Objectives
  • Explain the main SDLC Models and their principal differences.
  • Apply secure development techniques from the initial design stage and throughout a development lifecycle.
  • Recognize some of the latest vulnerabilities and how to counter/mitigate them.
  • Interpret various testing strategies.

What You'll Learn:

In the Cybersecurity by Design training course, you'll learn:
  • Common Security Attacks
    • Denial of Service (DoS)
    • SQL Injection
    • Large files
    • XML and HTML issues
    • LDAP injection
    • XPath injection
    • Password storage
  • Is Defensive Programming Enough?
    • Error handling in the Java EE space
    • Type annotation syntax and the Checker Framework
    • Application-layer security
    • Transport-layer security
    • Message-layer security
    • Secure connection using SSL
  • Reframing Secure Coding
    • What is security?
    • What is design?
    • Common security implementation strategies
    • Reframing security - It's a design concern and an implementation concern
  • Common Design Approaches
    • UML, OOAD and Design Patterns
    • N-Tier Architectures, Java and Enterprise Architecture Patterns
    • Modern design approaches (microservices, servless, etc.)
    • Domain-Driven-Design
  • Domain-Driven-Design Concepts
    • Discovering the model
    • Building the model
      • Entities
      • Value Objects
      • Aggregates
    • Improving the model
      • Contexts
      • Interactions between contexts
  • Key OO Design Concepts to Promote Security
    • Immutability
    • Contract-based programming
    • Validation
  • Defining Domain Primitives
    • Read-once / read-only
    • Simple design is better than complex design
    • Detecting tainted input
  • Creating Entities
    • Object consistency
    • Constructors and object state
    • Ensuring consistent construction through builders
    • Ensuing consistent construction through Factories
    • Singletons
  • Entity Integrity
    • Well-formed Java objects
    • Getters and setters
    • Immutable entities
    • Objects in collections
  • Managing State
    • Immutable state
    • Decoupling entity state from the entity
    • Entity snapshots
    • Entity relays
  • Other Security Concerns
    • Scoping
    • Thread safety
    • Classloading
  • Managing Failure
    • Defining exceptions
    • Throwing exceptions
    • Managing exceptions
      • Expected
      • Unexpected
      • Errors
    • Logging
  • Refactoring
    • Refactoring your cluttered domain
    • Refactoring code
    • Strategies to refactor successfully
    • Ensuring integrity
  • Managing Legacy Code
    • Refactoring legacy code
    • Refactoring interfaces into APIs
    • Refactoring contracts
    • Handing Strings and Uncheck parameter/return types
    • Expanding test coverage
  • Modern Design Trends
    • Securing Microservices
    • Cloud infrastructure
    • Working with 3rd party APIs
  • Best Practices
    • Security and code reviews
    • Penetration tests
    • Incident handling
  • Secure by Design Workshop - Customized to Client Use Case
real world content

Real-World Content

Project-focused demos and labs using your tool stack and environment, not some canned "training room" lab.
expert practitioners

Expert Practitioners

Industry experts that bring their battle scars into the classroom.
experiential learning

Experiential Learning

More coding than lecture, coupled with architectural and design discussions.
tailored outlines

Tailored Outlines

One-size-fits-all doesn't apply to training teams. That's where we come in!
“I appreciated the instructor's technique of writing live code examples rather than using fixed slide decks to present the material.”

VMware

Dive in and learn more

When transforming your workforce, it's important to have expert advice and tailored solutions. We can help. Tell us your unique needs and we'll explore ways to address them.

Let's chat

By filling out this form and clicking submit, you acknowledge our privacy policy.