Cybersecurity Best Practices Course

Course Summary

The Cybersecurity Best Practices course is designed to provide teams with a set of established, proven processes to ensure adherence to security guidelines. In addition, this course will explain how to establish security standards in your organization.

The course begins with a discussion of security and why it’s so hard to implement across organizations. The course then compares code reviews with penetration testing, providing guidelines around the use of both techniques. Finally, the course ends with an overview of DevSecOps, focusing on how to weave security practices into your DevOps culture.

This course is designed for anyone in the Engineering organization who is interested in becoming more security-minded in order to establish new guidelines.

Purpose

Learn the best practices for establishing security standards in your organization.

Audience

Members of an engineering organization interested in learning more about security.

Role

Business Analyst - Data Engineer - Software Developer - System Administrator - Technical Manager - Web Developer

Skill Level

Introduction

Style

Workshops

Duration

1 Day

Related Technologies

CI/CD

Software Engineering Training

Testing

Download

Productivity Objectives:

Describe the most common security threats an organization will face
Establish guidelines for effective code reviews and explain the value of combining code. reviews with penetration testing
Explain how security can be integrated into the automated testing process

Learn About Virtual Training

Request Information

Get your team upskilled or reskilled today. Chat with one of our experts to create a custom training proposal. Fully customized at no additional cost.

If you are not completely satisfied with your training class, we'll give you your money back.

about our training

Real-World Content

Project-focused demos and labs using your tool stack and environment, not some canned "training room" lab.
Expert Practitioners

Industry experts with 15+ years of industry experience that bring their battle scars into the classroom.
Experiential Learning

More coding than lecture, coupled with architectural and design discussions.
Fully Customized

One-size-fits-all doesn't apply to training teams. That's where we come in!

What You'll Learn

In the Cybersecurity Best Practices training course, you'll learn:

What is software security and why is it so hard to get right?
Security vs Privacy Implications in Software Design
Common Threats and Mitigations
- Threats Against Web Applications
- Vulnerabilities in 3rd Party Dependencies of Your Application
- OWASP Top 10
- Application Security Verification Standard (ASVS)
User Acceptance Criteria and Automated Testing
Security as a Software Requirement
- User stories with security constraints
- Abuser stories
Code Review vs Penetration Testing
- Code review should be performed throughout the development process and is an “open book” style review of security concerns
  - Best tool for driving security success in a development team
- Penetration testing often happens late in the process and mimics an adversarial attack as a type of “closed box” testing
  - May be necessary for compliance
Aspects of a Good Code Review
Using the OWASP ASVS to Uncover Common Security Issues During a Code Review
DevSecOps
Test Driven Development as Security
- Best way to ensure sufficient automated test coverage necessary to have high confidence that a software system continues to function properly in face of change
- Best way to ensure that your production can be patched quickly when a vulnerability is discovered in your code or a 3rd party dependency upon which your code is built
- Types of Tests
Continuous Integration/Continuous Deployment
- Nightly security scans with SAST where failures are treated as a failing test.
Cloud Security
- Overly permissive access to cloud resources
- Unprotected S3 Buckets
- Unprotected Database Resources