Skip to content

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.

Cybersecurity Best Practices

Course Summary

The Cybersecurity Best Practices course is designed to provide teams with a set of established, proven processes to ensure adherence to security guidelines. In addition, this course will explain how to establish security standards in your organization.

The course begins with a discussion of security and why it's so hard to implement across organizations. The course then compares code reviews with penetration testing, providing guidelines around the use of both techniques. Finally, the course ends with an overview of DevSecOps, focusing on how to weave security practices into your DevOps culture.

This course is designed for anyone in the Engineering organization who is interested in becoming more security-minded in order to establish new guidelines.

Purpose
 Learn the best practices for establishing security standards in your organization.
Audience
 Members of an engineering organization interested in learning more about security.
Role
Business Analyst - Data Engineer - Software Developer - System Administrator - Technical Manager - Web Developer
Skill Level
Introduction
Style
Workshops
Duration
1 Day
Related Technologies
CI/CD | Software Engineering Training | Testing

 

Productivity Objectives
  • Describe the most common security threats an organization will face
  • Establish guidelines for effective code reviews and explain the value of combining code. reviews with penetration testing
  • Explain how security can be integrated into the automated testing process

What You'll Learn:

In the Cybersecurity Best Practices training course, you'll learn:
  • What is software security and why is it so hard to get right?
  • Security vs Privacy Implications in Software Design
  • Common Threats and Mitigations
    • Threats Against Web Applications
    • Vulnerabilities in 3rd Party Dependencies of Your Application
    • OWASP Top 10
    • Application Security Verification Standard (ASVS)
  • User Acceptance Criteria and Automated Testing
  • Security as a Software Requirement
    • User stories with security constraints
    • Abuser stories
  • Code Review vs Penetration Testing
    • Code review should be performed throughout the development process and is an "open book" style review of security concerns
      • Best tool for driving security success in a development team
    • Penetration testing often happens late in the process and mimics an adversarial attack as a type of "closed box" testing
      • May be necessary for compliance
  • Aspects of a Good Code Review
  • Using the OWASP ASVS to Uncover Common Security Issues During a Code Review
  • DevSecOps
  • Test Driven Development as Security
    • Best way to ensure sufficient automated test coverage necessary to have high confidence that a software system continues to function properly in face of change
    • Best way to ensure that your production can be patched quickly when a vulnerability is discovered in your code or a 3rd party dependency upon which your code is built
    • Types of Tests
  • Continuous Integration/Continuous Deployment
    • Nightly security scans with SAST where failures are treated as a failing test.
  • Cloud Security
    • Overly permissive access to cloud resources
    • Unprotected S3 Buckets
    • Unprotected Database Resources
real world content

Real-World Content

Project-focused demos and labs using your tool stack and environment, not some canned "training room" lab.
expert practitioners

Expert Practitioners

Industry experts that bring their battle scars into the classroom.
experiential learning

Experiential Learning

More coding than lecture, coupled with architectural and design discussions.
tailored outlines

Tailored Outlines

One-size-fits-all doesn't apply to training teams. That's where we come in!
“I appreciated the instructor's technique of writing live code examples rather than using fixed slide decks to present the material.”

VMware

Dive in and learn more

When transforming your workforce, it's important to have expert advice and tailored solutions. We can help. Tell us your unique needs and we'll explore ways to address them.

Let's chat

By filling out this form and clicking submit, you acknowledge our privacy policy.