Log4Shell,
SolarWinds Compromise, Heartbleed - cybersecurity breaches have become
household names in recent years. These issues are costing organizations
billions of dollars in prevention and remediation costs, yet at the same time
they are becoming ever more common. Reacting to breaches after the fact is
useful, but not enough; such reactions fail to protect users in the first
place. Security needs to instead be baked into software before it's released.
Unfortunately, most software developers don't know how to do this.
To
alleviate this issue and improve access to cybersecurity training for everyone
from developers to operations teams to end users, the Open Source Security
Foundation (OpenSSF) has partnered with Linux Foundation Training &
Certification to release a new, free, online training course, Developing
Secure Software. Those who complete the
course and pass the final exam will earn a certificate of completion valid for
two years.
Geared
towards software developers, DevOps professionals, software engineers, web
application developers, and others interested in learning how to develop secure
software, this course focuses on practical steps that can be taken, even with
limited resources, to improve information security. The goal is to make it
easier to create and maintain systems that are much harder to successfully
attack, reduce the damage when attacks are successful, and speed the response
so that any latent vulnerabilities can be rapidly repaired.
This
course starts by discussing the basics of cybersecurity, such as what risk
management really means. It discusses how to consider security as part of the
requirements of a system, and what potential security requirements you might
consider. It then focuses on how to design software to be secure, including
various secure design principles that will help you avoid bad designs and
embrace good ones. It also considers how to secure your software supply chain,
that is, how to more securely select and acquire reused software (including
open source software) to enhance security.
The
course also focuses on key implementation issues and practical steps that you
can take to counter the most common kinds of attacks. Discussion follows on how
to verify software for security, including various static and dynamic analysis
approaches, as well as how to apply them (e.g., in a continuous integration
pipeline). It also discusses more specialized topics, such as the basics of how
to develop a threat model and how to apply various cryptographic capabilities.
The course content mirrors that in the Secure Software Development program we
offer with edX, but in a single course instead of three.
The
self-paced course can be completed in about 14-18 hours and includes quizzes to
test the knowledge gained. Upon completion, participants will receive a digital
badge verifying that they have been successful in all required coursework and
have learned the material. This digital badge can be added to resumes and social
media profiles.
Enroll
today
to start improving your cybersecurity skills and practices!