This course covers the Elective area of the Certified Test Manager (CTM) certification, Certified Software Test Professional certification and the CSTAS certification.

Course Fee: 495 US$ 395 US$
Course Access Period: The 30 days starts on the day you receive the access code.
Presenter: Doug Ashbaugh
Total Course Length: 6 hours 50 min

Concepts:

Application security is a relatively new, yet very exciting field. It is being driven by a number of open source, government, regulatory, and industry organizations, but the need for application security is, sadly enough, the fact that software continues to be developed that isn't secure. Two of the primary factors that software isn't developed securely include:

• Software development teams have not been sufficiently educated in how to identify security vulnerabilities associated with their software development projects
• Often, software development teams falsely believe that if perimeter security controls are in place, then the software they develop will also be secure, or at least will not affect the perimeter security

At one time, both software and network architectures were structured so that as long as perimeter security (i.e. firewalls, intrusion detection and prevention, anti-virus, etc.) was properly implemented and maintained, then flaws in application code could not possibly affect the security of that perimeter. However, the paradigm has shifted with the introduction of web-based applications.

Traditional firewalls must let web-based traffic through the perimeter in order for web-based applications to function. Therefore any attacker who can exploit flaws in the code of a web-application is already within the perimeter! There are additional controls which may be added to secure this perimeter including application and database firewalls, but many organizations have not yet recognized the need for such controls, as headlines continue to point out. When you couple this with the fact that organizations are often slow to adopt new security controls because security is often seen as another expense, it becomes even more imperative for software development teams to understand the vulnerabilities associated with their software development efforts.

To counteract this trend, education is the key. Software development teams, including project managers, technical analysts, business analysts, business managers, developers, quality assurance analysts, and testers must all be aware of the coding vulnerabilities which could plague any software development effort – as well as ways of discovering those vulnerabilities. With more than 3,400 new coding vulnerabilities discovered every six months, this becomes an almost impossible task.

Through techniques such as threat modeling, software development teams can quickly begin to learn how to measure the risks associated with their software development projects. Once potential risks are understood management can at least make informed decisions on how to deal with those risks.

To view the complete outline for this course, click on the button below:


Details on both certifications can be found at on the certification page by clicking on the button below:

Please review the document titled "How Does it Work" which can be viewed by clicking on the button below:

For cost and cities where this course might be offered, check our Public Training Schedule. To bring this course to your test team at your location, contact our Education and Professionals Services Group.

To register for this on-line course click the register button below. If you already have registered and want access the course, click on access course button.