Software Security Training for Developer

Consider security already during development

Protecting data and safeguarding software products against external attacks is becoming increasingly important – and complex. Only the systematic development of competences among developers can guarantee the security of software applications in the future. 

In this training, you will learn all the necessary fundamentals to secure your software. To this end, you will train basic knowledge and skills and learn how to apply current security methods and suitable tools successfully. The learning content addresses the entire software development process and is supplemented by regular exercises. Thus, you can apply your newly acquired knowledge directly in your daily development work. With an optional oral exam at the end of the course, you can demonstrate your learning success and receive an additional award on your certificate of attendance.   

Since the typical vulnerabilities and the guidelines for secure software development differ depending on the programming language, we offer the training courses in different programming languages. For our inhouse trainings, we coordinate the programming language to be used with you in advance.

Your benefits

  • You can consider the topic of security already while developing your software products.
  • You can define security requirements for your product and independently carry out a threat and risk analysis.
  • You learn to take the perspective of an attacker to identify possible vulnerabilities.
  • You can apply the principles of Security by Design and Defensive Coding.
  • You know the vulnerabilities typical for their programming language as well as suitable guidelines for developing secure code.
  • You know about free security tools and how to use them, e.g., to automatically check their code for vulnerabilities.

 

Content

Module 1: Introduction

  • Raising awareness of the topic of security using practical examples
  • Definition, delimitation and trends
  • Relevant security laws and standards

Module 2: Defining requirements, analyzing risks

  • Definition of security requirements
  • Security as a topic in the agile development process
  • Risk analysis: identification, classification, and treatment of risks

Module 3: Learning & applying methods

  • Principles of Security by Design
  • Secure coding guidelines for developers
  • Typical weaknesses in the implementation
  • Targeted use of free security tools

The training gives answers to your open questions:

  • What are typical entry points for attackers? 
  • How can I take security into account already during development?
  • How do I check whether my developed software is secure? 

Target group

Software developers

Prior knowledge of security is not required.

Optional exam

After this training, you can optionally take an oral exam (30 min.), which we will explicitly mention on your participation certificate if you pass. By taking the final test, you document your competence development and increase your chances of professional success.

Your Trainer

Academy Trainer Sebastian Leuer
© Fraunhofer IEM

Sebastian Leuer

Sebastian Leuer is a research associate in the "Secure Services and Apps" department at Fraunhofer IEM. His expertise includes static code analysis and secure development in C# and .NET. He is a Certified Scientific Trainer (Foundational Level).

LinkedIn profile

Sven Merschjohann

Sven Merschjohann is a research associate in the "Secure IoT Systems" department at Fraunhofer IEM. He is a Certified Scientific Trainer (Foundational Level) and an expert in secure software development (Security by Design), especially for the early development phases.

LinkedIn profile

Academy Trainer Sven Merschjohann
© Fraunhofer IEM

Inhouse Training

Tailored qualification – on site or online

You would like to train a group of employees in your organization? Together, we tailor the training to your needs to significantly increase the learning effect. We offer you the opportunity to make individual requirements and adapt the content to your company. The training is carried out at the location and on the date of your choice.