Security Software: Secure Implementation Practices

The workshop imparts practical knowledge on secure software development (‘secure coding’) and raises awareness of typical attack vectors, sources of error and vulnerabilities in the development process. Participants learn how to effectively implement security requirements, identify and avoid risks, and embed security in architecture and code. The format combines knowledge transfer, discussion, code examples and practical exercises.

Contents:

• Introduction to basic principles of software security (CIA triad, secure development lifecycle, shift left, security by design)
• Typical vulnerabilities in software projects (e.g. OWASP Top 10, memory safety, input validation, authentication/authorisation, logging)
• Analysis of real-life case studies from the customer environment or from known CVEs
•  Practical exercises on:
  • Detecting and fixing insecure code
  • Dealing with external libraries and dependencies
  • Securing interfaces (API security basics)
• Presentation of relevant standards and guidelines (e.g. IEC 81001-5-1, ISO/SAE 21434, IEC 62443-4-1, OWASP ASVS)
• Recommendations on tools and methods (static code analysis, dependency checking, threat modelling)
• Final discussion: lessons learned, derivation of improvement measures in the development process

Benefits

• Increased security expertise among developers and architects
• Reduction of security-related vulnerabilities early on in the development process
• Establishment of a common understanding of security responsibilities within the team
• Direct contribution to the fulfilment of regulatory requirements (e.g. CRA, ISO/SAE 21434, IEC 62443)
• Strengthening the security culture within the company

Target group:

• Software engineers (embedded, backend, frontend)
• Software and system architects
• Technical leads and security champions

Previous Knowledge:
Basic knowledge of software development (C/C++, Python, Java or similar)

Duration
1 day