Key Roles include
When determining what the software should do, it is important to also know what it should not do. User stories from agile programming rarely capture this, because users tend to focus on the problem and not how the system could be misused. A requirements analyst needs to understand threat models and how attackers find and exploit vulnerabilities. They also need to know how to write requirements that aid secure development and testing and the principles of secure system design. Knowing how to think like an attacker is an asset. These people are sometimes called functional analysts.
Software architecture can make it easy or hard to have a secure system. Architects need to understand threat models, how attackers find and exploit vulnerabilities, and the fundamental principles of secure system design. Depending on the level of detail, they also need to understand how API design can affect system security. Further, they also need to know the common security mistakes developers make and high-level techniques for avoiding them. These people are sometimes called solutions architects, and sometimes include lead developers.
Developers need to understand the threat model for their system. They also need to have at least a high-level understanding of the fundamental principles of secure system design. They need to know the common security mistakes developers make and techniques for avoiding them. They need to understand at least the basics of security testing in order to perform their own testing. Finally, they need to understand the specific idioms associated with vulnerabilities associated with the language in which they are programming.
Testers (QA people) need to understand the threat model for their system. They also need to know how attackers find and exploit vulnerabilities, and thinking like an attacker is effectively a requirement.
In production, system and network administrators are critical for providing a secure environment in which the software system runs, ensuring it stays secure, and dealing with recovery from successful attacks. They need to understand threat models, how attackers find and exploit vulnerabilities, and how the operating system and network infrastructure can help protect applications. *Details for these roles are covered in a separate white paper.
These people need to understand threat models, how attackers find and exploit vulnerabilities, the issues around measuring security, laws and regulations relating to security, risk analysis, and techniques that work in other companies to help produce more secure systems.
Threat Models and attackers
This class introduces security for all people in the SDLC. It starts with a short discussion of the meaning of security in software systems and security in the SDLC and then covers threat models, what they contain, the business effects of an exploit, and a high-level discussion of risk analysis. It also covers how attackers find and exploit vulnerabilities and classes of vulnerabilities. The class also provides examples of what attackers can do when they exploit various vulnerabilities. All examples are real vulnerabilities that have occurred or are based on real vulnerabilities. Students in this class will develop a threat model and explore vulnerability classes including performing a few simple exploits to see how easy they are.
Secure system requirements and architecture
This class covers developing requirements for secure systems and the architecture decisions that affect the resulting system security. The class also covers modeling systems to obtain security predictions and the design principles for secure systems. Examples in the class are drawn from several major systems existing today. In class, students will develop a set of requirements for a system and then develop the high-level architecture for it.
Designing and building secure systems
This language-neutral class for developers discusses principles for secure systems design, input validation techniques, error messages for users, using tools such as static and dynamic analysis, and logging for security and forensics. Students discuss and develop secure object-level architectures and APIs for portions of large software systems.
Language-specific (Java, C/C++, C#) avoiding top security programming errors
These classes cover the top 25 security errors programmers make, what attackers can do with these errors, examples of code with the errors, as well as how to avoid and test for them. Students will write code, fix code, and perform simple tests to check code for these vulnerabilities.
Introduction to security testing
This class introduces students to techniques for security testing of software systems. They learn about techniques such as static and dynamic analysis, fuzz testing, and black-and white-box testing. They learn some of the major vulnerability classes and the basics of how to test for them. Students test real and simulated systems to reinforce the concepts.
Penetration testing (ethical hacking)
This class takes up where the introduction stops. This class covers all of the major vulnerability classes and testing techniques and tools for finding them. Students learn how attackers approach a target and what they can easily learn about it. Students test real and simulated systems to find and exploit vulnerabilities. They work with tools such as intercepting proxies, and Metasploit.
Cryptography and security
This class covers the fundamental cryptographic concepts and protocols, including digital signatures and public key infrastructure (PKI). It emphasizes that simply using cryptography does not make a system secure, and that students should never develop their own cryptographic algorithms and protocols. Beyond covering the basics, this class also discusses various problems and how existing cryptographic solutions can be applied to improve security and mitigate threats. Students work with cryptographic systems and use them to solve problems.
Mobile device (iOS, Android, Windows mobile) security
Mobile devices have all of the security issues that desktop computers have plus additional ones related to their mobility and architecture. These platform-specific classes discuss the specific mobile threats and how developers can address them within the mobile development platform. Students will develop and test systems for security.
Web application security
Web applications present unique security problems in addition to the normal security issues. For example, HTTP is, by definition, stateless. However, state is often required, as when a login must be remembered. This class covers the most common security problems associated with web applications, and shows how to avoid and test for them.
Developing cloud systems
Much of security for systems running in a non-enterprise-owned cloud system is identical to that for systems running on enterprise-controlled physical hardware. This class covers the few items that are different, such as dealing with privacy and security issues that are unique to the cloud.
Developing embedded systems
Much of embedded system security is identical to that of non-embedded systems. However, these systems face different threats such as more highly-motivated attackers and the physical effects of a security breach. This class covers these and other embedded-specific topics.
Managing development of secure software
This class covers the issues around the business effects of insecure software, modeling and quantifying security attributes, standards and certifications for secure systems, laws and regulations relating to system security, risk analysis, and techniques that work in other companies to help produce more secure systems.
Identifying security requirements
This class covers threat models, risk analysis, the business effects of a security breach, and using these tools to develop security requirements.