Publication date : 01/10/2024
Course : Application security, development methods
Practical course - 2d
- 14h00 - Ref. APD
|
Download in PDF format
Share this course by email
 | Master the OpenSAMM maturity model for secure application development |
| Carry out a security analysis of the software being audited |
| Identify the essential parts of the source code to be verified |
| Testing application security |
Intended audience
Developers, application architects, project managers who need to secure applications.
Prerequisites
Be familiar with the ANSSI security hygiene guide. Completion of the introductory cybersecurity course. Knowledge of a programming language.
Course schedule
1 Introduction
- What is code security?
- Security players: CERT, OWASP, BSIMM...
- What are the risks involved in developing an application?
- Traces left by developers: memory, logs...
- What is secure application coding?
- Types of attack.
2 Application security with OpenSAMM
- The maturity model for secure application development.
- The 4 levels of maturity.
- Implicit starting level.
- Initial understanding and implementation of safety practices.
- Improved effectiveness/efficiency of safety practices.
- Complete mastery of safety practices.
3 Setting up OpenSAMM
- Prepare.
- Evaluate.
- Define the desired target.
- Define the plan.
- Set up.
- Make available.
Hands-on work
Calculating an organization's maturity level.
4 Introduction to BSIMM
- What is the BSIMM (Building Security In Maturity Model)?
- Build a solid foundation for application development.
- Best practices.
5 Security analysis of the audited application.
- Identify the critical parts of your code.
- Define the scope of the audit and limit it to critical parts.
6 Essential parts of the source code to check
- Identify the essential parts of the source code to check.
- Authentication and cryptographic mechanisms.
- User management.
- Resource access control.
- Interaction mechanisms with other applications.
- Access to databases.
- Compliance with the safety requirements established for the application.
Hands-on work
Example of identifying the essential parts of the source code to be checked.
7 Testing application security
- Identify the essential parts of the source code to check.
- Project processes and testing.
- The global approach.
- The test plan and its variations. Test strategy.
- Risk-based approach. Estimation.
Hands-on work
Example of an application test.
Customer reviews
4,3 / 5
Customer reviews are based on end-of-course evaluations. The score is calculated from all evaluations within the past year. Only reviews with a textual comment are displayed.
ARTHUR M.
20/10/25
4 / 5
A very good course, the content is there, but we sometimes ran out of time to really go through all the subjects we were able to tackle during the practical exercises (a few interesting exercises that were not corrected or that no-one had time to finish).
EDDY K.
07/07/25
4 / 5
Competent trainer who listens and teaches
AMBROISE B.
07/07/25
5 / 5
Competent and interesting trainer. Interesting topics. Stimulating exercises. Very full programme.
PARTICIPANTS
Developers, application architects, project managers who need to secure applications.
PREREQUISITES
Be familiar with the ANSSI security hygiene guide. Completion of the introductory cybersecurity course. Knowledge of a programming language.
TRAINER QUALIFICATIONS
The experts leading the training are specialists in the covered subjects. They have been approved by our instructional teams for both their professional knowledge and their teaching ability, for each course they teach. They have at least five to ten years of experience in their field and hold (or have held) decision-making positions in companies.
ASSESSMENT TERMS
The trainer evaluates each participant’s academic progress throughout the training using multiple choice, scenarios, hands-on work and more.
Participants also complete a placement test before and after the course to measure the skills they’ve developed.
TERMS AND DEADLINES
Registration must be completed 24 hours before the start of the training.
ACCESSIBILITY FOR PEOPLE WITH DISABILITIES
Do you need special accessibility accommodations? Contact Mrs. Fosse, Disability Manager, at psh-accueil@orsys.fr to review your request and its feasibility.
Developers, application architects, project managers who need to secure applications.
PREREQUISITES
Be familiar with the ANSSI security hygiene guide. Completion of the introductory cybersecurity course. Knowledge of a programming language.
TRAINER QUALIFICATIONS
The experts leading the training are specialists in the covered subjects. They have been approved by our instructional teams for both their professional knowledge and their teaching ability, for each course they teach. They have at least five to ten years of experience in their field and hold (or have held) decision-making positions in companies.
ASSESSMENT TERMS
The trainer evaluates each participant’s academic progress throughout the training using multiple choice, scenarios, hands-on work and more.
Participants also complete a placement test before and after the course to measure the skills they’ve developed.
TEACHING AIDS AND TECHNICAL RESOURCES
• The main teaching aids and instructional methods used in the training are audiovisual aids, documentation and course material, hands-on application exercises and corrected exercises for practical training courses, case studies and coverage of real cases for training seminars.
• At the end of each course or seminar, ORSYS provides participants with a course evaluation questionnaire that is analysed by our instructional teams.
• A check-in sheet for each half-day of attendance is provided at the end of the training, along with a course completion certificate if the trainee attended the entire session.
• The main teaching aids and instructional methods used in the training are audiovisual aids, documentation and course material, hands-on application exercises and corrected exercises for practical training courses, case studies and coverage of real cases for training seminars.
• At the end of each course or seminar, ORSYS provides participants with a course evaluation questionnaire that is analysed by our instructional teams.
• A check-in sheet for each half-day of attendance is provided at the end of the training, along with a course completion certificate if the trainee attended the entire session.
TERMS AND DEADLINES
Registration must be completed 24 hours before the start of the training.
ACCESSIBILITY FOR PEOPLE WITH DISABILITIES
Do you need special accessibility accommodations? Contact Mrs. Fosse, Disability Manager, at psh-accueil@orsys.fr to review your request and its feasibility.
Dates and locations
Select your location or opt for the remote class then choose your date.
Remote class
Dernières places
Date garantie en présentiel ou à distance
Session garantie