Aspire Journeys

Programmer to Secure Agile Programmer

  • 24 Courses | 15h 15m 6s
  • 4 Labs | 32h
Likes 59 Likes 59
Every organization is looking to optimize their processes, as well as securing themselves from ever growing threats. As a result, there is an increasing demand for Secure Agile Programmers who have the relevant training and experience in Agile methodologies that relate to not only software development but to secure programming.

Track 1: Programmer

In this Skillsoft Aspire track of the Secure Agile Programmer journey, the focus will be on programming standards for secure programmers.

  • 6 Courses | 4h 37m 30s
  • 1 Lab | 8h

Track 2: Secure Programmer

In this Skillsoft Aspire track of the Secure Agile Programmer journey, the focus will be on security concepts, vulnerabilities, encryption, attacks and resiliency coding for secure programmers.

  • 6 Courses | 3h 32m 34s
  • 1 Lab | 8h

Track 3: Defensive Programmer

In this Skillsoft Aspire track of the Secure Agile Programmer journey, the focus will be on defensive concepts and techniques, cryptography, code sampling, secure testing, and advanced defensive programmer concepts.

  • 7 Courses | 4h 51m 52s
  • 1 Lab | 8h

Track 4: Agile Secure Programmer

In this Skillsoft Aspire track of the Secure Agile Programmer journey, the focus will be on secure Agile programming concepts, techniques, modeling, and testing.

  • 5 Courses | 2h 13m 10s
  • 1 Lab | 8h

COURSES INCLUDED

Secure Programmer: Intro to Programming Standards
In this course, learners can explore various IEEE programming standards, software requirement types, and requirements gathering techniques. Discover how software quality is defined and steps to take in the change management process. Begin this 10-video course with an introduction to basic programming and software engineering concepts. Then move on to a three-part tutorial on programming standards-part A on recalling IEEE programming standards including general, testing and quality, and maintenance and documentation standards; part B on IEEE standards, including NIST SP 800-27, ISO/IEC 15504 and 24744:2014, and ISO 29110; and part C on recalling IEEE and ISO programming standards. This leads into identifying software requirement types, the functionality, usability, reliability, performance, and supportability (FURPS) model, and the requirements gathering techniques. Next, you will explore requirements gathering techniques such as brainstorming, interviews, focus groups, and reverse engineering, and examine quality and the change management process. In the final tutorial, learners observe how to apply the IEEE Std 730 standard for software quality.
10 videos | 55m has Assessment available Badge
Secure Programmer: Software Design Techniques
In this 13-video course, learners will discover a range of software engineering techniques used to design software. This includes modular, resiliency, architectural, component-level, model-driven, and pattern-based design. You will also explore how to identify well-designed code and script. Learners begin by observing modular design, which starts with the premise that code should be encapsulated into independent modules. This leads into learning about resiliency design. The various design approaches examined here are not mutually exclusive, and can be used together, particularly resiliency design, which often goes hand in hand with other design approaches to augment and enhance them. Next, study architectural design, with a look at the architecture process and how to apply it. Following on from this, you will learn how to apply both component-level design and pattern-based design. You will delve into Well Designed Java Example, and explore what makes it well designed. Also, Well Designed Python Example, which contains some nuances not common to other languages. Well Designed C# Example, Well Designed Javascript, and model-driven design are also covered.
13 videos | 1h 16m has Assessment available Badge
Secure Programmer: Software Modeling Techniques
This course extensively covers Unified Modeling language (UML), which is commonly used in software engineering to help design, understand, and work with software. It can be considered one of the core tools in a software engineer's toolbox. In this 6-video course, learners will delve into specific UML diagrams in order to obtain a deeper understanding, and some of which users will be able to use in their own software design. These diagrams will include class diagrams, activity diagrams, use case diagrams, and sequence diagrams. Next, follow an overview of Systems Modeling language (SysML), which is similar to UML but broader, so not only can it be used for software, but it can also be used for hardware, networks, or any system. Then discover how it can be used. In the final tutorial in this course, you will take a look at specific SysML diagrams, including block definition diagrams, internal block diagrams, and parametric diagrams.
6 videos | 26m has Assessment available Badge
Secure Programmer: Coding Practices
In this 12-video course, learners explore best practices for good coding along with exercises showcasing related examples. This includes good programming practices for Java, Python, C#, and Javascript. Begin with a look at how to perform software estimation of resources and time. One fundamental practice that learners need to know is how to estimate how long something will take and what resources one needs in place. You will then examine coding best practices, and some specific techniques to improve code, along with good coding examples. Following on from this, observe how to recognize bad coding examples, and examine Java code that is poorly written. Next, you will take a look at bad coding examples in Python, and recognizing bad Python programming; bad C# programming, and bad Javascript programing. This leads into learning about applying good coding examples in Java, in Python, in C#, and Javascript. The two most important takeaways from this course are understanding and recognizing both good and bad code, and the other is having a basic understanding of estimating and allocating resources.
12 videos | 46m has Assessment available Badge
Secure Programmer: Software Testing
Explore key aspects of software testing, software validation, and bug tracking methods in this 14-video course, beginning with a look at very specific testing methodologies, and an in-depth introduction into how to do testing. This leads learners into observing how to apply unit testing; integration testing; regression testing, and user acceptance testing. Another tutorial will explore the roles and responsibilities in testing, or who in one's team is responsible for what aspect of testing. You will also learn about specific testing methods, and how to do the individual test, regardless of what type it is. Following on from this, learners will examine test cases and reporting, where formalized testing requires some level of reporting and specific test cases. Then discover how to apply software metrics and explore software verification and software validation. To complete the course, you will learn about the concepts of bug tracking and how to use various bug tracking methods.
14 videos | 1h 11m has Assessment available Badge
Final Exam: Programmer Apprentice
Final Exam: Programmer will test your knowledge and application of the topics presented throughout the Programmer track of the Skillsoft Aspire Programmer to Secure Agile Programmer Journey.
1 video | 32s has Assessment available Badge

COURSES INCLUDED

Secure Programmer: Security Concepts
This 6-video course guides learners to discover the basics of secure programming, including common security concepts, authentication and authorization, and shows how to avoid common programming errors that can undermine security, as well as how to incorporate validation and verification into programming. These are the core security concepts that you need to master to ensure that your programs are produced in a secure fashion. To begin, you will examine secure programmer security concepts, including confidentiality, integrity, and availability, known as the CIA triangle, least privileges, and separation of duties. The next tutorial covers secure programmer authentication and authorization, looking at general authentication models such as discretionary access controls (DACs), mandatory access control (MAC), rule-based access control (RBAC), and attribute-based access control (ABAC). Next, you will explore and learn how to avoid common programming errors that can undermine security. The final tutorial in this course looks at the process and techniques of secure programming verification and validation.
6 videos | 24m has Assessment available Badge
Secure Programmer: Vulnerabilities
Explore various software vulnerability topics in this 19-video, which opens with a look at specific security vulnerabilities and how to program counter techniques. Then learners receive three tutorials on the OWASP (Open Web Application Security Project) Top 10 vulnerabilities: SQL injection, broken authentication, and cross-site scripting; broken access control, security misconfiguration, sensitive data exposure, and insufficient attack protection; and cross-site request forgery, using components with known vulnerabilities, and under protected application programming interfaces (APIs). Examine use of threat models including STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation), PASTA (the Process for Attack Simulation and Threat Analysis), DREAD (Damage, Reproductibility, Exploitability, Affected Users, Discoverability), and SQUARE (Security Quality Requirements Engineering). Use CVE (common vulnerabilities and exposures) vulnerability scoring, and examine Java, Python, C#, and Javascript SQL secure coding examples. Implement Python secure coding to combat SQL vulnerability; C# to combat common code vulnerabilities, and Javascript to combat Cross Site Scripting attacks. Use Common Vulnerability Scoring System (CVSS), and finally, use OWASP Zap and Vega vulnerability scanners to test websites for common vulnerabilities.
19 videos | 1h 11m has Assessment available Badge
Secure Programmer: Encryption
In this 5-video course, learners discover the basics of cryptographic algorithms. You will receive a general overview of symmetric algorithms such as AES, Blowfish, and Serpent. You will also examine asymmetric algorithms such as RSA (Rivest, Sharmir, and Adelman), Diffie-Hellman, and elliptic-curve cryptography (ECC). More importantly, you will learn when to use which algorithm and what algorithms are better for specific purposes. You will then move on to integrity algorithms, including hashes like SHA (Secure Hash Algorithm 1), MD5 (Message Digest 5), and 6, RIPEMD (Ripe Message Digest), and HAVAL, as well as message authentication codes (MACs) and HMACs (keyed-hash message authentication codes). You will also examine the strengths and weaknesses of these different approaches. The goal is whether one can make intelligent choices about which algorithms to implement for which purpose; whether one's concerns are about confidentiality; if one needs to do key exchange; is message integrity an issue; are you storing passwords? These will each require different algorithms.
5 videos | 21m has Assessment available Badge
Secure Programmer: Attacks
You will focus primarily on actual common software attacks in this 21-video course, which means you will be shown how the SQL format string attack affects your programs and coding mistakes that make software vulnerable to them. In some of these examples, learners will examine the vulnerable code and learn how to correct it. In other examples, learners will explore how someone carries out the attack, which will help lead one to learn how to defend against it. Begin by learning how to code against format string attacks in Java, in Python, and in C#. Then move on to coding against SQL injection attacks in Java, in Python, in C#, and in Javascript. Next, explore coding against buffer overflow attacks in Java, in Python, in C#, and in Javascript. Further tutorials examine how to code against cross-site scripting attacks in Java, in Python, in C#, and in Javascript. Also, learn how to code against password cracking attacks in Java, in Python, in C#, and in Javascript.
21 videos | 1h 8m has Assessment available Badge
Secure Programmer: Resiliency Coding
This 7-video course helps learners explore resiliency concepts such as stability, recovery, and defensive coding. In it, you will discover how to ensure Java resiliency, Python resiliency, C# resiliency, and Javascript resiliency. One of the cornerstones of secure programming is to create resilient software, which means software that is far less likely to have failures. You will begin by looking at the resilient concepts such as stability, recovery, and defensive coding. Begin with stability, so software functions as desired, reliably and consistently. Then should something go wrong, it will readily recover. It will be able to accommodate whatever went wrong and continue normal operations as soon as possible. Then you have to write defensive code, code that is expecting both malicious attacks and just general errors. Defensive coding is a large part of secure coding. This leads into learning how to write resilient code in Java, in Python, in C#, and finally, writing resilient code in Javascript.
7 videos | 26m has Assessment available Badge
Final Exam: Secure Programmer
Final Exam: Secure Programmer will test your knowledge and application of the topics presented throughout the Secure Programmer track of the Skillsoft Aspire Programmer to Secure Agile Programmer Journey.
1 video | 32s has Assessment available Badge

COURSES INCLUDED

Defensive Programmer: Defensive Concepts
Explore key defensive programming concepts including the Cert Top 10 practices for secure coding, along with other topics covered in this 9-video course. To begin, take a look at the general defense coding concepts, the basic concepts and principles that permeate defensive programming. The next two-part tutorial concerns CERT top 10 secure coding practices: Part A on the first five CERT top 10 secure coding practices-validate input, Heed compiler warnings, Architect and design for security, keep it simple, and the default deny. Part B covers the last five CERT top 10 secure coding practices-adhere to the principles of least privilege, sanitize data sent to other systems, practice defense in depth, use effective quality assurance techniques, and adopt a secure coding standard. This leads learners into learning how to apply defensive coding; using Open Source Security Testing Methodology Manual concepts for secure testing, and applying the Flaw Hypothesis Method. The final tutorial in this course looks at the role of Six Sigma in producing better quality, secure programming.
9 videos | 43m has Assessment available Badge
Defensive Programmer: Defensive Techniques
In this course, learners discover the importance of exception handling, validation, and parameter checking in programming. Explore how to handle exceptions and apply validation in Java, Python, C#, and Javascript, as well as how to configure component trust and reuse code, in this 17-video course. Begin by learning how to apply exception handling effectively, and then take a look at validation techniques and procedures. Learners will explore reliability, resiliency, and recoverability and how it can be achieved in software engineering. Next, you will look at CDI/UDI (constrained data item/unrestrained data item), why it is important, and how it should be done. You will delve into parameter checking; using Java exception handling; using Python exception handling, and using Javascript exception handling. You will then explore using Java validation; Python validation; C# validation, and Javascript validation. In the final tutorials you will examine component trust, including when and how to achieve trust of components, and learn how to reuse code effectively and defensively.
17 videos | 1h 16m has Assessment available Badge
Defensive Programmer: Cryptography
This 8-video course helps learners explore the basics of programming cryptography, cryptography types, and applications, and also examines encryption implementation code examples. In the first of two tutorials on encryption concepts, you will explore the critical concepts of symmetric versus asymmetric cryptography, and when to use one as opposed to another, by learning the benefits of one over the other. In the second tutorial, learners will continue by examining specific algorithms such as AES, DES, RSA, Diffie-Hellman, and Elliptic Curve, and by looking into the strengths and weaknesses of these particular algorithms. Next, you will take a careful look at the important concepts of confidentiality and integrity, the use of hash codes, message authentication codes, and HMACs (hash message authentication codes). In the final four tutorials in this course, learners will explore specific code samples, where one can see Java cryptography, Python cryptography, C# cryptography, and Javascript cryptography being implemented.
8 videos | 31m has Assessment available Badge
Defensive Programmer: Advanced Concepts
Learners can explore advanced defensive coding concepts and practices such as session and risk management, assertive programming, and intelligible exceptions in this 6-video course. In the first tutorial, you will examine better ways to carry out secure session management, which is particularly pertinent for those that work on e-commerce sites or web programming. You will then move on to a study of risk management; risk is unfortunately a part of every project, including programming. Everyone would like to reduce risk to a zero level, but that is simply not realistic, so risk must be analyzed and quantified, to bring it down to a level that is acceptable and manageable. In this tutorial, you will therefore observe how to define risk management and learn how to apply risk management to software projects. Next, you will learn about assertive programming, take an overview and discover how to implement assertions. The final tutorial in this course covers intelligible exceptions, and learning how to implement meaningful and actionable exception handling.
6 videos | 18m has Assessment available Badge
Defensive Programmer: Code Samples
In this course, learners will discover how to implement defensive coding techniques such as filtering, resilient code, recoverable code, parameter checking, and validation by examining Java, Python, C#, and Javascript code examples. The tutorials in this 22-video course all entail walking through code samples step by step, so by examining code samples in these diverse languages, learners will become better able to apply these techniques to their own programming projects. Begin by learning how to implement Java filtering; Python filtering; C# filtering, and Javascript filtering. Then move on to implementing Java resilient code; Python resilient code; C# resilient code, and Javascript resilient code. Next, discover how to implement Java recoverable code; Python recoverable code; C# recoverable code, and Javascript recoverable code. This leads learners into implementing Java parameter checking; Python parameter checking; C# parameter checking, and Javascript parameter checking. In the final set of tutorials, you will discover how to implement validation in Java; in Python; in C#, and in Javascript.
22 videos | 1h has Assessment available Badge
Defensive Programmer: Secure Testing
In this 8-video course, explore the basics of secure testing methodologies such as unit, regression, and integration testing. Discover how to work with security metrics and track security bugs. Begin by looking at the concepts of security testing, and the goals of testing. The course offers an overview and a framework with which to conduct security testing. This framework is applicable to any particular approach to testing-whether automated or manual, unit, integration, or regression testing, the same conceptual framework will apply. Then learners move on to secure unit testing, and how to apply it, including how secure testing is done and who should do it. The next tutorial involves secure regression testing, which is, in general, a term for testing after a change has been made, so you will learn how to apply effective and secure regression testing. You will also explore secure integration testing, how to apply it and when and who conducts integration testing. Then discover how to use effective security metrics, and finally, how to effectively track security bugs.
8 videos | 28m has Assessment available Badge
Final Exam: Defensive Programmer
Final Exam: Defensive Programmer will test your knowledge and application of the topics presented throughout the Defensive Programmer track of the Skillsoft Aspire Programmer to Secure Agile Programmer Journey.
1 video | 32s has Assessment available Badge

COURSES INCLUDED

Secure Agile Programming: Agile Concepts
In this 13-video course, learners can explore Agile programming concepts such as iterative software approaches, differences between Agile and Waterfall, and creating a secure Agile culture. Examine Scrum, Lean software, extreme programming, and rapid application development, along with several other topics. Begin the course with a look at iterative software development. This leads on to differentiating between Agile, one of the most widely used iterative development approaches, and Waterfall, the still used, traditional method. Then learn about integrating security into Agile and creating a secure Agile culture. Next, you will examine Scrum, an iterative development process designed for small teams, usually with 10 or fewer members; and then take a look at Lean software, and how it works. You will explore extreme programming and rapid application development (RAD). Learn the best practices for secure Agile development, and how to facilitate a secure organizational culture. In the final tutorial, you will learn about integrating secure methods into the Scrum approach.
13 videos | 47m has Assessment available Badge
Secure Agile Programming: Agile Techniques
Learners will discover how to gather Agile requirements, implement Agile processes, create a secure Agile software development (SD) lifecycle, implement Disciplined Agile Delivery, and apply best practices for secure SD in this 9-video course. First, you will take a look at Agile requirements, specifically at how to perform requirements gathering and management in an Agile environment. Next, learners will follow two tutorials on Agile techniques: Part A on defining Agile techniques including iterative delivery and the use of user stories, and part B on defining Agile techniques including the daily standup meeting, pair programming, Scrum events, and planning poker. Following on from this, you will learn how to create a secure Agile SDLC (software development lifecycle), to ensure that the software development, even in a fast-paced Agile environment, is secure. Learners will also discover how to implement Disciplined Agile Delivery, ensuring that things are kept to a schedule. In the final tutorial in this course, you will observe how to apply best practices for secure SD.
9 videos | 30m has Assessment available Badge
Secure Agile Programming: Agile Modeling
In this 7-video course, you will learn about Agile modeling, and how to model software in an Agile environment. You will then explore story-driven modeling. User stories are an integral part of the Agile process, one of the defining characteristics that separates Agile from other processes, which of course means that Agile modeling is story-driven, so learners will observe how to apply story-driven modeling. As these user stories are so important to all Agile development, including modeling and requirements gathering, then you must have secure user stories, so in the next tutorial you will learn how to ensure security. You will then examine and use specification by example, a cornerstone of Agile development, and one of the best ways to gather accurate specifications, which means functional specifications as well as secure specifications. The final tutorial concerns building secure user stories-user stories that focus on the security needs that allow stories to be transformed into requirements, goals, and objectives.
7 videos | 19m has Assessment available Badge
Secure Agile Programming: Testing
In this course you will explore Agile testing, which because of its iterative and collaborative nature, everything changes a little, so you will examine precisely how testing is done in an Agile environment. You will then take a look at continual security testing, and integrating testing standards into Agile. In this 10-video course, learners will discover how to apply verification and validation for Agile programming, which are cornerstones of software and systems engineering. This leads into integrating metrics, which are just as important in Agile as they are in any other software engineering approach. The next tutorial covers Agile bug tracking, one of the most important things to document as soon as they are found. You will then learn about static code analysis, which is something from traditional software engineering that needs to be integrated into the Agile process as an important way to accomplish bug fixing, testing, and even verification. The final tutorial concerns the implementation of continuous integration techniques, which is continuous and ongoing throughout the entire Agile process.
10 videos | 34m has Assessment available Badge
Final Exam: Secure Agile Programmer
Final Exam: Secure Agile Programmer will test your knowledge and application of the topics presented throughout the Secure Agile Programmer track of the Skillsoft Aspire Programmer to Secure Agile Programmer Journey.
1 video | 32s has Assessment available Badge

EARN A DIGITAL BADGE WHEN YOU COMPLETE THESE TRACKS

Skillsoft is providing you the opportunity to earn a digital badge upon successful completion on some of our courses, which can be shared on any social network or business platform.

Digital badges are yours to keep, forever.