Software Security Remediation Basics

Course Duration: 1 hour
Intended Audience: Security Professionals, Developers and Software Quality Assurance Staff

The security industry often pays a tremendous amount of attention to finding security vulnerabilities. This is done via code review, penetration testing and other assessment methods. Unfortunately, finding vulnerabilities is only the first step toward actually addressing the associated risks, and addressing these risks is arguably the most critical step in the vulnerability management process. Complicating matters is the fact that most application security vulnerabilities cannot be fixed by members of the security team because they require code-level changes in order to address the underlying issue successfully. Therefore, security vulnerabilities need to be communicated and transferred to software development teams and then prioritized and added to their workloads.

This course examines steps required to remediate software-level vulnerabilities properly, and recommends best practices organizations can use to be successful in their remediation efforts.

Lesson 1: Software Security Remediation Basics
Course Objectives: After completing this lesson, you should be able to:

  • Understand the overall purpose, process, impact and phases of software security remediation projects

Lesson 2: Phase One - Inception
Course Objectives: After completing this lesson, you should be able to:

  • Identify individuals and teams that should be involved in software security remediation projects
  • Understand how to create a successful timeline and budget

Lesson 3: Phase Two - Planning
Course Objectives: After completing this lesson, you should be able to:

  • Understand risks associated with software vulnerabilities and how risk is calculated
  • Explain how manual and automated testing is used to find and confirm vulnerabilities
  • Calculate the level of effort needed from various teams
  • Schedule a software security remediation project

Lesson 4: Phase Three - Execution
Course Objectives: After completing this lesson, you should be able to:

  • Explain the steps and methods necessary to fix vulnerabilities
  • Understand how to test the quality of vulnerability fixes
  • Provide metrics used to evaluate a software security remediation project

On-Site Training Available

If e-Learning is not the best solution for your training needs, the creators of ThreadStrong also offer application security training in classroom format.

Contact Us for More Information