Skip Ribbon Commands
Skip to main content
Sign In
The Institute of Internal Auditors North AmericaBreadcrumb SeparatorTraining and EventsBreadcrumb SeparatorCoursesBreadcrumb SeparatorAssessing the Security of Your Application Development Shop
IIARF Icon
Course Description Course Outline Bring Us On Site  

Assessing the Security of Your Application Development Shop

Course Description

Print-friendly Course Description and Outline

The application development group in any enterprise is critical to IT’s mission. However, at the same time, the security risks associated with software development are legendary. We continually see examples of successful attacks on production code by intruders who exploit known vulnerabilities, such as buffer overflows, use of nonsecure code libraries, directory traversing, untested paths in the code, and more. In addition, development shops often do not have security policies related to the development process and lack tools such as code analyzers to automate the process of discovering security vulnerabilities before code is deployed into production. Given these risks and the business risk related to software development, it is critical that auditors understand the issues in a development shop and assess the related business risk. Audit managers and audit staff involved with assessing audit risk associated with a software development shop and conducting an operational audit of that function will benefit from this course.​

In this course, we will discuss:

  • How attackers exploit vulnerabilities due to software defects.
  • Why network defenses are no longer enough.
  • Salient differences between secure and nonsecure development methodologies.
  • The software assurance maturity model.
  • Software security metrics.
  • Security requirements in the design, secure software architecture, code reviews, design analysis, security testing, and vulnerability management.
Course Duration: 2 day(s)
CPE Hours Available: 14
Knowledge Level: Intermediate
Field of Study: Auditing
Prerequisites: 
​Participants should have a general understanding of IT development methodologies.
Advance Preparation: 
​None
Delivery Format: On-site Training (Group-Live)

​​Overview of Software Development Life Cycle and Security​

  • Why we need to assess app development shop
  • The objective of the review
  • Demonstration: How  attackers exploit app vulnerabilities
  • Why network defenses are no longer enough
  • Why security is different from other requirements
  • Workshop: Take a vocation vacation — be a hacker or a developer for a day
  • Results of a security review of an app development shop

Measuring Security Maturity in Software Development Life Cycle

 
  • A survey of development methodologies
  • A survey of secure development models
  • A detailed look into a software assurance maturity model by measuring security practices

Setting Maturity Levels in the Software Development Life Cycle

 
  • How to set a goal for app development maturing level
  • Workshop: Setting the goal for an online retailer and a car rental company
  • How to plan a successful path to achieve the maturity goal
  • How to estimate the cost of achieving the maturity goal
​ ​​

​​Most courses can be delivered through on-site training. You might be surprised that the organization leading the profession is just as committed to the delivery of affordable training.

Contact us by calling +1-407-937-1388 or send an e-mail to GetTraining@theiia.org.​​