- Why secure software matters
- Cost of insecure design and coding
- Security frameworks and standards (OWASP, NIST, SLSA)
- Stages of SSDLC
- Integrating security into Agile and DevOps
- Defining security requirements
- Non-functional requirements and compliance
- STRIDE, PASTA, and other methodologies
- Identifying attack surfaces and trust boundaries
- Least privilege, fail-safe defaults, defense-in-depth
- Secure architecture patterns
- Input validation and sanitization
- Output encoding
- Error handling and logging
- Language-specific guidelines
- Managing open-source dependencies
- Software Bill of Materials (SBOM)
- Tools and workflows
- Interpreting results and reducing false positives
- Runtime testing approaches
- Fuzzing and penetration testing basics
- Vulnerability scanning in dependencies
- Patch management workflows
- Secure password storage
- MFA, OAuth2, OpenID Connect
- Encryption at rest and in transit
- Key management best practices
- Securing build pipelines
- Secrets management
- Container and Kubernetes security
- Intrusion detection and prevention
- Logging and monitoring
- Coordinated vulnerability disclosure
- Postmortems and continuous improvement