As a part of cybersecurity specifications and architectural design, be sure to include coding and testing guidelines. Follow these steps to ensure well-establish coding specifications:

• Consider cybersecurity factors relevant to design, modeling, or programming notations and languages, such as syntax, semantics, modularity, abstraction, and resilience against vulnerabilities resulting from improper use.

• Address criteria not covered by the programming language through guidelines or the development environment, such as using language subsets or strong typing.

• Verify the implementation and integration of components to ensure that they fulfill defined cybersecurity specifications.

• Specify integration and verification activities, considering cybersecurity specifications, configurations, capabilities, and conformity with guidelines.

• Evaluate test coverage using defined metrics to determine the sufficiency of test activities.

• Conduct tests using functional testing, vulnerability scanning, fuzz testing, or penetration testing. If it's not possible to perform such tests, provide a rationale.

Imported from SD Elements: https://redhat.sdelements.com/bunits/psse-secure-development/group-1-foundational-platform-offering-openshift/assisted-installer-ui/tasks/phase/specifications/359-T2514/

Training Modules

Continuous Compliance

• Dynamic application security testing (DAST)
• Static application security testing (SAST)
• Perform penetration testing

DevSecOps Fundamentals

• Application Testing Methods
• Testing

Secure Software Testing

• Make a Test Plan
• Implement Testing throughout the SDLC
• Automate your Testing
• Understand Testing Approaches
• Use Static Analysis
• Use Unit Tests
• Consider Test-Driven Development
• Set a Test Coverage Goal
• Fuzz Testing
• Security Regression Tests
• Use Negative Scenarios
• Test for Vulnerabilities
• Assess and Document all Failures
• Use Automated HTTP Testing for Web Apps
• Consider Automated UI Testing for Web Apps
• Use Pen Tests to Find Real-World Vulnerabilities
• Supplement Testing with a Web Security Scanner
• Use Stress Tests to Improve Resiliency
• Use Fault Injection to Test Mitigations
• Use Disaster Recovery Tests to Guarantee Safety

PCI Secure Software Lifecycle

• Static and Dynamic Software Security Testing

Secure Software Acceptance and Deployment

• Generate Safe Data for Testing

Defending Node.js

• Enforce Modern JavaScript with a Linter

Secure Software Design

• Security standards and strategies

Secure Software Coding

• Security testing
• Secure build processes
• Best practices for identifying vulnerable code
• Secure coding practices

Defending C and C++

• Static analysis tools
• Managing code with CI/CD
• C/C++ development best practices
• Choosing a secure coding standard