Short Courses for Industry
Automated Security Testing During Software Development (CPD)
A one-day course on security testing during software development. The course is given and designed by the former Security Testing Strategist of SAP SE and has been given successfully at heise devsec 2017, a professional conference on secure software development.
Date: Expected to run March 2019
About the course
Software security vulnerabilities are a serious threat to software vendors and their customers: they can result in both monetary loss and loss of reputation. Thus, implementing a rigid secure software development life-cycle (SDLC) is a competitive advantage for a software vendor. Security testing is an important part of any SDLC. Moreover, it is commonly accepted that security testing should be applied as early as possible in software development.
In this one day continuous professional development (CDP) training, the participants will learn different security testing approaches (e.g., SAST, DAST), their specific strengths and weaknesses, how to evaluate tools and how to select the best “blend” of tools for their own software development. Moreover, the participants will learn how these tools can be integrated into various software development methods (ranging from traditional waterfall-like processes to agile processes supporting continues delivery).
The training is structured into a series of short lectures, discussion for exchanging own experiences, and practical exercises.
For the practical lab session, participants should bring their own laptop with at least 8GB of RAM and 5GB of free disk space. Moreover, a common virtualisation software (VMWare, VirtualBox, Parallels, KVM) should be installed. If you do not have already a virtualisation solution installed, you might want to use VirtualBox. VirtualBox is a free virtualisation solution that runs on Windows, Linux, and OX X. Note that hardware virtualisation support should be enabled in the Bios/UEFIsetup.
08.30 - 09.30: registration and welcome (coffee)
09.30 - 11.00: introduction
11.00 - 11.15: coffee break & networking
11.15 - 12.30: static security testing approaches
12.30 - 13.30: networking lunch
13.30 - 15.00: dynamic security testing approaches
15.00 - 15.15: coffee break & networking
15.15 - 17.00enquiries: introducing and integrating security testing tools
The workshop is given by Dr. Achim D. Brucker and Michael Herzberg.
Dr. Achim D. Brucker is a Senior Lecture in Software Assurance & Security in the Computer Science Department of The University of Sheffield. Before joining The University of Sheffield, he was the Security Testing Strategist in the Global Security Team of SAP SE, where, among others, he defined the risk-based security testing strategy of SAP that is now implemented across all worldwide development locations of SAP SE. As part of his work, he evaluated and rolled out security testing tools to more than 25’000 developers world-wide as well as designed and offered trainings for all developers at SAP. He is a frequent speaker at
Michael Herzberg is a PhD student at the University of Sheffield, UK, supervised by Dr. Achim D. Brucker. Michael’s focus lies on formal methods for building secure systems. Previously he graduated from the Karlsruhe Institute of Technology, Germany, with a B.Sc. in Computer Science. During that time he also worked at SAP Research on assessing different static code analysis
For technical queries please contact the course leader:
Dr Achim Brucker
For all other enquiries please contact:
Dr Stuart Wrigley