Workforce Education & Training Working Group
Resources
Software Assurance Education, Training & Certification Web Guide
Academic Curricula and Course Sampling
Commercial Training Sampling
Non-Commercial Training Sampling
Refereed Articles and Papers
Reports
Whitepapers
Briefings
Academic Curricula and Course Sampling
Carnegie Mellon University
- Computer Science curriculum
- Secure Programming course (Computer Science: CS 15392)
- The Master of Information Technology Strategy (MITS) program at the Information Networking Institute
- Secure Software Engineering course at the Information Networking Institute (14-735)
- Secure Software Systems course at the Information Networking Institute (18-732)
- Software Security Engineering course in the Master of Software Engineering degree program
- Information Security and Privacy course at the Institute for Software Research (08-761)
- Master of Science in Information Security Policy and Management (MSISPM) program at the H. John Heinz III College
- CISO Executive Education and Certification Program at the H. John Heinz III College
Florida Institute of Technology, Master of Science in Information Assurance and Cybersecurity
James Madison, Computer Science Department
- graduate courses and certificates: Concentration in Information Security, Concentration in Secure Software Systems, Five-Year Concentration in Secure Software Systems (BS plus MS), Certificate in Secure Computer and Database Systems, Certificate in Software Security
- undergraduate Information Systems Security Professionals certificate
George Washington University Computer Science curriculum
Massachusetts Institute of Technology EECS Undergraduate Program
Master of Software Assurance Reference Curriculum
Rochester Institute of Technology
- Computer Science Department
- MS in Computing Security and Information Assurance program (includes secure software) at the Networking, Security and Systems Administration (NSSA) Department
Stanford University Computer Science curriculum
Stevens Institute of Technology Master’s Degree Concentration in Software Assurance
United States Air Force Academy
University of California at Davis Computer Science curriculum
University of Detroit Mercy, The Center for Cyber Security and Intelligence Studies
If you know of other curricula that could be listed here, please send its web link to software.assurance [at] dhs.gov.
Commercial Training Sampling
Aspect Security, Inc., Application Security Education and Training
Foundstone, Inc., Education
International Information Systems Security Certification Consortium, Inc. (ISC)²
KRvW Associates, LLC., Training Services
Microsoft Corp., Clinic 2806: Microsoft® Security Guidance Training for Developers (and other courses)
Netcraft, Inc., Web Application Security Course
Next Generation Security Software, Ltd., Security Training
Secure Coding in C and C++ course, Software Engineering Institute, Carnegie Mellon University
Security Innovation, Inc., Application Security Education
Software Assurance and Information Security courses at the Software Engineering Institute, Carnegie Mellon University
Symantec Corp., Application Security Principles and Security in Software Development Lifecycle
If you know of other training that could be listed here, please send its web link to software.assurance [at] dhs.gov.
Non-Commercial Training Sampling
OWASP WebGoat Project
Open Web Application Security Project (OWASP)'s WebGoat is a deliberately insecure Java 2 Enterprise Edition (J2EE) web application designed to teach web application security lessons. In each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the WebGoat application. For example, in one of the lessons the user must use SQL injection to steal fake credit card numbers. The application is a realistic teaching environment, providing users with hints and code to further explain the lesson.
ThreadStrong's Secure Application Development E-Learning Classes (available for free)
Denim Group donated its ThreadStrong secure software development courses to U.S. universities to help students learn how to build more secure software. According to Denim Group’s press release, students of universities who offer these e-learning courses learn how to “mitigate complex threats presented by a variety of software development languages, including mobile platforms such as Android and Apple's iOS. By taking security into account at the beginning of a software development project, these students can then avoid the common trap of unknowingly introducing security vulnerabilities into their software. These courses also demonstrate how to strike a real-world balance between functionality and security to enable a secure and agile enterprise that can protect its information while exceeding business performance goals.” The press release includes this information for universities to begin offering the courses at no charge: “ThreadStrong licensing is being donated to all eligible accredited universities and offers unlimited access to all available course materials enabling each student to review the training classes even after training is complete to refresh their knowledge. Universities are encouraged to contact Denim Group at (210) 572-4400 or at http://www.threadstrong.com/educational_partners.html to apply for a ThreadStrong complimentary license.”
Refereed Articles and Papers
"Training and Awareness" article on Build Security In
reports
Software Assurance Professional Competency Model, Department of Homeland Security, October 2012
Software Assurance: A Curriculum Guide to the Common Body of Knowledge. PDF is available for download from the Build Security In Web site.
Backgrounder on Software Assurance: A Curriculum Guide to the Common Body of Knowledge
Software Assurance Best Practices for Air Force Weapon and Information Technology Systems – Are We Bleeding? Thesis by Ryan A. Maxon, Major, USAF, Air Force Institute of Technology, AFIT/GIR/ENV/08-M13, March 2008
Toward an Organization for Software System Security Principles and Guidelines, version 1.0, by Samuel T. Redwine, Jr. Institute for Infrastructure
Briefings
Workforce Education and Training Status Briefing, Software Assurance Forum, October 3, 2007