• SwA Communities
• SwA Forums & Working Groups
• Workforce Education & Training
•     - Activities
•     - Resources
•     - Collaborations
•     - Licensing and Certification
• Processes & Practices
•     - Activities
•     - Resources
•     - Collaborations
• Technology & Tools
•     - Activities
•     - Resources
•     - Collaborations & Research
• Acquisition & Outsourcing
•     - Activities
•     - Resources
•     - Collaborations
• Measurement & Business Case
•     - Activities
•     - Resources
•     - Business Case
•     - Collaborations & Examples
•     - Resources
• Malware & Cyber Observables
•     - Activities
•     - Resources
• Resilient Software
• SwA Market Place
• SwA Landscape
• SwA Ecosystem
• Security Automation & Measurement
• Build Security In

Workforce Education & Training Working Group

Resources

Software Assurance Education, Training & Certification Web Guide
Academic Curricula and Course Sampling
Commercial Training Sampling
Non-Commercial Training Sampling
Refereed Articles and Papers
Reports
Whitepapers
Briefings

Academic Curricula and Course Sampling

Carnegie Mellon University

• Computer Science curriculum
• Secure Programming course (Computer Science: CS 15392)
• The Master of Information Technology Strategy (MITS) program at the Information Networking Institute
• Secure Software Engineering course at the Information Networking Institute (14-735)
• Secure Software Systems course at the Information Networking Institute (18-732)
• Software Security Engineering course in the Master of Software Engineering degree program
• Information Security and Privacy course at the Institute for Software Research (08-761)
• Master of Science in Information Security Policy and Management (MSISPM) program at the H. John Heinz III College
  • Introduction to Information Security Management course (95-752)
  • Introduction to Security and Policy course (95-830)
  • Information Security Risk Policy & Management course (95-757)
  • Special Topics: Information Assurance & Security course (95-764)
• CISO Executive Education and Certification Program at the H. John Heinz III College

Florida Institute of Technology, Master of Science in Information Assurance and Cybersecurity

James Madison, Computer Science Department

• graduate courses and certificates: Concentration in Information Security, Concentration in Secure Software Systems, Five-Year Concentration in Secure Software Systems (BS plus MS), Certificate in Secure Computer and Database Systems, Certificate in Software Security
• undergraduate Information Systems Security Professionals certificate

The Johns Hopkins University Information Security Institute (JHUISI) Master of Science in Security Informatics Program

George Washington University Computer Science curriculum

Massachusetts Institute of Technology EECS Undergraduate Program

Master of Software Assurance Reference Curriculum

Purdue University, The Center for Education and Research in Information Assurance and Security (CERIAS)

Rochester Institute of Technology

• Computer Science Department
• MS in Computing Security and Information Assurance program (includes secure software) at the Networking, Security and Systems Administration (NSSA) Department

Stanford University Computer Science curriculum

Stevens Institute of Technology Master’s Degree Concentration in Software Assurance

United States Air Force Academy

University of California at Davis Computer Science curriculum

University of Detroit Mercy, The Center for Cyber Security and Intelligence Studies

Virginia Tech CS curriculum

If you know of other curricula that could be listed here, please send its web link to software.assurance [at] dhs.gov.

Commercial Training Sampling

Aspect Security, Inc., Application Security Education and Training

Foundstone, Inc., Education

International Information Systems Security Certification Consortium, Inc. (ISC)²

KRvW Associates, LLC., Training Services

Microsoft Corp., Clinic 2806: Microsoft® Security Guidance Training for Developers (and other courses)

Netcraft, Inc., Web Application Security Course

Next Generation Security Software, Ltd., Security Training

The SANS Institute, Inc.

Secure Coding in C and C++ course, Software Engineering Institute, Carnegie Mellon University

Security Innovation, Inc., Application Security Education

Software Assurance and Information Security courses at the Software Engineering Institute, Carnegie Mellon University

Symantec Corp., Application Security Principles and Security in Software Development Lifecycle

If you know of other training that could be listed here, please send its web link to software.assurance [at] dhs.gov.

Non-Commercial Training Sampling

OWASP WebGoat Project
Open Web Application Security Project (OWASP)'s WebGoat is a deliberately insecure Java 2 Enterprise Edition (J2EE) web application designed to teach web application security lessons. In each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the WebGoat application. For example, in one of the lessons the user must use SQL injection to steal fake credit card numbers. The application is a realistic teaching environment, providing users with hints and code to further explain the lesson.

ThreadStrong's Secure Application Development E-Learning Classes (available for free)
Denim Group donated its ThreadStrong secure software development courses to U.S. universities to help students learn how to build more secure software. According to Denim Group’s press release, students of universities who offer these e-learning courses learn how to “mitigate complex threats presented by a variety of software development languages, including mobile platforms such as Android and Apple's iOS. By taking security into account at the beginning of a software development project, these students can then avoid the common trap of unknowingly introducing security vulnerabilities into their software. These courses also demonstrate how to strike a real-world balance between functionality and security to enable a secure and agile enterprise that can protect its information while exceeding business performance goals.” The press release includes this information for universities to begin offering the courses at no charge: “ThreadStrong licensing is being donated to all eligible accredited universities and offers unlimited access to all available course materials enabling each student to review the training classes even after training is complete to refresh their knowledge. Universities are encouraged to contact Denim Group at (210) 572-4400 or at http://www.threadstrong.com/educational_partners.html to apply for a ThreadStrong complimentary license.”

Refereed Articles and Papers

"Training and Awareness" article on Build Security In

reports

Software Assurance Professional Competency Model, Department of Homeland Security, October 2012

Software Assurance: A Curriculum Guide to the Common Body of Knowledge. PDF is available for download from the Build Security In Web site.

Backgrounder on Software Assurance: A Curriculum Guide to the Common Body of Knowledge

Software Assurance Best Practices for Air Force Weapon and Information Technology Systems – Are We Bleeding? Thesis by Ryan A. Maxon, Major, USAF, Air Force Institute of Technology, AFIT/GIR/ENV/08-M13, March 2008

Toward an Organization for Software System Security Principles and Guidelines, version 1.0, by Samuel T. Redwine, Jr. Institute for Infrastructure

Briefings

Workforce Education and Training Status Briefing, Software Assurance Forum, October 3, 2007

 

Contact Us Terms of Use Privacy Policy Sitemap Get a PDF Reader ©2013 Department of Homeland Security