On June 14 and 15, the course "Secure development applied to the software life cycle" will be held at the Faculty of Engineering and Water Sciences (FICH), by Cristian Borghello, consultant in Information Security Systems. The dictation will be from 9 to 13 and from 15 to 19.
The purpose of this activity is for attendees to understand the development cycle
insurance of computer applications and the vulnerabilities to which they are exposed. Likewise, the objectives are to design threat models on the software life cycle and develop secure applications, proactively detecting shortcomings. In this framework, a methodology used by the main technology companies in the world to detect and avoid the different types of software vulnerabilities will also be presented.
The course is intended for graduates and students of Computer Engineering, Systems and related careers, as well as computer development or security personnel of systems management in companies and organizations.
The state in software security, threat identification and modeling, analysis and practice of secure development are the main axes of the program that will be developed in the course. In recent years, and in a context of increasingly widespread use of information and communication technologies, these topics have acquired greater relevance in the discipline, "because computer security is the subject that allows us to know vulnerabilities, find errors and implement appropriate solutions in the field of an organization, considering the risks and associated costs. Knowing about those mistakes and avoiding them involves educating analysts and developers so that the code of the applications is secure," Borghello explained.
A software is said to be safe when it meets certain requirements that involve all stages of its development, from its conception and design, to its implementation and disuse. In other words, the teacher illustrated, "the development of a software is equivalent to the construction of a house, where there is an owner who sketches it, architects who design it and masons who build it, and even demolishers who demolish it. For this there are standards that must be respected in order to make it safe and habitable."
Errors that threaten the security of a computer application allow people without authorization to modify the normal behavior of the software and use it for their own benefit, to the detriment of users. "All applications have vulnerabilities because they are developed by human beings who, as such, make mistakes," Borghello stressed and commented that "one of the best known, for example, is SQL Injection, which allows you to steal or modify information in a database, which could be used to obtain money illegally, defraud a company or a user."
Reports and registration: [email protected].
