Phone +48 783 65 95 65
Email [email protected]
Home > Courses > A practical introduction to the Secure Software Development Lifecycle (Secure SDLC)

A practical introduction to the Secure Software Development Lifecycle (Secure SDLC)

Available Hours: 8 Instructor: Łukasz Gostkowski Last updated 05/2026

Description

Application security isn't a one-time activity or an add-on at the end of a project, but a process that should be an integral part of every stage of the software development lifecycle. A lack of a coherent approach to security in the SDLC leads to errors, late detection of vulnerabilities, and, ultimately, high costs for patches and updates.

The "Practical Introduction to the Secure Software Development Lifecycle" training is an intensive, theoretically and practically based workshop that teaches how to effectively implement security mechanisms into every stage of the application lifecycle, minimizing the risks and costs associated with vulnerabilities.

Who is this for?

Software developers and architects, Testers and quality engineers, Technical leaders, Product Owners and those responsible for the development process, DevOps/DevSecOps teams, Anyone who wants to improve the quality of the software they produce and reduce the risk of vulnerabilities.

Training goals

  • Apply security practices at each stage of the SDLC – from design to maintenance,
  • detect and eliminate vulnerabilities before they reach production environments,
  • integrate security tools into CI/CD pipelines,
  • create and maintain security policies within the organization,
  • make informed design decisions from a risk perspective.

Training program

  • Wprowadzenie do SSDLC
  • Dlaczego klasyczne SDLC nie wystarcza?
  • Koszty i konsekwencje braku bezpieczeństwa
  • Model „shift-left security”
  • Faza planowania i analizy
  • Określanie wymagań bezpieczeństwa
  • Klasyfikacja danych, analiza ryzyka
  • Wprowadzenie do standardów: OWASP, ISO 27034, NIST SSDF
  • Bezpieczne projektowanie
  • Threat modeling w praktyce
  • Bezpieczne architektury aplikacyjne
  • Typowe wzorce i antywzorce bezpieczeństwa
  • Bezpieczna implementacja
  • Najczęstsze błędy programistyczne i jak ich unikać
  • Secure coding guidelines (OWASP ASVS, CWE)
  • Weryfikacja kodu: code review, SAST, SCA
  • Automatyzacja bezpieczeństwa w CI/CD
  • Integracja narzędzi SAST, SCA, DAST, IaC scanning
  • DevSecOps w praktyce
  • Tworzenie bezpiecznego pipeline’u CI/CD
  • Testy bezpieczeństwa
  • Testy manualne i automatyczne
  • Penetration testing w SSDLC
  • Raportowanie i priorytetyzacja podatności
  • Wdrożenie i utrzymanie
  • Monitoring bezpieczeństwa i logów
  • Zarządzanie incydentami i podatnościami
  • Hardening środowisk produkcyjnych

Training format

Duration: 1 day Format: online (after gathering the group) or on-site for closed groups Materials: presentations, checklists, ready-made process templates Exercises: practical tasks, threat modeling workshops, working with tools

Benefits for the organization

  • Reduce the risk of vulnerabilities and security incidents.
  • Reduce software delivery times through early issue detection.
  • Increase team awareness and accountability.
  • Compliance with industry best practices and audit standards.