Modern computer systems are almost universally connected, which creates wider attack surfaces well beyond code to users, hardware, and more. Securing systems is thus a fundamental skill for modern software engineers.

This course is a comprehensive introduction to cyber security best practices. You’ll start with an overview of common threats and vulnerabilities, as well as high-level concepts like privilege, integrity, logging, and mediation. With these concepts in mind, you’ll then learn common protection mechanisms and defense strategies from endpoint protection to firewalls, gateways, and proxy servers. Next, you’ll learn monitoring and detection techniques, alerts, and event management. Finally, when you detect a threat, you’ll know how to respond with support tickets, data preservation, and change management.

By the end of this course, you’ll have a better understanding of modern cyber security practices and a clear roadmap to implementing these as a developer.

Cyber Security Best Practices for Developers

## Generate requests for security teams

A security team may be approached by individuals or businesses asking them to provide security, such as monitoring a new application or system. This request could be driven by regulatory requirements that need to be met. However, simply requesting that security provide security monitoring is an inadequate request. This is known as throwing it over the fence, which means shifting the risk onto someone else. The security team probably knows very little about the new system or software and how to respond to many of its alerts. In other words, it’s not as simple as just asking them to monitor it.


## Make use cases to assist security teams

More often than not, the security team isn’t the subject matter expert (SME) of systems and apps that live outside of security. To bridge this knowledge gap, use cases should be provided by the asset owner or the SME. Each use case is a document for each alert the system may generate and the corresponding response that should be taken. For example, it should indicate what to do if a certain alert is observed The table below is an example of a use case document.

# Generate requests for security teams

A security team may be approached by individuals or businesses asking them to provide security, such as monitoring a new application or system. This request could be driven by regulatory requirements that need to be met. However, simply requesting that security provide security monitoring is an inadequate request. This is known as throwing it over the fence, which means shifting the risk onto someone else. The security team probably knows very little about the new system or software and how to respond to many of its alerts. In other words, it’s not as simple as just asking them to monitor it.


# Make use cases to assist security teams

More often than not, the security team isn’t the subject matter expert (SME) of systems and apps that live outside of security. To bridge this knowledge gap, use cases should be provided by the asset owner or the SME. Each use case is a document for each alert the system may generate and the corresponding response that should be taken. For example, it should indicate what to do if a certain alert is observed The table below is an example of a use case document.

Learn to make elaborate use cases for the security team to assist them in performing the relevant action when a threat is detected.


Use Cases

Learn to make elaborate use cases for the security team to assist them in performing the relevant action when a threat is detected.

Introduction

Basics of Security

Detect

Protect

Respond

Conclusion

Use Cases

Generate requests for security teams

Make use cases to assist security teams