Fundamentals of Secure Programming

Program Description

RATIONALE

In today’s digital economy, software is at the heart of banking, finance, and service delivery. Yet, poorly written code remains one of the leading causes of data breaches, fraud, and operational failures. For Ghanaian institutions—where mobile banking, fintech platforms, and digital services are rapidly expanding—the risks of insecure programming are not just technical, but also regulatory, reputational, and ethical.

This course on Secure Programming equips developers, IT professionals, and compliance officers with the knowledge and skills to design, build, and maintain applications that are resilient against cyber threats. It integrates global best practices (OWASP, ISO/IEC 27034, NIST), local regulatory frameworks (Bank of Ghana Cyber & IT directives, Data Protection Act), and real-world Ghanaian case studies to ensure relevance and applicability.

Beyond compliance, the course emphasizes the principle of stewardship—protecting customer data, institutional assets, and community trust.

 

LEARNING OBJECTIVES

·         Understand the importance of secure coding in reducing organizational risk, ensuring compliance, and protecting customer trust.

·         Identify and mitigate common software vulnerabilities (e.g., OWASP Top 10, memory management flaws, insecure authentication).

·         Apply secure coding practices in real-world projects, including input validation, error handling, cryptography, and session management.

·         Conduct threat modeling and risk assessments using frameworks such as STRIDE and DREAD, mapped to ISO/IEC 27001 Annex A controls.

·         Integrate security into the Software Development Life Cycle (SSDLC) and Agile/DevOps pipelines.

·         Perform secure code reviews and testing using static/dynamic analysis tools and peer-review checklists.

·         Align development practices with Ghanaian regulatory requirements, including Bank of Ghana cybersecurity directives and the Data Protection Act.

·         Demonstrate ethical responsibility in software development, connecting secure programming to values of stewardship, integrity, and accountability.

·         Collaborate on a capstone project to design, code, and defend a secure mini-application relevant to Ghanaian banking or church IT systems.

 

COURSE CONTENTS

·         Module 1: Foundations of Secure Programming

o    Definition and scope of secure programming

o    SSDLC (Secure Software Development Life Cycle)

o    Regulatory context: Bank of Ghana Cybersecurity Directive

·         Module 2: Common Software Vulnerabilities

o    OWASP Top 10 (Injection, XSS, Broken Auth, etc.)

o    Buffer overflows, race conditions, insecure deserialization

o    Ghanaian case study: mobile money exploit

·         Module 3: Threat Modeling & Risk Assessment

o    STRIDE, DREAD, and PASTA frameworks

o    ISO/IEC 27001 Annex A control mapping

o    Threat modeling for Ghanaian mobile banking app

·         Module 4: Secure Coding Practices

o    Input validation and sanitization

o    Authentication and session management

o    Secure error handling and logging

o    Cryptographic principles (hashing, encryption)

·         Module 5: Secure Frameworks & DevOps Integration

o    OWASP SAMM, SECO Testing Framework

o    Secure coding in Agile and DevOps

o    CI/CD pipeline security

o    Bank of Ghana directive mapping

·         Module 6: Testing & Verification

o    Static and dynamic analysis

o    Secure code review process

o    Penetration testing basics

o    Tools: SonarQube, Bandit, ZAP

·         Module 7: Maintenance & Patch Management

o    Vulnerability disclosure and patching

o    Secure deployment practices

o    Incident response basics

o    Ghanaian telco outage case study

·         Module 8: Capstone Project

o    Objective: Apply all concepts in a real-world mini project

o    Task: Build and defend a secure mini application

o    Deliverables:

§   Threat model

§   Secure codebase

§   Testing report

§   Presentation and defense