Tired of losing your development teams to multi-day training events? Are you looking for more than just a 1-time session and want training all year round?
Secure application development does not happen in 2-5 days of training. It requires dedicated, consistent involvement to help the entire development group to evolve.
DevelopSec is here to help.
Let us help drive your security training program for the entire application development team. This includes:
- Business Analysts
- Developers
- Software Testers
- Project Managers / Product Managers
Our training program is an annual subscription providing training materials, resources and live sessions. This covers the 3 critical stages of learning:
- Awareness of a concept
- Training (what to do about it
- Development (putting it to practice)
Topics that may be covered during the training:
- OWASP Top 10
- Policies and Guidelines
- Proxies
- OWASP ASVS and Testing Guide
- Secure Development
- Secure Design
The training also includes hands-on labs for the students to gain a better understanding of the topics.
Contact us to discuss YOUR training needs
Other Training Options
- Short, web-based live training sessions – Can’t lose your developers for 2-4 days straight? Want training all year long? We offer 1-2 hour training sessions via live web sessions that fit your scheduling. Not only does this provide ongoing training over a longer period of time, it is focused on a specific topic. This allows the attendees to retain more information, more often. With this type of training, you can expect to get the same amount of training typically received in a 2-4 day class, spread out over a timeline that is less intrusive to your application team. A typical training will consist of 10-12 sessions. These sessions can be scheduled based on your needs. Some clients may want to run all 12 session within a 6 week period (2 sessions a week). Others may want to run it over a 6 month period. The flexibility allows the training to work for you and help keep security in the forefront. In addition, the flexibility allows making content changes if specific needs are identified.
- Computer Based Training Modules – Want access to role specific training on demand? The computer based modules from DevelopSec are broken into consumable segments to provide the knowledge your application teams need. This is a cost effective option for providing on demand training and resource availability to your team members.
Contact us to discuss YOUR training needs
Training Focus
For Everyone
DevelopSec creates training that helps the entire application development team. This includes business analysts, developers, quality assurance, and project managers. This training is focused on building the foundations of security for the attendees. The attendees will learn what application security means, why it is important to them, and how to protect applications. The topics are explained in a way to create better understanding so the concepts can be applied in the future. We do not focus on just showing how to hack applications, instead on how attacks work and how to protect against them. Attendees will learn and understand common application security vulnerabilities, secure design considerations, and how to build security into their processes. This includes thinking about the following:
- Authentication
- Authorization
- Forgot Password Design
- Injection Vulnerabilities
- Password Storage
- Session Management
- Error Handling and Logging
- Logic Flaws
- etc.
For Developers
Developers are under extreme pressure to get functionality out to the customer. DevelopSec understands this and wants to help. Our courses for developers do not focus on teaching how to hack applications. We focus on providing the fundamentals of security to the development teams so they understand how their code and features are abused. Once they understand how features are abused by attackers, they learn to understand how they can protect their applications. The modules will cover many topics, including the OWASP Top 10. They also focus on an understanding of secure design of some common features. This includes thinking about the following:
- Authentication
- Authorization
- Forgot Password Design
- Injection Vulnerabilities
- Password Storage
- Session Management
- Error Handling and Logging
- Logic Flaws
- etc.
For QA Analysts
QA analysts may have a lot to test already, and adding security testing may be difficult. Whether it is a lack of knowledge or the myth that security testing will add too much overhead, we are here to help. We have found that introducing simple security tests into the QA cycle over times works well. It is not required to start having analysts viewing source, or running a proxy. It is important, however, that they check for simple items like password complexity and policy enforcement. You do not have to be a security expert to start building security testing into the QA cycle.
These modules help QA analysts to start understanding how to recognize where specific vulnerabilities may exist, how to start testing for them, and types of mitigations to look for.