Security Training

Tired of losing your development teams to multi-day training events?  DevelopSec offers multiple training options for the entire application team.

Developers and QA analysts cannot provide secure coding and testing if they do not have the knowledge to do so.  It is important for both groups to get quality training focused on the technologies they use.  DevelopSec is focused on providing quality training regarding application security.  We offer training tailored to your entire application development staff.

Training Options

  • Short, web-based live training sessions – Can’t lose your developers for 2-4 days straight?  Want training all year long?  We offer 1-2 hour training sessions via live web sessions that fit your scheduling.  Not only does this provide ongoing training over a longer period of time, it is focused on a specific topic.  This allows the attendees to retain more information, more often. With this type of training, you can expect to get the same amount of training typically received in a 2-4 day class, spread out over a timeline that is less intrusive to your application team. A typical training will consist of 10-12 sessions. These sessions can be scheduled based on your needs. Some clients may want to run all 12 session within a 6 week period (2 sessions a week). Others may want to run it over a 6 month period. The flexibility allows the training to work for you and help keep security in the forefront. In addition, the flexibility allows making content changes if specific needs are identified.
  • Computer Based Training Modules – Want access to role specific training on demand? The computer based modules from DevelopSec are broken into consumable segments to provide the knowledge your application teams need. This is a cost effective option for providing on demand training and resource availability to your team members.

Contact us to discuss YOUR training needs

Training Focus

For Everyone

DevelopSec creates training that helps the entire application development team. This includes business analysts, developers, quality assurance, and project managers. This training is focused on building the foundations of security for the attendees. The attendees will learn what application security means, why it is important to them, and how to protect applications. The topics are explained in a way to create better understanding so the concepts can be applied in the future. We do not focus on just showing how to hack applications, instead on how attacks work and how to protect against them. Attendees will learn and understand common application security vulnerabilities, secure design considerations, and how to build security into their processes. This includes thinking about the following:

  • Authentication
  • Authorization
  • Forgot Password Design
  • Injection Vulnerabilities
  • Password Storage
  • Session Management
  • Error Handling and Logging
  • Logic Flaws
  • etc.

For Developers

Developers are under extreme pressure to get functionality out to the customer.  DevelopSec understands this and wants to help. Our courses for developers do not focus on teaching how to hack applications. We focus on providing the fundamentals of security to the development teams so they understand how their code and features are abused. Once they understand how features are abused by attackers, they learn to understand how they can protect their applications. The modules will cover many topics, including the OWASP Top 10. They also focus on an understanding of secure design of some common features. This includes thinking about the following:

  • Authentication
  • Authorization
  • Forgot Password Design
  • Injection Vulnerabilities
  • Password Storage
  • Session Management
  • Error Handling and Logging
  • Logic Flaws
  • etc.

For QA Analysts

QA analysts may have a lot to test already, and adding security testing may be difficult. Whether it is a lack of knowledge or the myth that security testing will add too much overhead, we are here to help. We have found that introducing simple security tests into the QA cycle over times works well. It is not required to start having analysts viewing source, or running a proxy. It is important, however, that they check for simple items like password complexity and policy enforcement. You do not have to be a security expert to start building security testing into the QA cycle.

These modules help QA analysts to start understanding how to recognize where specific vulnerabilities may exist, how to start testing for them, and types of mitigations to look for.