Secure development training

 
kkk.png
 

Secure Development Training

Sharpen your developers’ skills and prevent the most prevalent security-related coding mistakes

With Improsec’s Secure Development Training, developers are taught the “hacker mindset” and brought up to speed on the most prevalent coding mistakes that may compromise the confidentiality, integrity or availability of systems, while still in the early development stages.

Bugs found during the early stages of the software development life cycle are often trivial or near-trivial to remediate. The cost of remediation increases, as the codebase matures and substantially climbs after deployment to testing environments and ultimately production. Remediation efforts may then cause downtime of the system or adjacent systems, often resulting in a substantial cost.

Value

  • Sharpen your developers’ skills and prevent the most prevalent security-related coding mistakes

  • Increase the knowledge about secure coding and challenge your developers’ lateral thinking skills

  • Lower your remediation costs, by detecting security issues before they go into production

  • Developers are provided with real-world security tools and taught how to use them in new creative ways

  • Your developers’ ability to read and analyze source code is improved through Improsec’s challenging real world examples

Product

The training session can be tailored according to your organization’s needs and demands. Our standard training sessions are structured as follows:

 

  • Two days of training

  • Each student is provided with a bootable USB disk containing a customized Kali Linux distribution packed with course material, including exercises and slides - the students may keep the USB disk after the course

The OWASP Top 10 most prevalent issues are the basis of our training sessions. Improsec offers two variants of the course:

 

  1. Web application oriented training: Students are taught with an emphasis on finding vulnerabilities by runtime testing and subsequently exploitation.

  2. Source code review oriented training: Students are taught to find vulnerabilities by teaching them a structured methodology to read and analyze source code, in either C# or Java.

Method

The training consists of several modules, where half of the time is spent on theoretical discussions and the other half on practical exercises.

During the exercises, the students are paired up working together on one laptop, forcing them to cooperate to solve the exercises.

Involvement

The course can be held at the customer’s premises or at a location provided by Improsec.

Students bring a laptop that can boot from USB. The duration of the course is typically two days.


 
 

Download full description as PDF file