Developer training familiarizes application developers, testers, and administrators with the methodologies necessary to create, maintain, and host secure applications. Attendees are exposed to actual techniques and tools used in industry as well as provided with hands-on experience using these techniques and tools to exploit real vulnerabilities. Training focuses on the Open Web Application Security Project (OWASP) Top 10, a broad industry consensus of the ten most prevalent and/or critical security flaws found in real-world applications. Each of the ten vulnerabilities is covered in-depth and accompanied by a lab or demonstration.
Once familiar with the OWASP Top 10, attendees are instructed on more advanced topics including vulnerability linkage theory and application defense. Vulnerability linkage is studied via case studies of real world incidents in which attackers exploited a series of simpler vulnerabilities to achieve a complex objective. Developers are also given the opportunity to execute such complex objectives in a series of challenging labs which build on the individual vulnerabilities in the OWASP Top 10. Finally, training covers application defense methodology including secure development practices, code review, software testing, and various software solutions to defend deployed applications.
Additionally, SecureState’s Developer training covers all of the vulnerabilities identified by the PCI Council as required for PCI 3.1 compliance. Developer training is not only a vital portion of any application defense strategy, but a critical component to PCI compliance efforts as well.