You would never build your office without doors and locks to protect your company’s property, right? Most companies don’t provide formal training to their software development teams. More than 1,000 software vulnerabilities exist today that allow attackers to exploit applications. Developers cannot be expected to know how to thwart these risks. As a result, developers can unknowingly leave openings, providing hackers access your company’s assets.
Current Standards & Practices
In response to increasing security concerns, organizations and standards have been developed to provide guidance and structure around best practices for writing secure code.
Founded in 2006, the PCI Security Standards Council creates and maintains the standards for payment card data security. If your organization processes, stores or transmits cardholder information, you are required to comply with these standards—particularly PCI DSS or the Data Security Standard. The DSS provides a framework for prevention, detection and reaction to security breaches.
The Open Web Application Security Project (OWASP) brings together application security experts from around the world to raise awareness and create documentation around application security. Additionally, the organization produces the OWASP Top Ten list, which outlines the most critical web application security flaws.
Get Started Writing Secure Code
A commitment to secure code involves more than just the software developers. IT managers, quality assurance teams (i.e. testers), and web architects should all be well-versed in current standards and best practices. Before beginning your training initiative, it is important to get buy-in from all these parties and establish clear, measurable goals for the program.
As with any training program, you don’t want to overwhelm your learner with too much information. Short lessons are easy to digest and increase the likelihood the information will be retained. Additionally, shorter, spaced out lessons allow learners time to apply the knowledge in a real-world environment. eLearning courses are ideal for this type of delivery, since students can decide what, where and when to learn.
Aspect Security offers a comprehensive application security online training program that satisfies the compliance requirement for PCI/DSS Awareness Training and covers the OWASP Top Ten 2013. In fact, Aspect is a founding member of OWASP and authored the original Top Ten. Their three-part training series (17 hours total) builds a learners knowledge over time. This ensures your developers understand not only how to write secure code, but the importance of the standards themselves. Learning is reinforced with periodic quizzes and a final knowledge check in every module. Students are encouraged to print out their certificates of completion and submit them to ISC(2) to obtain CPEs.
Part One – The Awareness Series
Introduces security principles relevant to high-level control areas such as: Input Validation; Access Control; Authenticating Users; Protecting Sensitive Data, and much more.
- 11 modules
- Does not require prerequisite knowledge
Part Two – The Technical Series
The OWASP Top Ten 2013, the SANS Top 25, and many other CWEs are addressed. Each of the modules in this series provides an overview of the vulnerability area and details the most common attacks. The most efficient testing techniques for this area are presented as well as the most cost-effective prevention and remediation techniques.
- 38 modules
- Basic understanding of web applications required
Part Three – The Specialist Series
Teaches how to create threat models and architecture diagrams to make the need for security controls clear. Learners will be able to translate those into a set of requirements that can be verified using a variety of testing techniques. When a requirement is not met, learn how to handle it using a structured risk management process.
- 7 modules
For the cost of the courses and two days of employee’s time, your development teams will learn how to create secure code.
Plus, now through February 25, Aspect Security is offering TWO deals for their bundles:
The Awareness Series of 11 modules is offered for: $231.00 per user (30% off).
The OWASP Top Ten 2013 & PCI/DSS 3.0 Bundle is offered at: $136.50 per user (30% off).
These deals are available for a limited-time only. Start learning today!