Developers NEED Security Awareness Training
Data security is vital in protecting your organization. Train your developers in secure coding techniques and how to recognize current threat vectors in web applications.
Build Defensible Applications
SANS Developer Training is designed by the world’s leading experts and offers a comprehensive curriculum that covers the fundamentals in web application construction and deployment along with more advanced topics including OWASP security risks.
Teach Top Design Flaws
Healthcare providers have a big job to do in keeping patient data secure. Our training makes that easier with short training sessions offered in a variety of formats to keep learners engaged.
Satisfy PCI Compliance
Section 6.5 of the Payment Card Industry (PCI) Data Security Standard (DSS) instructs auditors to verify that processes exist that require training in secure coding techniques for developers. However, our training goes a step beyond compliance in offering secure coding techniques.
Adopt a Culture of Secure App Development
Our comprehensive training path allows every member in your developer team to shift their mindset toward delivering secure software applications no matter the complexity of the app.
Developer Security Training Protects Your Data
A hacker attacks, affecting 1 in 3 individuals.
of Breaches - occur in public facing web applications.
will be the average cost of a data breach by 2020.
Security Training that Covers OWASP Top 10 Critical Web App Risks
Injection, Broken Access Control, Insufficient Logging & Monitoring - these are just a few of the OWASP top 10 topics covered in SANS Developer Training. Just as OWASP top 10 focus is on identifying the most significant web app risks for organizations, we’re committed to providing comprehensive training that negates an attacker’s entry and allows developers to build apps that protect against data breaches.
Design, Code, Test with Secure SDLC
With SANS Developer Training, we clarity the challenges in continuous deployment around the Secure Software Development Lifecycle (SDLC). Teach learners what to watch for in every stage of agile development and ensure your entire team - from developers, to architects, managers and testers to create web applications in a secure environment, and where to place the best security protection for your apps.
Train Web Application Security Anywhere in the World
Because our training and materials are online, you can train your team no matter where they are in the world. Roll training out following our suggested guidelines, or implement on-demand for learners to consume at their convenience. Since modules and materials are kept short and offered with regular assessments, training is effective and timely.
- Business Case
- Understanding the Attacker
- The Attack Process
- Trust Nothing
- Threat Modeling
Top Design Flaws
- Defense in Depth
- Separation of Concerns
- Single Responsibility
- Least Knowledge
- Don’t Repeat Yourself
Software Development Life Cycles (SDLC)
- Waterfall Model
- Agile Development
- Memory Inspection
- Buffer Overflow
- Improper Error Handling
- Cross-site Request Forgery (CSRF)
- Unvalidated Redirected and Forwards
OWASP Top Ten
- Authentication: Broken Authentication
- Authentication: Session Management
- Sensitive Data Exposure: Insecure Cryptographic Storage
- Sensitive Data Exposure: Insufficient Transport Layer Protection
- XML External Entities (XXE)
- Broken Access Control
- Security Misconfiguration
- Cross-Site Scripting (XSS)
- Insecure Deserialization
- Using Components with Known Vulnerabilities
- Insufficient Logging and Monitoring
- Insecure Data Storage
- Unintended Data Leakage
- Broken Cryptography
- Client-Side Injection
- Reverse Engineering