Developers NEED Security Awareness Training
Data security is vital in protecting your organization. Train your developers in secure coding techniques and how to recognize current threat vectors in web applications.
Build Defensible Applications
SANS Developer Training is designed by the world’s leading experts (link to experts page) and offers a comprehensive curriculum that covers the fundamentals in web application construction and deployment along with more advanced topics including OWASP security risks.
Teach Top Design Flaws
Healthcare providers have a big job to do in keeping patient data secure. Our training makes that easier with short training sessions offered in a variety of formats to keep learners engaged.
Satisfy PCI Compliance
Section 6.5 of the Payment Card Industry (PCI) Data Security Standard (DSS) instructs auditors to verify that processes exist that require training in secure coding techniques for developers. However, our training goes a step beyond compliance in offering secure coding techniques.
Adopt a Culture of Secure App Development
Our comprehensive training path allows every member in your developer team to shift their mindset toward delivering secure software applications no matter the complexity of the app.
Developer Security Training Protects Your Data
A hacker attacks, affecting 1 in 3 individuals
of Breaches - occur in public facing web applications
will be the average cost of a data breach by 2020
Security Training that Covers OWASP Top 10 Critical Web App Risks
Injection, Broken Access Control, Insufficient Logging & Monitoring - these are just a few of the OWASP top 10 topics covered in SANS Developer Training. Just as OWASP top 10 focus is on identifying the most significant web app risks for organizations, we’re committed to providing comprehensive training that negates an attacker’s entry and allows developers to build apps that protect against data breaches.
Design, Code, Test with Secure SDLC
With SANS Developer Training, we clarity the challenges in continuous deployment around the Secure Software Development Lifecycle (SDLC). Teach learners what to watch for in every stage of agile development and ensure your entire team - from developers, to architects, managers and testers to create web applications in a secure environment, and where to place the best security protection for your apps.
Train Web Application Security Anywhere in the World
Because our training and materials are online, you can train your team no matter where they are in the world. Roll training out following our suggested guidelines, or implement on-demand for learners to consume at their convenience. Since modules and materials are kept short and offered with regular assessments, training is effective and timely.
Customizable Training Modules
OWASP Top Modules
- Injection Flaws
- Session Management
- Cross Site Scripting
- Insecure Direct Object Reference
- Security Misconfiguration
- Insecure Cryptographic Storage
- Insufficient Transport Layer Protection
- Missing Functional Level Access Control
- Cross Site Request Forgery
- Using Known Vulnerable Components
- Unvalidated Redirects and Forwards
- Least Privileges
- Complete Mediation
- Defense In Depth
- Robust Error Checking
- Trust Nothing
- Economy of Mechanism
- Openness of Design
Software Development Life Cycles (SDLC) Modules
- Waterfall Model
- Agile Development
- Business Case
- Understanding the Attacker
- The Attack Process
- Trust Nothing
- Threat Modeling
Classic Issues Modules
- Memory Inspection
- Buffer Overflow
- Improper Error Handling