Developers NEED Security Awareness Training

Data security is vital in protecting your organization. Train your developers in secure coding techniques and how to recognize current threat vectors in web applications.

Why SANS

Thumbnail

Build Defensible Applications

SANS Developer Training is designed by the world’s leading experts and offers a comprehensive curriculum that covers the fundamentals in web application construction and deployment along with more advanced topics including OWASP security risks.

Teach Top Design Flaws

Healthcare providers have a big job to do in keeping patient data secure. Our training makes that easier with short training sessions offered in a variety of formats to keep learners engaged.

Satisfy PCI Compliance

Section 6.5 of the Payment Card Industry (PCI) Data Security Standard (DSS) instructs auditors to verify that processes exist that require training in secure coding techniques for developers. However, our training goes a step beyond compliance in offering secure coding techniques.

Adopt a Culture of Secure App Development

Our comprehensive training path allows every member in your developer team to shift their mindset toward delivering secure software applications no matter the complexity of the app.

Developer Security Training Protects Your Data

39 Seconds

A hacker attacks, affecting 1 in 3 individuals.

35 %

of Breaches - occur in public facing web applications.

$ 150 Million

will be the average cost of a data breach by 2020.

Security Training that Covers OWASP Top 10 Critical Web App Risks

Injection, Broken Access Control, Insufficient Logging & Monitoring - these are just a few of the OWASP top 10 topics covered in SANS Developer Training. Just as OWASP top 10 focus is on identifying the most significant web app risks for organizations, we’re committed to providing comprehensive training that negates an attacker’s entry and allows developers to build apps that protect against data breaches.

Thumbnail

Design, Code, Test with Secure SDLC

With SANS Developer Training, we clarity the challenges in continuous deployment around the Secure Software Development Lifecycle (SDLC). Teach learners what to watch for in every stage of agile development and ensure your entire team - from developers, to architects, managers and testers to create web applications in a secure environment, and where to place the best security protection for your apps.

Thumbnail

Train Web Application Security Anywhere in the World

Because our training and materials are online, you can train your team no matter where they are in the world. Roll training out following our suggested guidelines, or implement on-demand for learners to consume at their convenience. Since modules and materials are kept short and offered with regular assessments, training is effective and timely.

Thumbnail

Training Modules

Threat Awareness

  • Business Case
  • Understanding the Attacker
  • The Attack Process
  • Trust Nothing
  • Threat Modeling

Top Design Flaws

  • Defense in Depth
  • Separation of Concerns
  • Single Responsibility
  • Least Knowledge
  • Don’t Repeat Yourself

Software Development Life Cycles (SDLC)

  • Waterfall Model
  • Agile Development
  • DevOps

Classic Issues

  • Memory Inspection
  • Buffer Overflow
  • Improper Error Handling
  • Cross-site Request Forgery (CSRF)
  • Unvalidated Redirected and Forwards

OWASP Top Ten

  • Injection 
  • Authentication: Broken Authentication
  • Authentication: Session Management 
  • Sensitive Data Exposure: Insecure Cryptographic Storage 
  • Sensitive Data Exposure: Insufficient Transport Layer Protection 
  • XML External Entities (XXE) 
  • Broken Access Control 
  • Security Misconfiguration 
  • Cross-Site Scripting (XSS) 
  • Insecure Deserialization 
  • Using Components with Known Vulnerabilities 
  • Insufficient Logging and Monitoring 

Mobile

  • Insecure Data Storage
  • Unintended Data Leakage
  • Broken Cryptography
  • Client-Side Injection
  • Reverse Engineering