SANS - A Member of the Microsoft Security Development Lifecycle (SDL) Pro Network
SANS is the most trusted and by far the largest source for information security training and certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - Internet Storm Center. We are proud to be a member of the SDL Pro Network, a group of security consultants and trainers that specialize in application security and have substantial experience and expertise with the methodology and of the SDL, the industry-leading software security assurance process.
The Microsoft SDL
The Need for Application Security
Attacks are moving to the application layer and pose a significant threat to your customers and sensitive information. According to data collected by the Internet Storm Center, over 70% of attacks on networks originate in the application layer. A poorly developed application can open your system to attacks. Cyber criminals exploit the vulnerabilities that result from insecure coding:
- A 2005 FBI survey estimated the annual loss due to computer crime at $67.2 billion for U.S. organizations;
- The average cost of lost business per data breach was estimate at $6.6 million, including lost business due to customer churn as a result of negative publicity, according to a 2008 study from the Ponemon Institute.
The SDL Network was created to address the challenges developers are facing with the increasing shift of attacks to the application layer.
The SANS Software Security Institute (SSI) brings the most trusted name in information security to developers, programmers and application/software security professionals. Training for web application security and hacking, secure coding, software security testing, code review and PCI compliance:
- Web Application Security and Hacking:
- Defending Web Applications Security Essentials (DEV 522)
- Web App Penetration Testing and Ethical Hacking (DEV 542)
- Secure Coding:
- Java/JEE: Secure Coding in Java/JEE: Developing Defensible Applications (DEV 541)
- .NET: Secure Coding in .NET: Developing Defensible Applications (DEV 544)
- Secure Coding in C (DEV 543)
- PHP: Secure Coding in PHP: Developing Defensible Applications (DEV 545)
- PCI - Secure Coding for PCI Compliance (DEV 536)
- Java - Essential Secure Coding in Java/JEE (DEV 530)
- Essential Secure Coding in ASP.NET (DEV 532)
- Preparation for the CSSLP® Program
- Programmer/Developer Certification (GSSP) through our GIAC affiliate for Java, .NET and C/C++
- Free research and news resources to keep up to date with the most recent attack vectors and application vulnerabilities
SANS will work with organizations to deliver training to include the SDL via on-site classes.
SANS training is available in a variety of formats:
- Conferences with in-depth training courses lasting 2 - 6 days
- OnSite training at your company's location for groups of 15 or more
- Computer Based Training (CBT) via SANS' proprietary OnDemand system
- Live Web based training
- Local community programs for smaller markets that have a concentration of people from different organizations that would like to receive the same training
- Train the trainer - a customized programming designed for organizations that need to train 1,000 or more personnel in a very cost effective and resource efficient manner
The Security Development Lifecycle (SDL) is the industry-leading software security assurance process created by Microsoft in 2004. It led to measurable security improvements in flagship products such as Windows Vista and SQL Server. With attacks moving to the application layer, the SDL is now more accessible to every developer in order to create more secure software. Visit the Microsoft SDL Pro Network to learn more.
Microsoft is very happy to have SANS as a member of the SDL Pro Network. SANS brings seasoned security training expertise to help deliver Microsoft's SDL guidance to customers and software developers worldwide. -Steve Lipner, Senior Director, Microsoft's Trustworthy Computing Group