Security Awareness Training for Developers

Security Awareness Training for Developers


Why developers need security awareness training

Conducting security awareness training for everyone involved in the software development process can reduce the chances your organization will become a victim of today's data security threats. Ensure your team can properly build defensible applications from the start by deploying security awareness training for developers, architects, managers, testers, business owners, and partners.

Learn More: PCI DSS Section 6.5 compliance: Train developers in secure coding techniques

About STH.Developer Security Awareness Training

STH.Developer provides the pinpoint software security awareness training your team needs when they need it most, all from the comfort of their own desks. Application security awareness training includes over 30+ modules averaging 7-10 minutes in length to maximize learner engagement and retention. The modules cover the full breadth and depth of topics for PCI Section 6.5 compliance and the items that are important for secure software development.

Module Details

Training highlights include (full module list below):

Top Ten Web Application Vulnerabilities - Understand the importance of web application security, the risks of an insecure web application and how to combat the top OWASP vulnerabilities.

Threat Awareness - Learn what drives someone to want to attack a web application and what attackers seek to gain.

Top Design Flaws - Understand the best place to put security protections for your application and what happens when your web application contains too much complexity.

Secure Software Development Lifecycle (SDLC) - Clarify the challenges continuous deployment presents to the secure development lifecycle and various security-specific tasks for agile development.

You may watch a portion of the Awareness Training for Developers introduction video below and request a free demo here.



Security Awareness Training Modules

OWASP Top Modules
  • Introduction
  • Injection Flaws
  • Authentication
  • Session Management
  • Cross Site Scripting
  • Insecure Direct Object Reference
  • Security Misconfiguration
  • Insecure Cryptographic Storage
  • Insufficient Transport Layer Protection
  • Missing Functional Level Access Control
  • Cross Site Request Forgery
  • Using Known Vulnerable Components
  • Unvalidated Redirects and Forwards
Fundamentals Modules
  • Introduction
  • Least Privileges
  • Complete Mediation
  • Defense In Depth
  • Robust Error Checking
  • Trust Nothing
  • Economy of Mechanism
  • Openness of Design
Software Development Life Cycles (SDLC) Modules
  • Introduction
  • Waterfall Model
  • Agile Development
  • DevOps
  • Conclusion
Threat Awareness
  • Business Case
  • Understanding the Attacker
  • The Attack Process
  • Trust Nothing
  • Threat Modeling
Classic Issues Modules
  • Introduction
  • Memory Inspection
  • Buffer Overflow
  • Improper Error Handling

Free Poster

Print and hang our Securing Web Applications poster in your workplace.

Advanced Training

For more in-depth training on related developer topics, check out SANS Software Security Training.