WebApp Sec mailing list archives

Re: Training for web developers?

From: "Jeff Williams @ Aspect" <jeff.williams () aspectsecurity com>
Date: Wed, 12 Nov 2003 10:11:33 -0500

Mark,

We offer a two day course (at your facility) specifically focused on
changing the way developers think about writing code.  We start by teaching
how HTTP really works, something many web developers don't fully understand.
The course includes many hands on exercises and tools to help developers
realize that their code is easy to trick into doing unintended things. We go
far beyond the OWASP Top Ten, and include many other common vulnerability
areas. We use examples from many programming languages, especially Java, to
explain how these vulnerabilities happen.

--Jeff

Jeff Williams
Aspect Security
http://www.aspectsecurity.com



----- Original Message ----- 
From: Mark G. Spencer
To: webappsec () securityfocus com
Sent: Sunday, November 09, 2003 7:09 PM
Subject: Training for web developers?


I'm looking for recommendations on training and/or brainwashing for web
developers.  Something to indoctrinate the "web guys" in safe coding
practices, with a focus on web stuff.

Thanks!

Mark G. Spencer
Computer Forensics Examiner
EvidentData, Inc.
Web: http://www.evidentdata.com

Current thread:

Training for web developers? Mark G. Spencer (Nov 11)
- Re: Training for web developers? Jeff Williams @ Aspect (Nov 13)
- <Possible follow-ups>
- RE: Training for web developers? von Dadelszen, Nicholas (NZ - Wellington) (Nov 11)
  - RE: Training for web developers? Arian J. Evans (Nov 13)
  - RE: Training for web developers? Larry Smith (Nov 13)
- RE: Training for web developers? Scovetta, Michael V (Nov 13)