RE: Training for web developers?

["Larry Smith" <lsmith () spidynamics com>]

Hello Mark

At SPI Dynamics we have "Web Application Security" Curriculm to address
training needs of security practitioners and web application developers.

Primarily we train our customers who are usually Web App developers or
security practitioners. We also have workshops you might be interested in.
If you'd like more information, please give me a call... or email,...
I'm always interested in narrowly defining training requirements and
developing appropriate curriculum... We are in the process of evolving our
developer workshops into formal training in 2004,,, your issues and comments
would be appreciated...

regards



Larry Smith     115 Perimeter Center Place
Atlanta, GA 30346
<http://maps.yahoo.com/py/maps.py?Pyt=Tmap&addr=115+Perimeter+Center+Place&c
sz=Atlanta,+GA+30346&country=us>
lsmith () spidynamics com <mailto:lsmith () spidynamics com>
http://www.spidynamics.com/training/    tel:    678 781 4829






-----Original Message-----
From: von Dadelszen, Nicholas (NZ - Wellington)
[mailto:nvondadelszen () deloitte co nz]
Sent: Tuesday, November 11, 2003 8:26 PM
To: 'Mark G. Spencer'; webappsec () securityfocus com
Subject: RE: Training for web developers?


Mark,

We run a half-day Secure Web Programming course in New Zealand for our
clients.  The aim is to try and get developers to think a bit more like a
hacker and look for security holes.  It is hands-on with each participant
attempting to hack into a sample application.  We generally follow the
standard OWASP principles and talk about why each issue occurs.

Half-day isn't long but it does give the developers some insight and starts
to break down standard developer mentality, which is "if it works, its
finished".

Nick von Dadelszen
Manager, Security Services Group
Enterprise Risk Services
Deloitte Touche Tohmatsu
__________________________________________________

E-mail: nvondadelszen () deloitte co nz Deloitte Touche Tohmatsu
Phone:  +64 4 470 3587          61 Molesworth St - PO Box 1990
Fax:    +64 4 472 8023          Wellington, New Zealand
__________________________________________________



-----Original Message-----
From: Mark G. Spencer [mailto:mspencer () evidentdata com]
Sent: Monday, 10 November 2003 1:10 p.m.
To: webappsec () securityfocus com
Subject: Training for web developers?


I'm looking for recommendations on training and/or brainwashing for web
developers.  Something to indoctrinate the "web guys" in safe coding
practices, with a focus on web stuff.

Thanks!

Mark G. Spencer
Computer Forensics Examiner
EvidentData, Inc.
Web: http://www.evidentdata.com

************************************************************
CAUTION:  This e-mail and any attachment(s) contains information that is
both confidential and possibly legally privileged.  No reader may make any
use of its content unless that use is approved by Deloitte separately in
writing.  Any opinion, advice or information contained in this e-mail and
any attachment(s) is to be treated as interim and provisional only and for
the strictly limited purpose of the recipient as communicated to us.
Neither the recipient nor any other person should act upon it without our
separate written authorisation of reliance.
If you have received this message in error please notify us immediately and
destroy this message.  Thank you.
Deloitte Touche Tohmatsu
Internet: www.deloitte.co.nz
************************************************************