Secure Coding mailing list archives
One day software security awareness training?
From: Jeremy Epstein <jeremy.j.epstein () gmail com>
Date: Thu, 24 Jun 2010 09:39:03 -0400
All, I'm looking for a one day software security awareness training class for a client. Yes, I know one day isn't enough to teach what people need to know, but I'll be lucky if I can get them to spend that long. (The initial reaction to my recommendation was "no way".) My goal is for them to learn basics like: - How adversaries work - Types of tools (static analysis, dynamic analysis, fuzzing) - Architectural concerns (e.g., don't implement security in an uncontrolled client) - Basic code dos & don't - OWASP top 10 / SANS top 25 types of things System they're building is in Java & Flex. If you sell such training, please contact me OFF list so this doesn't become an advertisement. If you have a recommendation for a course you've taken, I'd definitely like to hear about it! Thanks, --Jeremy P.S. If geography matters, the client has distributed development between a US east coast location and a US mountain location. Open to whether training would be at one of their locations or bring their people to a site. It's only about 15 developers, so definitely not worth a custom course.
_______________________________________________ Secure Coding mailing list (SC-L) SC-L () securecoding org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
Current thread:
- One day software security awareness training? Jeremy Epstein (Jun 24)
- recent technical reports from the CERT Secure Coding Initiative Robert Seacord (Jun 26)