One day software security awareness training?

[Jeremy Epstein <jeremy.j.epstein () gmail com>]

All,

I'm looking for a one day software security awareness training class for a
client.  Yes, I know one day isn't enough to teach what people need to know,
but I'll be lucky if I can get them to spend that long.  (The initial
reaction to my recommendation was "no way".)

My goal is for them to learn basics like:
- How adversaries work
- Types of tools (static analysis, dynamic analysis, fuzzing)
- Architectural concerns (e.g., don't implement security in an uncontrolled
client)
- Basic code dos & don't - OWASP top 10 / SANS top 25 types of things

System they're building is in Java & Flex.

If you sell such training, please contact me OFF list so this doesn't become
an advertisement.  If you have a recommendation for a course you've taken,
I'd definitely like to hear about it!

Thanks,
--Jeremy

P.S. If geography matters, the client has distributed development between a
US east coast location and a US mountain location.  Open to whether training
would be at one of their locations or bring their people to a site.  It's
only about 15 developers, so definitely not worth a custom course.

_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________