WebApp Sec mailing list archives

RE: Training for web developers?

From: "von Dadelszen, Nicholas (NZ - Wellington)" <nvondadelszen () deloitte co nz>
Date: Wed, 12 Nov 2003 14:26:01 +1300

Mark,

We run a half-day Secure Web Programming course in New Zealand for our
clients.  The aim is to try and get developers to think a bit more like a
hacker and look for security holes.  It is hands-on with each participant
attempting to hack into a sample application.  We generally follow the
standard OWASP principles and talk about why each issue occurs.

Half-day isn't long but it does give the developers some insight and starts
to break down standard developer mentality, which is "if it works, its
finished".

Nick von Dadelszen      
Manager, Security Services Group
Enterprise Risk Services
Deloitte Touche Tohmatsu
__________________________________________________

E-mail: nvondadelszen () deloitte co nz Deloitte Touche Tohmatsu
Phone:  +64 4 470 3587          61 Molesworth St - PO Box 1990
Fax:    +64 4 472 8023          Wellington, New Zealand
__________________________________________________



-----Original Message-----
From: Mark G. Spencer [mailto:mspencer () evidentdata com]
Sent: Monday, 10 November 2003 1:10 p.m.
To: webappsec () securityfocus com
Subject: Training for web developers?


I'm looking for recommendations on training and/or brainwashing for web
developers.  Something to indoctrinate the "web guys" in safe coding
practices, with a focus on web stuff.

Thanks!

Mark G. Spencer
Computer Forensics Examiner
EvidentData, Inc.
Web: http://www.evidentdata.com 

************************************************************
CAUTION:  This e-mail and any attachment(s) contains information that is both confidential and possibly legally 
privileged.  No reader may make any use of its content unless that use is approved by Deloitte separately in writing.  
Any opinion, advice or information contained in this e-mail and any attachment(s) is to be treated as interim and 
provisional only and for the strictly limited purpose of the recipient as communicated to us.  Neither the recipient 
nor any other person should act upon it without our separate written authorisation of reliance.
If you have received this message in error please notify us immediately and destroy this message.  Thank you.
Deloitte Touche Tohmatsu
Internet: www.deloitte.co.nz
************************************************************

Current thread:

Training for web developers? Mark G. Spencer (Nov 11)
- Re: Training for web developers? Jeff Williams @ Aspect (Nov 13)
- <Possible follow-ups>
- RE: Training for web developers? von Dadelszen, Nicholas (NZ - Wellington) (Nov 11)
  - RE: Training for web developers? Arian J. Evans (Nov 13)
  - RE: Training for web developers? Larry Smith (Nov 13)
- RE: Training for web developers? Scovetta, Michael V (Nov 13)