Do you incorporate security in your Software Development Life Cycle (SDLC)? Security training is a key component of SDLC. Various compliance standards such as the Payment Card Industry (PCI) Data Security Standard (DSS) require the security training of the developers.
Bright Axis uses industry-proven, hands-on training that can help your developers be trained in security so that the applications they develop do not have the most common security vulnerabilities. It is believed that this single investment bears the best effect of all security investments.
Bright Axis instructors have extensive experience conversing with the developers and understand the issues they face in fixing vulnerabilities. Open Web Application Security Project (OWASP) Top 10 vulnerabilities are the most commonly found vulnerabilities in the web applications. Bright Axis will help educate the developers in a 1-day to 3-day training modules that will be custom developed for your organization and delivered in your office location.
The students are given hands-on training about what various vulnerabilities are and how they can test their code on their own for such vulnerabilities.
The current OWASP Top 10 list (for 2010) is as follows:
• A1: Injection
• A2: Cross-Site Scripting (XSS)
• A3: Broken Authentication and Session Management
• A4: Insecure Direct Object References
• A5: Cross-Site Request Forgery (CSRF)
• A6: Security Misconfiguration
• A7: Insecure Cryptographic Storage
• A8: Failure to Restrict URL Access
• A9: Insufficient Transport Layer Protection
• A10: Unvalidated Redirects and Forwards