Blog

Security Training for Developers

by Albin Eldstål-Ahrens 2022-12-09

At Assured, we have experience in a wide range of areas within IT security. Our day-to-day services include penetration tests, network infrastructure tests, cloud security assessments, threat landscape assessments and code reviews. Our consultants regularly assist customers in securing their software, infrastructure, products and assets.

Security work is essential in all parts of the software development life cycle, from specification and design through testing and deployment. The sooner a security issue is identified, the easier and less expensive it becomes to rectify. For this reason it is important and beneficial to introduce a security mindset and awareness into the early stages of the development cycle. Ideally, designers and developers should be given the tools and experience needed to make the right decisions during development.

To help achieve this type of capability within your organization, Assured offers a range of training seminars and workshops. The aim of these offerings is to plant a seed of security awareness in development organizations, and kick start internal efforts to maintain a strong security posture. We have recently launched several course options, available to mix-and-match in the way best suited to your needs 😍.

OWASP Top 10 Vulnerability Rundown

In this half-day activity, we present each category of the OWASP Top 10 list of security risks. You will gain an understanding of: what these risks and vulnerability classes are; how they occur; how to identify them; and learn about best practices to mitigate or prevent them in your own products. Our instructors will demonstrate how these flaws can be found and exploited by an attacker.

After taking part in this workshop, each participant will have a greater sense of what types of vulnerabilities exist and where they most often appear.

Penetration Test Methodology

This presentation gives an overview of the anatomy of a penetration test. You will learn about the phases of a pentest from Reconnaissance to Report, as well as the purpose and structure of each.

After this seminar, participants will have a general understanding of the pentester's mindset, and be well on their way to organizing their own internal security tests.

Security Breach History

An hour-long journey through real-life security incidents. Entertaining tales of breaches, detection, incident response and the aftermath. Learn how the intrusions happened and how they were handled.

Capture The Flag

Get your hands dirty (figuratively) in a realistic software environment! Try out the tools of our trade and don the hat of the attacker. We demonstrate the most common and useful tools for web application security testing. We then provide you with a web application which suffers from a wide variety of security vulnerabilities. Our instructors help you with tips, advice and experience. We show you the tools we use in our engagements and how to use them for great effect on a live application.

This half-day exercise session will let you explore the excitement and challenge of a web pentest under professional supervision. Collaborate or compete with your colleagues, share your findings and grow your offensive strength.

We recommend starting with the OWASP Top 10 Vulnerability Rundown to give you a firm foundation of the vulnerability spectrum, and prepare you for the exercise.

Hack Yourself

Put your new-found security skills to the test on your own software!

This half-day workshop starts with an orientation and brainstorming session, where we map out the architecture of an application of your choice. Our instructors help you build an understanding of where security issues may form, raise relevant questions and identify good places to start looking.

After the orientation you perform a penetration test of your own, guided by our instructors. We help you find the tools to test the security of your software, either from a white-box (source code, server access, full insight) or a black-box (seeing only what an external attacker would see) perspective. We assist your developers in a bug hunt, all the way from suspicion to vulnerability to reporting.

This workshop gives developers a unique new perspective on their own products, looking through the eyes of an attacker. We recommend starting with the OWASP Top 10 Vulnerabilities Rundown and our presentation on Penetration Test Methodology, to set the stage for your own success during the practical engagement.

After taking part in this workshop, participants will have hands-on experience with tools and techniques used by pentesters and real-life threat actors alike to evaluate and compromise a live application environment. You may even be fortunate enough to find your own critical vulnerabilities before anyone else does! 😊


Read more information on our training, workshop and presentation offers or contact us us to inquire.