Secure Coding with the OWASP Top 10 2017 is a secure coding training course, written by experts and designed to give developers the tools they need to create software that is hardened against the most popular means of attack.
Hackers look to exploit the logic flaws, bugs, and defects that may be present in web applications, web sites, and web services used by an organization. The best means of fighting back against these attacks is for developers to design and build software that follows secure coding guidelines and avoids common security vulnerabilities that may be used to gain access to one of the most valuable assets a company has – its data.
The award winning course is built on three important standards:
- Open Web Application Security Project (OWASP) Top 10 2017
- CIA (Confidentiality, Integrity, and Availability) Triad
- Six Pillars of Application Security (AppSec)
The course provides an introductory module which sets the foundation of the course and the developer’s role in organizational security. Ten modules, each devoted to one of the OWASP Top Ten 2017 risks, provide detailed explanations of the vulnerabilities and why they exist and is accompanied by thought-provoking scenarios and custom images that focus on the fundamental problems and their solutions. The course includes real-world examples and focuses on recommended standard application security requirements. It also examines the use of emerging technologies and their particular vulnerabilities, such as cloud computing, APIs, Internet of Things (IoT), mobile application development and blockchain.
Unlike most courses in secure coding practices, this 6-hour secure coding training can be taken at work, at the learner’s own pace, and will challenge new and senior developers alike. It includes a downloadable PDF booklet of prevention and mitigation strategies for each risk and additional recommended resources. This booklet can be used for continuing education such as researching details for a specific programming language, planning additional internal training, or even investigating the cause of and best solutions for a breach.
Upon completion of the course, learners will be able to:
- Describe each of the OWASP Top 10 2017 risks and the common activities that might lead to the introduction of these vulnerabilities
- Explain how the issues can be exploited, as well as the security vulnerabilities they create for both standard and emerging technologies
- Identify how the OWASP Top Ten 2017 framework helps to address secure coding requirements for common cybersecurity protocols/frameworks (PCI, NIST, etc.)
- Describe various methods of mitigating or preventing each risk and download a comprehensive job aid for easy post-training reference
- Identify resources for gaining additional information useful in identifying, mitigating and repairing problems caused by the OWASP Top 10 2017 issues
This training supports compliance with NIST, ISO 27001, ISO 27034, ISO 27002, CIS, Sarbanes Oxley Section 404, PCI-DSS, HIPAA and GDPR.