WhiteHat Security, an application security provider, announced this week a new “Crash Course” series of three webinars with application security engineer, Kimberly Chung, who also runs the Threat Research Center’s WhiteHat Academy.
The series complements the WhiteHat Certified Secure Developer (WCSD) program, which enrolled over 3,300 people and certified more than 500 developers in 2017 alone. Additionally, WhiteHat is offering an on-demand version of the “Security Addendum to the Twelve Factor App” based on the Twelve Factor App, a methodology that developers can apply to build software-as-a-service apps that are both scalable and maintainable in a DevOps world.
The new Crash Course training series focuses on defending against the most common and critical web application vulnerabilities, starting with secure design and coding practices. The series will help participants develop a better understanding of how to identify threats and implement defensive tactics when securing apps against exploitation.
The three-part series begins later this month (April 24) and continues with additional training webinars in May and June (May 15 and June 5, respectively).
“WhiteHat has made a major commitment to educating and training the wider security and developer community. The WCSD program, Crash Course series and on-demand technical webinars—all provided for free– demonstrate the company’s long-term commitment to supporting industry professionals and helping them fulfill their potential,” said Eric Sheridan, chief scientist at WhiteHat and leader of the WCSD program. “It’s only through education initiatives such as these that application security can be improved and the vital close cooperation between security practitioners and developers can be achieved.”
The series covers technical topics such as sensitive data exposure by providing a introduction to web application security concepts such as testing methodologies, threat modeling, the reconnaissance phase of testing and some of the most common vulnerabilities that lead to sensitive data exposure, such as: information leakage, fingerprinting, directory indexing, and server/application misconfiguration. It also caters to injection-based vulnerabilities by offering introduction to some critical injection-based vulnerabilities as described in the OWASP top 10 and walk-throughs of how these attacks play out in conjunction with social engineering. Vulnerabilities covered: improper input handling, SQL and XML injection, cross site scripting, content spoofing, and URL redirector abuse.
The series also delivers broken authentication/access control by giving an introduction to how hackers can circumvent access controls and application logic to gain access to sensitive content and functionality. Vulnerabilities covered: brute force, insufficient authorization/ authentication, insufficient session expiration, session prediction, cross site request forgery, and insufficient process validation.
The series is tailored for application developers, security analysts, architects, managers or auditors and any security professionals interested in learning how web application security is key to vulnerability management.
Security professionals can also register for the on-demand WhiteHat Certified Secure Developer (WCSD) program, available at no cost and consisting of five on-demand training webinars covering topics, including an introduction to application security for developers; applying secure design patterns to common vulnerabilities; applying secure design patterns to services and APIs; verifying secure design patterns through testing; and integrating continuous verification into the software development process.
Once again, developers who take the training webinars will also have complimentary access to WhiteHat’s eLearning course “OWASP Top Ten for Developers,” a US$500 value. Following the webinars and eLearning course, developers must take and pass a certification exam to become a WhiteHat Certified Secure Developer. A virtual badge and certificate of completion are provided to all developers who pass. So far in 2018, the program has welcomed another 900 registrants. Certification is available through September.
Also available on-demand is the webinar, “Security Addendum to the Twelve Factor App,” presented by Eric Sheridanand Sandeep Potdar, Principal Product Manager at WhiteHat Security. The webinar dives into a Security Addendum to the Twelve Factor App methodology for building software-as-a-service apps, and is written for developers and architects, providing actionable guidance on how to materially improve the state of security across each of the original Twelve Factors via a review of people, process and technology. Along with the webinar, viewers also receive a helpful Security Addendum checklist for use during app development.
Registration is currently available, and all participants will receive CPE credits for each course completed.