Security Aware Developer
Prevention is better than cure – creative safety workshops for application development teams
Application security maintenance encompassing only security verification and defect removal is inefficient and entails many additional costs (e.g. time devoted to removing defects or rebuilding the application) and potential troubles (e.g. undetected security errors).
If you agree that we should rather prevent and not only cure, then our approach should include all people involved in the application development process, making them aware of potential security problems and able to properly choose security measures at various levels.
This is the purpose of our workshops.
Companies that produce software for their own needs (internal development, SaaS) or their clients’ needs (software house).
For what purpose?
- Raising awareness and knowledge among programmers and project managers, architects, developers, and testers
- Making the participants interested in application security problems
- Awareness of a cause-and-effect relationship in the field of architecture and application security mechanisms
- Treatment of causes, not symptoms
- Reduction of costs related to the elimination of vulnerabilities
- Short, intensive meetings (max. 6 hrs)
- Closed groups from one company
- We discuss realistic attack scenarios involving the use of a series of security defects (kill-chain). This is to convince the participants that each element is important (defence in depth)
- Together with a group, we create ideas how to secure a given system
- Scenarios are selected according to a given client’s needs
- Finally, we indicate the security strategies discussed earlier that can be implemented in the company’s projects
- Interesting materials and additional exercises, directing the participants at safety-oriented approach
- During the training there is time to address security issues encountered by the team
- Attractive printed training materials that support the training
- Infographics describing a given problem
- Innovative methods of exercise (adhesive inserts, exercises on gadgets, etc.)
- In addition to exercises, the material contains a summary of the most important concepts, sources, and standards for application security
Benefits for the organization
- Building security awareness at every level of the team’s structure
- Triggering a bottom-up effect in accordance with the safe design idea
- Involving defensive actions into the natural pattern of the team’s work
- Lower costs of vulnerability removal
- Report for the Employer describing the security status of the application the team is involved in, as well as and ideas for improvements in the area of corporate application security gathered from the training participants
- Experienced and charismatic experts in the field of software security
- Speakers at the largest international industry events
- Practitioners implementing projects in SecuRing on a daily basics
So far we have trained over 300 participants at our Security Aware Developer workshop. Education of developers is the most frequently chosen option to complement our security tests, that’s why we have decided to include this workshop in our regular training offer.
If you would like to organize workshops in your company, let us know by filling out the form below. We will send more details.
Hold a training course
The Data Controller is SecuRing SJ with the registered office at ul. Kalwaryjska 65/6, 30-504 Kraków. I have the right to withdraw my consent at any time (by sending an e-mail to the address info@SecuRing.pl or by phone: +48 (12) 425 25 75). I have the right to access, rectify, erase or limit the processing of my personal data, the right to object, the right to file a complaint with the supervisory authority and right to transfer data. The legal basis for the processing of personal data is Article 6 (1) (a) of the General Data Protection Regulation (GDPR).
The Data Controller uses various IT solutions that allow for more efficient communication and cooperates with entities supporting it in its business and IT processes (i.e. these companies are data recipients/processors). Data are not transferred outside the European Economic Area. These companies have signed appropriate contracts for entrustment of personal data processing.