AppSec Leadership Essentials
|// july 24 - 27|
USA 2010 Weekend Training Session //July 24-25
USA 2010 Weekday Training Session //July 26-27
Today, every business function relies on custom software applications. These applications are typically built under tremendous time pressure by internal or contracted developers to fulfill a specific business need. Organizations need to be able to trust that this software has appropriate security mechanisms to thwart attacks and that the code does not contain vulnerabilities. Even software product companies have an extremely difficult time achieving trustworthy code, and experience shows that most custom applications have far more vulnerabilities. Recent market trends show a clear pattern: organizations need an Application Security Initiative in order to achieve this level of trust in their custom-built applications. This course will provide answers to some of the key questions you may have been challenged with:
- Why is application security so important?
- What are the most critical vulnerability areas to focus on and how?
- What security tools and technologies do software projects need?
- How do I establish an application security initiative in my organization?
- How can I enhance my SDLC to include security activities?
- How do I measure my organization’s progress in application security?
- How can I get my developers to care about application security?
- What teams and roles should I create to address application security?
- How do I get a handle on the security of my entire application portfolio?
- What is the most effective way of securing legacy applications?
This is the right course at the right time for any executive or manager who has decided that secure application development is a priority. The analyst community is helping CIOs understand just how critical the problem of insecure programming has become. For example, the Robert Francis Group (a well-known application development analyst group) wrote:
"The lack of application security requirements and associated poor security focus in the development process can cripple business application security leading to significant revenue loss and perhaps liability claims from anyone impacted by this oversight. IT executives should review application development processes and direct development teams to build in security, rather than consider it after the application deployment."
In this two-day management session, you’ll get an industry perspective of application security, understand the key vulnerabilities to applications, be able to analyze root causes, and provide practical and proven techniques in building out an application security initiative. This course gives executives and managers the education and practical guidance they need to ensure that software projects properly address security. It provides a firm understanding of the importance of software security, the critical security activities required within the software development lifecycle, and how to efficiently manage security issues during development and maintenance. This understanding is reinforced through industry awareness, live demonstrations of commonly found application vulnerabilities, and workgroup exercises allowing attendees to conduct capability assessments and recommend improvement plans.
Who Should Attend
The intended audience for this course is:
- Security Researchers
- Security Professionals looking to move beyond "Hacking Exposed" skills
Secondary Target Audience
- Program Managers
- Account Managers
- Functional/Resource Application Managers
- Technical Program/Project Managers (Chief Engineers)
- Key/Technical Decision Makers
Aspect will provide each student with a hardcopy of the materials and a self contained installation CD containing class labs, exercises and tools (WebScarab, WebGoat) which will be installed as part of the class and removed at the close of class.
Aspect Security: Aspect's instructors are professional software developers who have dedicated their career to application security. Our instructors spend the majority of their time working with clients to secure critical web applications using a wide variety of web application technology. This practical experience allows our instructors to have interesting discussions about real-world problems that drive home the lessons being taught. They understand the types of mistakes that are commonly made in the development and deployment of applications, products and systems. This allows us to help our clients raise awareness and knowledge regarding secure development practices.