Security education is on everyone’s radar. Last year, we asked five hundred of our customers what their priorities were for 2017. We included options like source code analysis, mobile applications, expanding their business to new locations, new development languages, and AppSec training. 82 percent of the respondents said that their number one priority was going to be security training and education. Talk about a majority rule!
Further, developer education figured heavily in many of the free-text comments when we asked what their biggest challenges were in building an AppSec program or implementing secure DevOps processes. Some of my favorite quotes from the anonymous survey:
“The challenge of Application Security is in development and training, and helping developers to understand security.”
“Educating the developers to see application security as a competitive advantage and not as a roadblock to their code writing.”
“Educating the dev manager to see SDLC as a necessity to stay competitive, and to be champion of security throughout the SDLC to the development team.”
“Our biggest challenge in AppSec is educating and motivating developers.”
WhiteHat Learning Labs brings application security training resources to all
Training can be expensive. The line item for individual training covers both general education and vendor-specific classes. But who picks up the tab for that? Which budget items are first to go?
Our aim in creating the Learning Labs is to help everyone – developers, security practitioners, and executives – understand the risks in all applications, help IT staff understand how application security fits into their wider security ecosystem, and help teach developers how to write more secure code to make business safer for customers. We’re here to help you find:
- Online Training for Managers and Developers (including a secure coding certification program)
- The OWASP Top 10 Vulnerabilities
- Technical Webinars on How to Build a More Secure Application
- A Glossary of Terms and Common Usage
- Other Focused Educational Materials by Role – executives, too!
- FAQs and Blogs
Secure DevOps Education is the way to go
Cloud, web, and mobile applications power the digital transformation. Website applications, back-end supply chain applications, and mobile applications all have unique challenges and common mistakes in implementation that can be perpetrated due to insufficient awareness.
Education and knowledge are a real challenge. Managers need to understand what vulnerabilities exist, what could happen if they are exploited, and how to prioritize their budget and team efforts at remediation. Developers want to get it right the first time, to avoid re-work, and to acquire more job skills that keep them competitive in the market. Executives need to understand industry trends and learn AppSec topics to know what risks are possible as well as their likelihood – and they need the lexicon to explain these to the board.
WhiteHat has been a pioneer in the AppSec space for sixteen years, and has accumulated data, topical knowledge, documentation, webinars, and educational opportunities, which we’ve curated for you. Knowledge about AppSec vulnerabilities, threats, and best practices can define the difference between replicating the same problem across multiple sites versus building secure applications by design.
Drop on by, and check out our links!