Everyone in the world should be cyber-aware to a basic level, but shouldn’t the developers creating applications be well versed in secure coding? There is more content available now than one can consume in a lifetime, yet comprehensive training isn’t always available or relevant to the individual’s needs.
The top 5 vulnerability classes that our teams have identified have remained constant over a long period of time:
- information leakage
- insufficient session expiration
- cross-site scripting
- insufficient transport layer protection
- content spoofing
These are pedestrian vulnerabilities that have been known for a while now – but why do they remain in the top 5? Developers are often not trained on how to write secure code that would combat these common vulnerabilities. Should organizations design a targeted developer training plan to help their developers understand how to write more secure code? Check out Volume 3 of NTT Application Security’s “Security in the Fast Lane” podcast where Setu Kulkarni and special guest, Matias Madou from Secure Code Warrior, address breaking the AppSec logjam with targeted developer training.
Also, tune in each month for the new volume of Security in the Fast Lane, where Setu Kulkarni and a special guest talk about improving security outcomes, creating a culture of security and sharing subject matter expertise.