Press Releases

WhiteHat Security Launches Application Security Training and Certification Program for Developers


Free-of-Charge Program Combines Webinar Series and Computer-Based Training to Enable Secure Coding Practices and Accelerate Adoption of DevSecOps

Santa Clara, Calif., March 2, 2017 – WhiteHat Security, the only application security provider that combines the best of technology and human intelligence, today announced a five-part developer training webinar series and certification program that introduces developers to application security, secure coding techniques and best practices in identifying and fixing security vulnerabilities. This program is open to all developers without charge, including complimentary access to the “OWASP Top Ten for Developers” online computer-based training course for continued self-paced learning.

The WhiteHat Certified Secure Developer Program (WCSD) delivers fundamental application security knowledge in a logical sequence. Developers who complete the webinar series and pass the certification exam will receive CPE credits and certification that designates them as a WhiteHat Certified Secure Developer.

WhiteHat Security has been a leader in the application security testing market for over 15 years. Positioned by Gartner, Inc. in the ‘Leaders’ quadrant of every Magic Quadrant for Application Security Testing (AST)[1] published to date, the WhiteHat Sentinel platform covers the entire software development lifecycle (SDLC) with solutions for dynamic, static, and mobile application security testing. The company is also known for its Computer-Based Training content, which teaches secure coding, mitigation, and defensive remediation in an easy to learn, web-based environment.

“We understand that developers have a big job to do already, creating applications as fast and efficiently as possible. Building security in can be seen as additional overhead that slows things down, but there’s no reason this should be the case,” said Eric Sheridan, WhiteHat’s Chief Scientist. “The goal of our new training and certification program is to cultivate the new generation of DevSecOps practitioners and practices. With the proper training and easy access to a security solution that lives in the tools developers already use, developers can be the heroes that stop attackers from compromising an organization through its applications.”

“The move towards integrating security into DevOps and away from siloed teams focused just on security or development or operations is an important step forward in truly building security into information technology, rather than bolting it on as an afterthought,” said Scott Crawford, Research Director for the Information Security channel at 451 Research. “Given the depth and breadth of WhiteHat’s experience in application security, their new training and certification program offers a novel way for developers to learn from real-world experience in the industry. And because it’s free, engineering management doesn’t have to worry about digging into their limited education budgets to fund security training for their development teams.”

To obtain certification, developers will be required to participate in five 60-minute webinars that educate them on the most common security and open source vulnerabilities, how to apply secure design patterns to remediate vulnerabilities associated with services and APIs, application security testing methods (e.g., SAST and DAST), and how best to apply them at different stages in the SDLC. These webinars will be presented by Sheridan and a team of WhiteHat Security’s DevSecOps experts.

All developers who participate in the training webinars will also have free access to WhiteHat’s computer-based training course “OWASP Top Ten for Developers,” a $500 value. This course provides engaging and insightful explanations of specific vulnerabilities, attack methods and detailed code-level examples of potential exploits as well as remediation advice on how to secure web apps against attacks.

The first developer training webinar, Introduction to Application Security for Developers, will take place on April 4, 2017 at 11:00am PT; the remaining four webinars will take place once a month through August.

Additional information:

Gartner Disclaimer

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

About WhiteHat Security

WhiteHat Security has been in the business of securing web applications for over 15 years. Combining advanced technology with the expertise of its global Threat Research Center (TRC) team, WhiteHat delivers application security solutions that reduce risk, reduce cost and accelerate the deployment of secure applications and web sites. The company’s flagship product, WhiteHat Sentinel, is a software-as-a-service platform providing dynamic application security testing (DAST), static application security testing (SAST), and mobile application security assessments. The company is headquartered in Santa Clara, Calif., with regional offices across the U.S. and Europe. For more information on WhiteHat Security, please visit, and follow us on Twitter, LinkedIn and Facebook.

Press Contact

Doug De Orchis

(617) 897-8259

[email protected]

[1] Gartner, Inc., “Gartner Magic Quadrant for Application Security Testing” by Dionisio Zumerle, Ayal Tirosh, February 28, 2017.