Press Releases

WhiteHat Security Announces New Crash Course Series to Strengthen Application Security Expertise Among Developers and Security Practitioners


The new series adds to WhiteHat’s impressive line-up of educational DevSecOps training programs designed to build the essential skills that both developers and security teams need to secure the whole SDLC


Santa Clara, Calif., April 11, 2018 – WhiteHat Security, the leading application security provider committed to securing digital business, today announced a new “Crash Course” series of three webinars with application security engineer, Kimberly Chung, who also runs the Threat Research Center’s WhiteHat Academy. The series complements the successful WhiteHat Certified Secure Developer (WCSD) program, which enrolled over 3,300 people and certified more than 500 developers in 2017 alone. Additionally, WhiteHat is offering an on-demand version of the “Security Addendum to the Twelve Factor App” based on the Twelve Factor App, a methodology that developers can apply to build software-as-a-service apps that are both scalable and maintainable in a DevOps world.

Eric Sheridan, chief scientist at WhiteHat and leader of the WCSD program, commented, “WhiteHat has made a major commitment to educating and training the wider security and developer community. The WCSD program, Crash Course series and on-demand technical webinars—all provided for free– demonstrate the company’s long-term commitment to supporting industry professionals and helping them fulfill their potential. It’s only through education initiatives such as these that application security can be improved and the vital close cooperation between security practitioners and developers can be achieved.”

The new Crash Course training series focuses on defending against the most common and critical web application vulnerabilities, starting with secure design and coding practices. The series will help participants develop a better understanding of how to identify threats and implement defensive tactics when securing apps against exploitation. The three-part series begins later this month (April 24) and continues with additional training webinars in May and June (May 15 and June 5, respectively).


Technical Topics Covered

  • Sensitive Data Exposure: Introduction to web application security concepts such as testing methodologies, threat modeling, the reconnaissance phase of testing and some of the most common vulnerabilities that lead to sensitive data exposure, such as: information leakage, fingerprinting, directory indexing, and server/application misconfiguration.
  • Injection-based Vulnerabilities: Introduction to some of the most critical injection-based vulnerabilities as described in the OWASP top 10 and walk throughs of how these attacks play out in conjunction with social engineering. Vulnerabilities covered: improper input handling, SQL and XML injection, cross site scripting, content spoofing, and URL redirector abuse.
  • Broken Authentication/Access Control: Introduction to how hackers can circumvent access controls and application logic to gain access to sensitive content and functionality. Vulnerabilities covered: brute force, insufficient authorization/authentication, insufficient session expiration, session prediction, cross site request forgery, and insufficient process validation.

The series is tailored for application developers, security analysts, architects, managers or auditors and any security professionals interested in learning how web application security is key to vulnerability management.

Security professionals can also register for the on-demand WhiteHat Certified Secure Developer (WCSD) program, available at no cost and consisting of five on-demand training webinars covering the following topics:

  • An introduction to application security for developers
  • Applying secure design patterns to common vulnerabilities
  • Applying secure design patterns to services and APIs
  • Verifying secure design patterns through testing
  • Integrating continuous verification into the software development process

Once again, developers who take the training webinars will also have complimentary access to WhiteHat’s eLearning course “OWASP Top Ten for Developers,” a $500 value. Following the webinars and eLearning course, developers must take and pass a certification exam to become a WhiteHat Certified Secure Developer. A virtual badge and certificate of completion are provided to all developers who pass. So far in 2018, the program has welcomed another 900 registrants. Certification is available through September.

Also available on-demand is the webinar, “Security Addendum to the Twelve Factor App,” presented by Eric Sheridan and Sandeep Potdar, Principal Product Manager at WhiteHat Security. The webinar dives into a Security Addendum to the popular Twelve Factor App methodology for building software-as-a-service apps, and is written specifically for developers and architects, providing actionable guidance on how to materially improve the state of security across each of the original Twelve Factors via a review of people, process and technology. Along with the webinar, viewers also receive a helpful Security Addendum checklist for use during app development.


About WhiteHat Security

WhiteHat Security has been in the business of securing applications for 17 years. In that time, we’ve seen applications evolve and become the driving force of the digital business, but they’ve also remained the primary target of malicious hacks. The award-winning WhiteHat Application Security Platform is a cloud service that allows organizations to bridge the gap between security and development to deliver secure applications at the speed of business. For more information on WhiteHat Security, please visit, and follow us on TwitterLinkedIn and Facebook.


Press Contact:
Emily Gallagher

[email protected]

Ph: 512-373-8500