.

Training recommendation for developers

<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Tue Jan 22, 2013 3:30 pm

Training recommendation for developers

Hello everyone,

It has been some time since I last posted on EH.  I am glad to see that some of the familiar faces are around. 

I was hoping to get some advice.  I am looking for training options for a developer without much security experience.  I would love something that goes over secure coding practices, especially in web applications.  The course would need to not only cover potential vulnerabilities but also present options for fixing them.  As an additional request, it would be great if the class could work as a segue into future webapp penetration testing training.

SANS is out because of their price range unfortunately.  SensePost has some good options, but they are based out of South Africa.  I am trying to find something that is either online or offered in the Southeast US. 

Thanks in advance
~~~~~~~~~~~~~~
Ketchup
<<

TAnarchy

Newbie
Newbie

Posts: 5

Joined: Sun Dec 30, 2012 7:18 pm

Post Tue Jan 22, 2013 4:49 pm

Re: Training recommendation for developers

I"m a developer, I recently began eLearnSecurity's course and found the web application section to be very informative and relatively simple to understand for someone with a development background. "The Web Application Hacker's Handbook" is also really good for learning.
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Tue Jan 22, 2013 11:33 pm

Re: Training recommendation for developers

Welcome back.

It's too bad SANS is off the table because the GWEB course is probably exactly what you're looking for.

eLearn and WAHH are great resources, and while not exactly what you're looking for, may be the closest you can get on a budget.

Also, just pick up a good development book on whatever language(s) you're interested in. Every decent one I've seen discusses security information along the way. The best way to learn something like that is to do some actual development omitting security checks and controls and then go back and add them in after you see what the impact is.
Last edited by dynamik on Wed Jan 23, 2013 1:19 pm, edited 1 time in total.
The day you stop learning is the day you start becoming obsolete.
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Tue Jan 22, 2013 11:51 pm

Re: Training recommendation for developers

Thanks everyone.  I wish I could do SANS, but I don't have the budget for it.  I am also working with someone who needs a class-room environment to maximize the results from the training.  He doesn't absorb as well from books. 

I will definitely check out eLearnSecurity to see if I can make that work. 
~~~~~~~~~~~~~~
Ketchup
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Wed Jan 23, 2013 9:02 am

Re: Training recommendation for developers

Welcome back ketchup!!

Just to be 100% clear, you are looking for a course on coding best practices and not pentesting web applications, isn't?

I searched for this a little while ago and ended up buying a few books. There aren't many classes on the topic. There are about 20 things you can do while designing systems and coding that will prevent 99% of attacks. And really, once you start to systematically filter inputs and encode outputs, things are already looking very good.

I also gave classes to my co-workers (web app developers) about security best practices. What I found is that if they don't understand the vulnerabilities, they won't understand why they have to change the way they code. For example, telling them to use prepared statements to prevent SQL injection won't do much to them unless they can see, with their own eyes, how bad SQL injection can be.

So to me, the best option is for you who knows about security, to go through a book or two and teach your team how to code securely.

Otherwise, if this is not an option, OWASP has some members that offer courses. App Sec USA will be held in NYC on November 18-21. They offer many classes on the topic for half the price of a SANS course.

You can also look at CAST, they often offer training in US: http://www.eccouncil.org/training/advanced_security_training/courses/cast-613.aspx

Good luck!
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)

Return to Security

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software