All, I'm looking for a one day software security awareness training class for a client. Yes, I know one day isn't enough to teach what people need to know, but I'll be lucky if I can get them to spend that long. (The initial reaction to my recommendation was "no way".)
My goal is for them to learn basics like: - How adversaries work - Types of tools (static analysis, dynamic analysis, fuzzing) - Architectural concerns (e.g., don't implement security in an uncontrolled client) - Basic code dos & don't - OWASP top 10 / SANS top 25 types of things System they're building is in Java & Flex. If you sell such training, please contact me OFF list so this doesn't become an advertisement. If you have a recommendation for a course you've taken, I'd definitely like to hear about it! Thanks, --Jeremy P.S. If geography matters, the client has distributed development between a US east coast location and a US mountain location. Open to whether training would be at one of their locations or bring their people to a site. It's only about 15 developers, so definitely not worth a custom course.
_______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________