Have you ever shown software developers the OWASP Top 10 (security vulnerabilities)? Their eyes just glaze over and they stop paying attention.
So I started thinking about better ways to teach about security defects in code. Truth is, we still have to go through the common vulnerability types. But showing how they’ve been used in real world attacks is a better way to bring the point home.
Through working with some great clients, I released a couple of great introductory courses for developers and architects. You can see the full syllabus at https://gromancg.com/offerings/education/
Why these courses?
Simply put, developers are still writing code vulnerable to attacks first seen over 20 years ago. Architects aren’t aware of simple methods for building secure reference architectures and performing threat modeling exercises.
These courses aren’t designed to change the world. But they will help empower software folks to design, build and maintain more secure code.
And the kicker is that doing so doesn’t cost any more money and shouldn’t take any extra time or effort.
It just requires some initial investment in teaching the security concepts and building the patterns into your SDLC. But the returns come pretty quickly. It may not be the same instant gratification as eating chocolate ice cream, but it’s better and healthier for you in the long run!
And if you want to learn more about the courses, or you want us to customize them to your technologies and frameworks, just schedule a time to discuss with us.