Overview
Today, every business function relies on custom software applications. These applications are typically built under tremendous time pressure by internal or contracted developers to fulfill a specific business need. Organizations need to be able to trust that this software has appropriate security mechanisms to thwart attacks and that the code does not contain vulnerabilities. Even software product companies have an extremely difficult time achieving trustworthy code, and experience shows that most custom applications have far more vulnerabilities. Recent market trends show a clear pattern: organizations need an Application Security Initiative in order to achieve this level of trust in their custom-built applications.
This course will provide answers to some of the key questions you may have been challenged with:
Who Should Attend
This is the right course at the right time for any executive or manager who has decided that
secure application development is a priority. The analyst community is helping CIOs understand
just how critical the problem of insecure programming has become. For example, the Robert Francis
Group (a well-known application development analyst group) wrote:
"The lack of application security requirements and associated poor security focus in the development process can cripple business application security leading to significant revenue loss and perhaps liability claims from anyone impacted by this oversight. IT executives should review application development processes and direct development teams to build in security, rather than consider it after the application deployment."
In this two-day management session, you’ll get an industry perspective of application security, understand the key vulnerabilities to applications, be able to analyze root causes, and provide practical and proven techniques in building out an application security initiative. This course gives executives and managers the education and practical guidance they need to ensure that software projects properly address security. It provides a firm understanding of the importance of software security, the critical security activities required within the software development lifecycle, and how to efficiently manage security issues during development and maintenance. This understanding is reinforced through industry awareness, live demonstrations of commonly found application vulnerabilities, and workgroup exercises allowing attendees to conduct capability assessments and recommend improvement plans.
The intended audience for this course is:
Learning Objectives
Aspect Security has been working with development teams around the country for years to help them identify, diagnose, and address security issues throughout the application development lifecycle. Through these efforts, they have learned the key practices that development and project managers, and key support personnel must know to achieve secure applications.
Aspect’s instructors are full-time application security specialists that spend the majority of their time working with clients to secure the nation’s most critical applications. Leveraging this practical experience brings the class to life. Students will gain valuable insight into lessons learned from other development organizations. Our instructors also make themselves available to you for application security questions after the course is complete.
Aspect is a founding OWASP Member and supports several OWASP projects. In particular, Aspect conceived the OWASP Top Ten project and led the effort to build the document. We also built WebGoat, ESAPI, Stinger, and CSRFGuard and donated them to the OWASP effort. Aspect personnel assist with the management of the OWASP Foundation and help run the OWASP AppSec conference series.
Eric Sheridan is an Application Security Consultant at Aspect Security, a consulting services company specializing in application security. At Aspect Security, Eric specializes in execution of security verification assessments and the establishment of security activities throughout the development lifecycle. In addition, Eric is an instructor in Aspect's portfolio of Application Security Courses. Eric is also an active participant in the non-profit Open Web Application Security Project (OWASP), whose contributions include Stinger, CSRFGuard, and SASAP. Eric was also a featured speaker at the 2007 OWASP/WASC San Jose conference.
John Pavone is Aspect Security's Acceleration Services Practice Lead, specializing in the enablement of application security within organizations. John has been an IT professional for over 20 years. In the last 12 years, John has concentrated solely on Information and IT Infrastructure Security.
John held various security related management positions, including the chief security architect for a large financial services firm. In this role, John established an enterprise-wide IT security program utilizing a quantitative risk assessment and mitigation approach with a direct line of sight to the organization's corporate dashboard. Other major accomplishments include the development and mainstreaming of an IT risk management process, the creation of an application vulnerability testing lab, and the security design and implementation of an enterprise single sign-on and authorization system.
John holds dual degrees in Mathematics and Computer Science from West Chester University.
Early:
Ends May 1 |
Regular: |
Late: |
Late/Onsite: Begins August 1 |
USD 1800 |
USD 2000 |
USD 2200 |
USD 2500 |