Hackers are increasingly targeting application-level vulnerabilities. In order to mitigate this threat, steps need to be taken to improve code quality, and a critical piece of improving code quality is developer awareness of security threats and mitigation strategies.

InfoSec Institute's Enterprise Security Awareness for Software Developers highlights the important subject areas and best practices of secure coding. An emphasis is placed on the most common threats to applications, as well as language or architecture-specific remediation. There are three formats of the course available:

• Security Awareness for .NET/C#/VB developers
• Security Awareness for J2EE/Java developers
• Security Awareness for C/C++ developers

The Security Awareness Training for Software Developers includes the following modules:

• Top 10 Secure Coding Best Practices
• Securing the SDLC
• Input Validation Strategies
• Understanding Threats: Threat Modeling
• Cryptography, Hashing and Obfuscation
• Black-box Application Assessment Tools
• Shell and environment threats
• Authentication and Authorization
• Best practices for secure code reviews
• Web Service and Web 2.0 Threats

InfoSec Institute's Enterprise Security Awareness program leverages a vast store of content and training delivery methods to provide your users with an unparalleled security awareness program. The program can be comprised of some or all of the following components:

• Instructor-Led awareness sessions from three hours to two days in length.
• Hands-on lab work for technical professionals
• Interactive, self-paced, web based training.
• Individual SCORM-compliant modules that can be imported into almost any Learning Management System (LMS).
  
• Testing, exam scoring and certification of students.
• Customized awareness collateral including posters, mouse pads, pens, etc.

Instructor-Led Awareness Sessions for Software Developers:
There is no better method of security awareness knowledge transfer than an Instructor-Led Awareness Session.

InfoSec Institute instructors are considered Subject Matter Experts (SMEs), having authored many top information security books and spoken at leading conferences. Additionally, our instructors all know how to manage and engage an audience for maximum participation and knowledge transfer.

Interactive, self-paced, Web Based Training:
InfoSec Institute has developed a proprietary web-based learning portal for organizations that prefer a Web-Based Training (WBT) Security Awareness. The content of the WBT can be customized to include relevant modules for any organization. The WBT delivery method leverages significant cost savings, and allows students to train at their own pace.

Individual SCORM-Compliant Modules:
InfoSec Institute can make available any of our modules in SCORM-compliant format for input and delivery through almost any Enterprise Learning Management System (LMS). These modules can be used to augment existing content, or can be arranged in a manner most appropriate for organization's with an existing LMS.

Testing, exam scoring and certification of students:
In order to establish a ROI, many organizations will opt for the testing and certification of students participating in a Security Awareness Program. InfoSec Institute will utilize our exam portal to proctor an exam Onsite at your organization or via the Internet. We can make use of an existing exam, or, develop a new customized exam if requested.

If you are interested in learning more about our Enterprise Security Awareness Program, please contact us toll free at +1-708-689-0131 ext. 1, or directly at +1-708-689-0131 ext. 1.