Security Training for Developers

ZeroDayLab’s Security Training for Developers has one clear objective: to educate software engineersto develop code with security at its heart. By educating developers in IT security best practice, youwill reduce the accidental introduction of vulnerabilities, the risk of loss of data, operationaldowntime, loss of revenue, and reputational damage.

By training your development team in the latest secure coding practices, you also will become moreefficient and bring down your overall costs by:

Changing the way developers think and increasing

their ability to identify other less obvious risks

Following industry best practice so that code has

fewer bugs overall

Reducing the need for corrective coding further

down the line

Conducting fewer penetration tests and re-tests as

fewer vulnerabilities are found

Reducing the number of incidents

As a result, you will benefit from a faster

development cycle and save money

On average, developers taking ZeroDayLab’sSecurity Training for Developers increased theirknowledge of the OWASP Top Ten - 2017 by 30%within one month, making your business’s codemore secure and less susceptible to cyber attack.

Increase your developers' knowledge of secure coding by

30% in one month

Not only will you reduce

vulnerabilities, you will also reduce

your costs

ZeroDayLab’s Security Training for Developers is based on the OWASP Top 10 - 2017, the mostrespected and recognised global indicator of critical web application security risks. Our training is acomprehensive and unique programme consisting of three levels: Online Assessment, Computer-Based Training and a Secure Coding School.

This combined approach assesses, educates and re-tests your developers’ information securityknowledge. As a result, you will be able to identify areas of strength, areas for improvement andallocate developer resource accordingly. Developers will be able to develop code with fewervulnerabilities and expand their knowledge of current threats.

A Three-Level Approach

The Online Assessment is delivered securely from ZeroDayLab’s fully managed service, in a quick andeasy manner. Our Online Assessment will identify competency levels across all OWASP Top 10Modules prior to Computer-Based Training, so that our clients benefit from understanding theirdevelopers’ baseline knowledge, competencies, and can be measured against their peer group.

Online Assessment

Online AssessmentComputer-Based

Training Secure Coding

School

Online Assessments can then be used after Computer-Based Trainingand/or after Secure Coding Schools to reinforce training, measure andreport on improvements made in developer knowledge, and toidentify further areas for training. Once your developers have finishedthe short but comprehensive Online Assessment, ZeroDayLab provideyou with excellent statistics and Management reporting to enable youto make further Education & Training decisions.

Computer-Based Training

Following on from the completion of the Online Assessment, ZeroDayLab’s Computer-Based Training isready to be implemented at any time, providing you with an easily accessible way to train and testteams, particularly across multiple business areas and multiple locations. Our interactive online portal isintuitive to use, and our engagement plan ensures maximum completion rates.

A Three-Level Approach

0 10 20 30 40 50 60

InjectionBroken Authentication & Session…

Sensitive Data ExposureXML Entities

Broken Access ControlSecurity MisconfigurationCross-Site Scripting (XSS)Insecure Deserialisation

Using Components With Known…Insuffucient Logging and Monitoring

Modular Questions Answered Correctly (%)

We deliver comprehensive reporting that measures developers’ knowledge of security risk overall andacross each of the OWASP Top-10 security risks, meaning that you can measure overall competency, aswell as competency levels for each security risk. This reporting gives you the ability to report both on ateam and individual level. We also measure your results against the average, so that you are able tobenchmark your business against industry.

Passionate About Total Security Management

• About penetration testing

• Web application hacking

• Web application hacking tools

• Open Web Application Security Project

(OWASP)

• Analysing the OWASP Top 10 with code

examples, solutions & demonstrations

• Understanding security threats

• Applying security to the web

• Defining a secure architecture

• Choosing frameworks & libraries

• Security testing & toolsets

• Hacking the OWASP Top 10

• Secure deployment

Secure Coding School

Face-to-face classroom training can be invaluable. Our expert trainers draw on a wealth of experiencegained from security projects delivered for our clients every day. The result is intensive, face-to-facetraining with specialist content designed to address the issues your organisation faces.

Many clients benefit from our Secure Coding School, having identified training needs during the OnlineAssessment and Computer-Based Training modules, while others decide to go straight to classroomtraining; every business is different. This two-day course includes hands-on workshop sessions tailoredto your business and a comprehensive set of resources to take away.

Key modules include:

A Three-Level Approach

ZeroDayLab continues to innovate and deliver new and exciting trainingthat is driven by our clients’ needs. Our award winning Education &Training portfolio is diverse and unique in the marketplace, providing ourclients with training that drives behavioural change and reduces risk,human error, and impact in the event of a cyber attack. We are proud toeducate some of the largest education companies in the world.

Your Trusted Education & Training Provider

Security Awareness Training

We believe that regular onsite staffawareness training, and bespoke executivetraining, is the only way to truly drivebehavioural and cultural change in yourbusiness. Our Security Awareness Training willembed a security culture in your business,reduce human error and increase yourresilience to cyber attack.

Security Risk Training for Agile Developers

Designed to meet demand, as Agiledevelopment continues to dominate projectmanagement. This classroom trainingeducates project teams and businessmanagers how to use methodologies thatallow for secure development. A newappreciation for security means that projectteams better plan for secure code as part ofproduct development and project delivery.

Incident Response & Runbook Training

This training is essential to help you minimisethe impact of a cyber attack on your business.We help to create and/or review your incidentresponse plan, giving you peace of mind thatyou can react quickly to minimise the impactand significantly reduce the cost of a cyber-attack. We will then stress test your planthrough scenario training that will simulate areal-life attack on your business.

Security Training for Developers: Mobile Apps

Mobile applications have become the norm.This classroom training ensures that yourmobile apps are being developed with securecode and OWASP best practice at their heart.Increasingly a must for any business with apresence on mobile, this training reducesvulnerabilities and your development costs atthe same time.

Award Winning Education & Training

Contact us to find out how we can help protect your business from cyber-attack

www.zerodaylab.com info@zerodaylab.com+44 (0)207 979 2067

Vulnerability Assessment of Desktop, Servers and InfrastructurePenetration Testing of all Internal/ExternalWeb Applications and InfrastructureBroad Security Review (Architecture and Infrastructure)Source Code ReviewsFirewall AuditsDesktop and Server Build ReviewsBlockchain Application Security AuditsDigital Forensic AnalysisSecurity Awareness ProgrammesSecurity Training for Developers - SecureCoding School, CBT, Online AssessmentPre-Breach Incident Response & Runbook Training

Phishing Resilience ProgrammesBespoke Senior Executive Security TrainingRed Team TestingPCI DSS Remediation SupportGap Analysis to ISO, PCI DSS, SSAE16(18), GDPR360° Reviews (Cyber Risk Assessment)Virtual Data Protection OfficerVirtual Information Security ManagerISO/NIST/EU GDPR Standards AlignmentInternal AuditsSERM - Supplier Evaluation Risk ManagementCyber Threat Intelligence - Deep & Dark WebProtective Monitoring (Managed SOC)Security Risk Training for Agile DevelopersZeroDayResponse - Incident ResponseReview & Digital Forensics Training

Our 4 Cornerstone Services