Press Releases
SECURITY INNOVATION UNVEILS
"CREATING SECURE CODE FOR WEB APPLICATIONS
IN JAVA” E-LEARNING
Wilmington, MA - February 19, 2008 -
Security Innovation, an authority on application security and a leading
independent provider of risk assessment, risk mitigation and training
services, today announced the release of its e-learning course “Creating
Secure Code for Web Applications in Java.” This course targets
developers working on Java Web applications to start coding more
securely and identify issues in already existing code. As a result,
organizations can keep training costs down, while improving the speed
and quality of secure software development.
“Creating Secure Code for Web Applications in Java” is a Web-browser
based system with full start/stop functionality. The course features 13
best practices, each containing labs or simulations to present the
content, and a collection of quizzes to gauge what students have learned
along the way. The principles are focused on conducting specific
development activities like performing input and output validation or
following auditing and logging procedures. This allows developers to
focus on specific objectives and refer to the course repeatedly, while
conducting specific security activities.
“Poor security processes during the software development life cycle are
a significant barrier to developing and deploying secure applications,”
said Melinda Ballou, program director for Application Life-Cycle
Management Service at IDC, a leading research and advisory company
headquartered in Framingham, Mass. “User education, combined with
effective content for security best practices, is a key step to creating
more effective behavior for developers. Uniting intuitive training with
security processes for various application lifecycle
phases—requirements, design, development, test and deploy—is what the
industry is demanding to protect key business software as hackers move
up the application stack.”
“Many organizations need effective training programs that educate their
development teams on application security,” said Ed Adams, CEO of
Security Innovation. “Most security vulnerabilities in a product can be
tracked back to the coding phase. Programmers need to be educated on how
to write secure code, yet they face tight budgets and strict time
constraints. “Creating Secure Code for Web Applications in Java”
e-learning enables organizations to train their teams efficiently and
economically. This can be a regular training course that you go through
once, but can also be consulted on a daily basis as a refresher.”
Each training module is fully indexed so users can find precisely the
help they need easily. Users can also pause, fast forward and rewind
within any module or lab to ensure full comprehension of the material,
and there are myriad questions throughout each module to allow for
self-assessment. Additionally, there is a summary of best practices at
the end of each module, which developers can use as a checklist.
“Creating Secure Code for Web Applications in Java” is the second
e-learning course offered by Security Innovation and complements the
“How to Break Software Security” title.
The “Creating Secure Code for Web Applications in Java” e-learning
course is comprised of the following 13 modules:
Coding Principle 1 - Perform Input Validation
Coding Principle 2 - Perform Output Validation
Coding Principle 3 - Err and Fail Securely
Coding Principle 4 - Practice Defense in Depth
Coding Principle 5 - Handle Sensitive Data with Care
Coding Principle 6 - Compartmentalize Users, Data, and Processes
Coding Principle 7 - Follow the Account Management Policy in Place
Coding Principle 8 - Follow the Audit and Logging Procedure in Place
Coding Principle 9 - Implement the Principle of Least Privilege
Coding Principle 10 - Keep an Open and Simple Design
Coding Principle 11 - Limit the Number of Entry Points to Your
Application
Coding Principle 12 - Do Not Reinvent the Wheel
Coding Principle 13 - Do Not Reveal Too Much Information
Pricing and Availability
The “Creating Secure Code for Web Applications in Java” e-learning
course is currently available and includes unlimited use by a single
user. Pricing starts at US $1,495 per seat. Team and site licensing are
also available. For more information on Security Innovation’s e-learning
and other courseware see http://www.securityinnovation.com/services/education/
or contact sales at 978.694.1008 x24.
About Security Innovation
Security Innovation, Inc. is an independent application security
firm that offers education, risk assessment and risk mitigation
solutions to Fortune/Global 500 and enterprise IT organizations.
Leading companies such as Adobe, Cisco, Fidelity, IBM, ING, HP,
Microsoft, VISA, SAP, Symantec, VeriSign and government agencies,
rely on Security Innovation’s expertise to gain confidence in the
security of applications they build and/or acquire, and facilitate
the technology, process and management change necessary to mitigate
security risk. The company is headquartered in Wilmington, Mass.,
with offices in Amsterdam, The Netherlands and Seattle, Wash. For
more information about Security Innovation, visit
www.securityinnovation.com or call +1.978.694.1008.
Contacts
Davida Dinerman or Nicole Glidden
Schwartz Communications, Inc.
(781) 684-0770
sisecure@schwartz-pr.com
