What is OWASP Top 10 Training?
Developers are typically trained in writing secure code through an annual slide presentation covering the OWASP Top 10. Yet such presentations have limited impact since people are unable to fully internalize and understand the security issues and to avoid the problems in practice. Barring proper training, developers will continue to write insecure code, which can be costly for a business if vulnerable code gets exploited.
How does it work?
Syndis offers an intensive hands-on training, pedagogically teaching developers to spot and to exploit OWASP Top 10 issues by themselves, developing a rigorous understanding and knowledge of the issues. Based on this firsthand exposure, developers learn how to prevent such issues in practice.
The training greatly increases the security awareness of the developer, as they both know how to spot and exploit issues in a real-world setting at the workplace, and to fix the issues the right way, which can often be a difficult process.
Why is it relevant?
In order to decrease the likelihood of a breach resulting from insecurely written code, developers must be taught about common vulnerabilities and how to avoid them. By making the experience hands-on, rather than a simple hands-off presentation once a year, developers obtain a much deeper understanding of the issues that they can apply in their work.
WHAT TO EXPECT
Hands-on lab assignments
Training with local knowledge
Connecting the OWASP issues with real events
Focused on how things work and testing and exploiting issues
More engaging than a simple presentation, centered on many exercises with real-world vulnerabilities for people to exploit
Entertaining for developers, with exercises presented in a capture-the-flag style