All software has security bugs, yet some software is harder to hack than others. With appsec training for developers, we help custom software development companies that understand the importance of security training integrate cyber security in their development projects.
Beginner to Intermediate
Four three-hour long sessions over two weeks
Private recordings available on YouTube
English, Ukrainian or Russian
5 000 EUR (ex. VAT) for a group of 15-25 students
Software companies willing to produce secure digital solutions.
Private chat to interact with trainers during and after the course.
It is not simple to describe the need for security training in software development for one main reason: application software is all about features. Features make software products useful, and they are easy to demonstrate to customers. Unlike security, which is virtually invisible.
The obscurity of security threats is the main reason applications get hacked, leak sensitive information, and cause massive user data breaches. Any application can be hacked: from a small business mobile app to the largest Software as a Service provider in silicon valley. We help companies in the software industry learn from the best application security sources of information with a secure development training online course.
The Secure Development Lifecycle Training course covers the material recommended by the Open Web Application Security Project (OWASP) Software Assurance Maturity Model (SAMM) and goes far beyond. With this course, we help you implement five crucial Application Security practices into your Software Development Lifecycle:
Learning about security engineering principles, application security basics, and appsec practices. More about this practice.
Establishing the basis for an efficient, secure software development lifecycle. More about this practice.
Identifying application threats and defining software security requirements. More about this practice.
Learning main security issues and vulnerabilities and how to prevent them in your code. More about this practice.
Verifying security requirements, finding and fixing application security vulnerabilities. More about this practice.
The training consists of theoretical and practical sessions. All students participate in a practical Threat Modeling session and practice Security Testing and Code Review in the online labs.
We keep the audience engaged by applying hands-on training. Practical tasks keep the students excited and help them better absorb the information.
We share the knowledge we are practicing day-to-day: no theorizing or “best practice” mumbo-jumbo, only the practical stuff.
We use the OWASP SAMM in our Application Security consulting services and security awareness training for developers.
We offer the training to software development teams, so there are no specific requirements for information technology professionals.
We know how to break security, we know how to make breaking it harder, and we love sharing our knowledge. Our developer security training teaches developers how to build systems that are harder to break. After all, in the security profession, all fun comes from challenges and knowledge sharing.
Day 1
Introduction to Cyber & Application Security
Day 2
Security Architecture & Threat Modeling
Day 3
Security Testing
Day 4
Secure Development
The Developer Application Security Awareness Training is taught by the BSG appsec experts. Our tutors hold top professional certificates, excel at public speaking, and maintain up-to-date knowledge in AppSec practices. They have vast experience in cybersecurity and information technologies and were involved in projects with the most successful software companies in the world.
Co-founder & COO CISSP
BSG services, operations, and quality leader.
IT auditor and cybersecurity consultant.
Andriy is an accomplished manager with 10+ years of experience in various industry verticals. He has started his IT audit and consulting career and continued in enterprise IT and custom software development services.
Andriy has experience in leading customer relationships within the US, UK, and Western Europe geographies, responsible for distributed teams and permanent engagements of different scales.
Andriy has stood at the root of the Ukrainian cybersecurity professional community and has joined BSG to advance his contribution to the cybersecurity industry's development.
At BSG, Andriy acts the Chief Services Officer and a security consulting practice lead.
Security Consultant, Training Lead
OSCP, eWPTX, eMAPTPenetration tester. CTF game master. OWASP Kyiv chapter leader.
Serhii is an information security professional with vast experience in Application Security and Penetration Testing. He manages the full spectrum of appsec and pentesting engagements in the BSG portfolio.
As the BSG Training Lead, he is always up to date on the latest security trends and is passionate about organizing conferences and speaking publicly. He presented and volunteered at BruCON, OWASP Ukraine, NoNameCon, and TestingStage, among many others.
Serhii is fond of sports videogames and loves riding the drone and taking footage of his picturesque travels.
All of BSG's mid to senior-level professionals possess esteemed cybersecurity certifications, with a majority being OSCP-certified. These independent certifications validate our team's expertise in application security, penetration testing, and top-tier security consulting services.
Offensive Security Certified Professional, OSCP
(ISC)2 Certified Information Systems Security Professional, CISSP
ISACA Certified Information Systems Auditor, CISA
eLearnSecurity Web Application Penetration Tester, eWPTX
eLearnSecurity Mobile Application Penetration Tester, eMAPT
eLearnSecurity Certified Professional Penetration Tester, eCPPT
eLearnSecurity Junior Penetration Tester, eJPT
EC-Council Certified Ethical Hacker, CEH
Berezha Security conducted the IT training of the employees of the bank. The team explained the latest cybersecurity trends and approaches to effectively overcoming the SDLC processes in our company. We appreciate the approach of lectures to get over complex topics easily. And the vulnerabilities of desktop software applications were the most useful demonstration for them. Altogether, the team did an enormous job.
The audience remained highly engaged all the time during the workshop. The trainer's delivery radically differed from what we expected based on our observations during the selection process or after previous experience with CBT security awareness courses. As a result, the audience has learned a lot and was able to clear out every pre-existing ambiguity in the corporate security requirements and countermeasures with a professional third-party expert.
No secure application development training could avoid using materials from OWASP projects. OWASP SAMM is the main basis for this course. We use OWASP Top 10 to demonstrate the application security attack model, present the concept of risk, and introduce common application vulnerabilities. We also use other OWASP standards and guidelines in the course: Web Security Testing Guide and Application Security Verification Standard, among others.
The cost of implementing security into a software product grows with time. It is never too late, but the later you start – the more expensive it will be. Fixing security bugs in a final release is the worst, as it might require rebuilding parts of the application from scratch. Using secure development practices from the start allows fixing security vulnerabilities before they even exist.
Engineers believe that systems are secure by default. In reality, no software is completely bug-free. Securing the software requires a basic understanding of application security. And security awareness is what this course is about.
Our application security training for software developers covers the five crucial application security practices that all software development teams should follow. These practices are Application Security Training and Awareness, Secure Architecture Design, Application Threat Modeling, Security Testing, and Secure Coding. We could provide a specific secure code development training upon request.
It’s either of those. Our security experts deliver this training, and we prefer to do it in person to fully involve the students in the process. Due to the pandemic, though, we had to go online. We record all sessions, so students can review them if they missed a lesson.
This secure development training course can be delivered in English, Ukrainian, or Russian.
As it is a corporate awareness type of training, we do not provide a final test or certificate. Instead, we prepare a course completion report that attests that the development team has attended the training. This attestation is usually enough to provide to an inquiring third party.
The course has five sessions, two to three hours each. We prefer to span two weeks: we have three classes in the first week and two sessions during the second. We recommend our clients schedule the training in the morning hours for better team productivity.
