Security Compass - A member of the Microsoft SDL Pro Network
With our technical depth, experience, and credentials, Security Compass is the industry leader in application security training and a proud member of the Microsoft SDL Pro Network, a group of security consultants, training companies, and tool providers that specialize in application security and have substantial experience and expertise with the methodology and technologies of the Microsoft SDL.
About the Microsoft SDL
The Microsoft Security Development Lifecycle (SDL) is the industry-leading software security assurance process created by Microsoft and proven effective since 2004. For more information, please visit www.microsoft.com/sdl.
Why Security Compass?
We truly believe that true application security can only be achieved by building secure applications.
-
Highly qualified instructors - Security Compass instructors are among the best in the industry. They have presented on emerging security topics at reputable conferences in North America and around the world. Security Compass instructors have also delivered courses for ISC(2) and are the developers of SANS Institute’s Secure Coding in Java/JEE and Secure Coding in .NET training courses.
-
Training for everyone - Whether you're looking to train developers in secure coding, QA Personnel in security testing, or if you're simply looking for ways to introduce security to team members, Security Compass is your one-stop shop for information security training needs. View the section below for our various training options for members from all roles of the SDLC.
-
More than just classes - Adequately training your staff on security requires more than just classes. Security Compass offers a broad range training services to aid in various other aspects. Consider our Security Awareness Campaigns, "Brown Bag Session" and Security Updates to complete your training initiative.
-
Train anywhere - With tight budgets and even tighter development timelines, we understand that finding time to attend a training session can be a challenge. That's why we offer instructor-led (on-site) classes as well as web-based (on-demand) and remote instructor-led options. These options can provide substantial savings in both time and cost.
 |
Click here for a case study of how one client benefited from our various training options. |
Training Curriculum
Our world-class trainers bring years of expertise and deep domain knowledge to the classroom and can work alongside all members of your organization’s development teams to discuss the latest security trends and best practices.
|
|
Managers and Executives |
- Understand current state of application security attacks and defenses
- Be able to weigh costs and rewards of various application security activities
- Speak to development and security staff about web application security
- See the true effects of application security on a business
- Draw links between your business decisions that affect your software and risk to your organization
|
|
SC_MGR 101: Application Security for Managers |
|
|
Requirements Analysts |
- Understand major web application security vulnerabilities
- Articulate basic defense mechanisms
- Learn how to further knowledge in particular areas of interest for application security
|
|
SC_GEN 101: Application Security Awareness |
|
|
Architects |
- Understand application security basics
- Make architecture and design decisions with security in mind
- Integrate security into detailed web application requirements
- Be able to perform threat modeling
|
|
SC_TM 101: Practical Threat Modelling |
|
|
Developers |
- Understand major web application security vulnerabilities
- Find the most common vulnerabilities in runtime testing of applications
- Analyze source code and discover vulnerabilities
- Understand a variety of defensive technologies
- Have hands-on experience in writing code to add security controls into applications
- Evaluate alternatives for application security solutions
|
|
SC_DEV 201: Secure Coding in Java EE |
|
|
SC_DEV 203: Secure Coding in .NET |
|
|
SC_SCR 101: Source Code Review for Java/JEE - PCI Compliance |
|
|
QA Personnel |
- Understand major web application security vulnerabilities
- Have hands-on experience in runtime penetration testing for the most common vulnerabilities
- Understand and use effective tools for evaluating security of web applications
- Produce high-level remediation plans
|
|
SC_WAS 101: Exploiting and Defending Web Applications |
|
|
SC_WAS_102: Web Application Security for PCI Compliance |
Total Application Security
Need help prioritizing various security activities and training initiatives? Take advantage of our popular Managed Software Security Training Program and Total Application Security Program Development services, and rest assured that your application security efforts are being spent in the right places and are in-line with the industry's best.
