Improve Secure Coding Skills
Veracode’s Application Risk Management services platform integrates web-based secure programming training modules for developers and security personnel to meet formal training and competency testing requirements. Veracode offers a turnkey training program which can be rolled out across your organization without any need for special hardware, software or travel to on-site training locations.
Courses can be taken at the user’s own pace and the platform provides usage metrics and courses completed. Students are eligible for CPE credits and implementing formal secure development training programs can help organizations comply with ISO regulations and new industry standards such as the SANS Application Security Procurement Contract Language, which is being used by the State of New York and DTCC as a pre-requisite for providing them with custom software.
Most Developers are in Need of Application Security Training and Knowledge
Veracode offers over 50 hours of eLearning content. Read more
Veracode's State of Software Security Report found that over 50% of users taking an application security fundamentals exam received a grade of C or lower. 26% received a failing grade of D or F. The exam covers knowledge of broad security concepts, including common threats, and may be taken by developers, managers, or QA testers. Considering these exam scores, it is no wonder that over 50% of applications fail to achieve acceptable security quality upon initial submission. Performance on other exams such as Secure coding for Java, Secure coding for .NET and Introduction to Cryptography didn’t fare much better.
Recommendation: Application security training and education is not a formal part of most computer science curriculums and certainly not a consistent theme in the professional development opportunities made available to technology professionals in companies. Therefore the results obtained from these exams are no surprise. Organizations are strongly encouraged to institute developer training and education programs to ensure a high competency level on application security. Take advantage of eLearning platforms to provide this training in a cost-effective and scalable manner. Close the loop on training by allowing developers to test their code using automated analysis techniques.