www.denimgroup.com© 2008 Denim Group, Ltd. All Rights Reserved

Self-Paced Computer Based Training (CBT)

Web Application Security Training- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Training development and security teams is critical for organizations wanting to develop securesoftware and mitigate software security risks. Until developers understand the principles ofsecure design and coding, they will not be able to build security in to their applications. Inaddition, many regulatory regimes such as the Payment Card Industry Data Security Standard(PCI DSS) require that developers be provided with secure development training. ComputerBased Training (CBT) is an excellent component of an overall education strategy.

Course Overviews- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Denim Group CBT is geared to provide the highest quality instructional experience for students.The courses include complex graphics and animations, detailed examples, and review questionsto test student comprehension.

Denim Group currently offers the following CBT courses:

Introduction to Application Security Concepts (1 hour) This course provides students with the basic concepts and terminology forunderstanding application security issues. It provides a definition of application-levelsecurity and demonstrates how these concerns extend beyond those of traditionalinfrastructure security. It also provides an explanation of common application securityvulnerabilities such as SQL injection, Cross Site Scripting (XSS) and authorizationissues. Armed with this knowledge, developers, QA testers and security personnel canunderstand and start to be able to address application-level threats.

Application Security for Java/.NET (4 hours each) Once developers understand the basics, they are in a position to start learning morespecific secure design and coding techniques. This course steps through the OWASPTop 10 as well as other common application security issues to demonstrate howapplications are compromised and the design and coding practices that can help tosecure applications from the Inside out. Versions of the course are available for bothJava and .NET so that developers learn platform-specific concerns andcountermeasures.

Threat Modeling (1 hour)Threat Modeling is a key practice for organizations wanting to design and developsecure applications as it helps to identify potential security vulnerabilities early in theprocess when they are inexpensive to fix. This course walks through the ThreatModeling process step by step so that students understand the value of ThreatModeling and can build threat models for their own systems.

www.denimgroup.com© 2008 Denim Group, Ltd. All Rights Reserved

Why Use Self-Paced CBT?- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Self-paced CBT is a valuable component of an overall training strategy.CBT is especially helpful when:

• Developer downtime associated with instructor-led classes isunacceptable.

• Organizations want to set a knowledge baseline for new hires• Developers require regular educational updates• Geographically-distributed teams make instructor-led training

impractical

Delivery Formats- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Denim Group will work with your organization to deliver the CBT in theformat that you will be best able to utilize:

• SCORM-compliant content for organizations with a LearningManagement System (LMS)

• Standalone version for companies without an LMS• Denim Group-hosted LMS for companies without an LMS (coming

soon)

Make Contact- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Finally, if you have any questions or would like to know more about howyour organization can benefit from a comprehensive strategy to secureyour applications, contact Denim Group at (210) 572-4400 or atsales@denimgroup.com.