Security Coaching 2017-10-26T15:09:12+00:00

Security Coaching

Security Coaching and Training Solutions Tailored to Your Needs

By coaching your teams T&VS can provide them with the knowledge they require to start incorporating security throughout the project life-cycle and focus on delivering applications that do what you want them to, while stopping attackers doing what they want to.

The T&VS security coaching solution is tailored to the needs of the individuals in your project teams without disrupting your current development schedules by sending them away on abstract training courses, keeping your teams working productively while they acquire the skills required to Design, Code and Test applications that are resilient to attack.

The Design Problem

Design flaws account for 50% of software security issues (IEEE Centre for Secure Design).

The T&VS Solution

Introduce security coaching for architects, analysts, and project managers. Review and make recommendations with regard to the SDLC process, policies, standards, threat modelling, and design specifications for trust, authentication, access control, validation, cryptography, data, usability, component integration, and maintenance.

The Benefits

  • Architect it right from the start.

The Coding Problem

The Massachusetts Institute of Technology Research (MITRE) has identified 700 kinds of software security weakness, yet 60% of developers are not concerned about security. 96% of applications contain vulnerabilities with a median of 14 per application (Cenzic).

The T&VS solution

Introduce secure code and database coaching for technical leads, developers, and DBAs. Review and make recommendations with regard to:

  • Static and dynamic scanning for vulnerabilities
  • Manual code inspection
  • Reviews of technical controls for authentication, authorization, session management, input validation, output encoding, error handling, deployment, patching, and cryptography
  • Reviewing code for vulnerabilities (buffer overflows, OS injection, SQL Injection, data validation and protection, cross-site scripting, cross-site request forgery, logging, session integrity, race conditions)
  • Database security
  • File management
  • Memory management
  • Reviewing framework-specific issues
  • Coding self-aware application sensors.

Benefits

Ensures your teams are building secure applications.

The Testing Problem

If an organization can’t test for security in the applications it develops, it should be no surprise if those applications contain vulnerabilities that will be found and exploited by malicious persons sooner or later.

The T&VS Solution

Secure testing coaching for test managers and testers. Review and make recommendations for identifying security test requirements, including:

  • Information gathering
  • Analyzing application security
  • Testing configuration management
  • Testing client-side and server-side controls
  • Testing authentication
  • Testing session management
  • Testing logic flaws
  • Testing access controls
  • Testing input vulnerabilities
  • Testing function-specific vulnerabilities
  • Testing shared hosting vulnerabilities
  • Testing application server vulnerabilities
  • Testing DOM-based attacks
  • Validating local privacy
  • Testing SSL ciphers
  • Testing same-origin configuration
  • Testing information leakage
  • Security testing tools
  • Using fuzzing
  • Understanding perimeter defences
  • Penetration testing
  • Identification of security tests that can be done in-house and directing specialist testing of those which cannot (yet).

Benefits

  • Demonstrates your applications are secure.
Get in Touch

Find Out More

Contact one of our consultants today to discuss your requirements.
No hard sales, just pertinent questions to understand your needs and to discuss how we may be able to help.

Alternatively contact one of our Local Sales Offices.

Get in Touch
T&VS NEWSLETTER SIGN-UP
The T&VS newsletters inform you about industry news, events and information from T&VS. No spam, we promise and it is always easy to unsubscribe.
We never share your information. Read our Privacy Statement
Interested in Formal Verification?
Then why not attend the TVS Formal
Verification Bootcamp training?
The 2-day Formal Verification Bootcamp is for design and verification engineers looking to enhance their knowledge of formal verification and to learn how to write effective assertions to find and fix bugs. The course is a mix of presentations and hands-on development exercises.
Bootcamp Enquiry Form
If you are interested in receiving additional information on the course then simply email Mike Bartley (TVS CEO and Course Leader) by entering your details below.
Interested in SystemC?
FREE SystemC UVM Library Now Available
The TVS SystemC UVM library closely mimics UVM but gives users a license free UVM-based verification environment.
Have your product requirements been successfully tested and implemented?
Find out how asureSIGN can help you implement a successful Requirements Driven Verification and Test Strategy by visiting asureSIGN or enter your details and we will be in touch.
Course Dates and Pricing
To receive additional information, including course dates and pricing, please contact our training team who will be happy to help.
Download Request
Please complete the following form then click 'submit' to access the download.
Presentation Request
Please complete the following form then click 'submit' to gain access to the presentations.
DOWNLOAD REQUEST
Please complete the following form and then click 'submit' to gain access to the download.
FREE QA ASSESSMENTS
Did you get what you were looking?

Let the testing experts help. We will run a FREE QA assessment which will include our top 5 recommendations to help maximise your testing.