Security Coaching2017-10-26T15:09:12+00:00

Security Coaching

Security Coaching and Training Solutions Tailored to Your Needs

By coaching your teams T&VS can provide them with the knowledge they require to start incorporating security throughout the project life-cycle and focus on delivering applications that do what you want them to, while stopping attackers doing what they want to.

The T&VS security coaching solution is tailored to the needs of the individuals in your project teams without disrupting your current development schedules by sending them away on abstract training courses, keeping your teams working productively while they acquire the skills required to Design, Code and Test applications that are resilient to attack.

The Design Problem

Design flaws account for 50% of software security issues (IEEE Centre for Secure Design).

The T&VS Solution

Introduce security coaching for architects, analysts, and project managers. Review and make recommendations with regard to the SDLC process, policies, standards, threat modelling, and design specifications for trust, authentication, access control, validation, cryptography, data, usability, component integration, and maintenance.

The Benefits

  • Architect it right from the start.

The Coding Problem

The Massachusetts Institute of Technology Research (MITRE) has identified 700 kinds of software security weakness, yet 60% of developers are not concerned about security. 96% of applications contain vulnerabilities with a median of 14 per application (Cenzic).

The T&VS solution

Introduce secure code and database coaching for technical leads, developers, and DBAs. Review and make recommendations with regard to:

  • Static and dynamic scanning for vulnerabilities
  • Manual code inspection
  • Reviews of technical controls for authentication, authorization, session management, input validation, output encoding, error handling, deployment, patching, and cryptography
  • Reviewing code for vulnerabilities (buffer overflows, OS injection, SQL Injection, data validation and protection, cross-site scripting, cross-site request forgery, logging, session integrity, race conditions)
  • Database security
  • File management
  • Memory management
  • Reviewing framework-specific issues
  • Coding self-aware application sensors.

Benefits

Ensures your teams are building secure applications.

The Testing Problem

If an organization can’t test for security in the applications it develops, it should be no surprise if those applications contain vulnerabilities that will be found and exploited by malicious persons sooner or later.

The T&VS Solution

Secure testing coaching for test managers and testers. Review and make recommendations for identifying security test requirements, including:

  • Information gathering
  • Analyzing application security
  • Testing configuration management
  • Testing client-side and server-side controls
  • Testing authentication
  • Testing session management
  • Testing logic flaws
  • Testing access controls
  • Testing input vulnerabilities
  • Testing function-specific vulnerabilities
  • Testing shared hosting vulnerabilities
  • Testing application server vulnerabilities
  • Testing DOM-based attacks
  • Validating local privacy
  • Testing SSL ciphers
  • Testing same-origin configuration
  • Testing information leakage
  • Security testing tools
  • Using fuzzing
  • Understanding perimeter defences
  • Penetration testing
  • Identification of security tests that can be done in-house and directing specialist testing of those which cannot (yet).

Benefits

  • Demonstrates your applications are secure.
Get in Touch

Find Out More

Contact one of our consultants today to discuss your requirements.
No hard sales, just pertinent questions to understand your needs and to discuss how we may be able to help.

Alternatively contact one of our Local Sales Offices.

Get in Touch