Skip to main content

Astyran Pte Ltd

Pragmatic Application Security

Home  Training  Pentest  Code Review  Contact Us  Jobs  Site Map   
Application Security Training
Highly skilled consultants with field experience deliver both generic training or training adapted to your environment, tuned to the knowledge of the managers and the teams involved or adapted to your specific awareness, compliancy (e.g. with the Payment Card Industry standard or the Internet Banking and Technology Risk Management Guidelines of the Monetary Authority of Singapore) or security objectives.
 

One cannot adequately protect its interests and uphold its image to the public without ensuring that everyone involved with development:

  • Understand their roles and responsibilities related to your strategic objectives;
  • Understand your security policies, practices, standards and frameworks;
  • Has adequate knowledge about the typical threats, vulnerabilities, related risks and potential countermeasures at their level.

An awareness training session focuses the attention on security and is intended to allow individuals within the development teams to recognize security concerns and to respond accordingly.

Creating a culture of security for highly technical staff can be quite a challenge however. Usually technical staff only thinks about technical measures for mitigating the risks while the security community accepts that people and not technology are key to providing an appropriate level of security.

Astyran can help you delivering your message for all development staff. You need a trainer that can speak at the same level as the development staff, while being able to grasp your awareness and business needs. A trainer with domain and field knowledge ensures that the session is not boring but interactive and lively.

Types of Training
Astyran provides the following security training and awareness sessions:
 
  • Application Security Awareness session (1 day): this is an introduction to typical attacks and vulnerabilities of web applications, it explains common attacks, mistakes at the design or implementation level, how to put security into the Software Development Lifecycle (SDLC) and how to defend against the Open Web Application Vulnerability Project (OWASP) Top Ten and more!

 

  • Application Security Workshop (1 day): similar to the above, but one half day is spend in a workshop where trainees will be given hands-on experience in attacking web applications; the focus is still on explaining on how to defend against typical issues.

 

  • Web Application Vulnerability Assessment and Ethical Hacker (5 days): this is a highly technical training for beginning application security consultants or internal teams responsible for testing application security. This will provide a good background and methodology to test web applications for vulnerabilities.Contrary to common Ethical Hacking courses we do not focus on how to hack an application, but teach a standardised and repeatable process to detect software vulnerabilities before criminals exploit them or even before your application goes live.
Specialised Training
Astyran also provides the following specialised training for companies or organisations that are preparing to become Payment Card Industry (PCI) compliant or are starting to build security into the SDLC:
 
  • PCI Application Security for Managers (2 hours): This non-technical overview explains the current security and compliancy threats with a focus on the PCI standard at the application level and delivers insights into how to start building security into the Software Development Lifecycle (SDLC). It explains the differences between a reactive approach (using penetration tests and application vulnerability assessments) and a proactive approach (starting with contracts, security requirements, secure design, secure development and security testing).

 

  • Security in the SDLC (4 hours):  This  non-technical overview for managers explains the in detail what the current state-of-the-art is in building security into the Software Development Lifecycle (SDLC) and warns of some of the common pitfalls.

 

  • PCI and Secure Software Design (4 hours): This course for software designers provides an overview of security and compliancy demands from the PCI standard at the application level and explains – by starting to describe them as security requirements – what the consequences are for the software design. The course furthermore delves deeper into the elements of a secure design and discusses often made design errors.

 

Training Delivery

The above presentations or training sessions will be delivered in English by our executive director Herman Stevens, who was both a PCI Qualified Security Assessor (QSA) and a Payment Application Qualified Security Assessor (PA-QSA) and has over 10 years experience in Application Security. For our Kuala Lumpur sessions, Mr Stevens will be assisted by a Malay speaking trainer in order to maximize the training experience.

 


Pragmatic Application Security