Scribd
Upload
65 views

Veracode Secure Coding Training Plan: Description

This document outlines a secure coding training plan for software engineers, leads, and testers. It details the topics to be covered in online training through Veracode's e-learning platform, including secure development fundamentals, coding principles, and tutorials. The objectives are to assess and improve engineers' application security knowledge so features are developed securely and coding policies followed. Completion criteria include passing grades on courses and tutorials.

Uploaded by

Veronica Quiroga
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
65 views

Veracode Secure Coding Training Plan: Description

This document outlines a secure coding training plan for software engineers, leads, and testers. It details the topics to be covered in online training through Veracode's e-learning platform, including secure development fundamentals, coding principles, and tutorials. The objectives are to assess and improve engineers' application security knowledge so features are developed securely and coding policies followed. Completion criteria include passing grades on courses and tutorials.

Uploaded by

Veronica Quiroga
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Veracode Secure Coding Training Plan

 Description
 Organization
 Objectives
 Topics
 Software Engineers
 Secure Development (approximately 5 - 7 hours)
 Tutorials (complete at least 3 - approximately 20 mins each)
 Software Engineer Leads
 Secure Development (approximately 3 - 5 hours)
 Secure Coding (complete as necessary, based on assessment gaps)
 Tutorials (complete at least 3 - approximately 20 mins each)
 Test Engineers [approximately 3 to 5 hours]
 Requirements
 Success Criteria
 Schedule
 Tentative Roadmap
 Calendar Summary

Description
Engineers will go through app sec fundamentals offered by Veracode. Learn the fundamentals of
information security including key principles, concepts, vulnerabilities, threats and how to counter
them.

Organization
This is a self-paced experience, fully through Veracode's e-learning platform. The topics are listed in
a way to promote starting off with a general overview and self assessment, then dig into specific
concepts. Finally it lists out the available tutorials to go through which is up to the engineer.

Objectives
1. Provide engineers with an opportunity to assess their app sec knowledge.
2. Provide engineers with the fundamentals around application security, so that product features are
created with a security first mindset.
3. Enable engineers to comply with the Secure Coding Policy that WebPT follows.
4. Allow WebPT a way to track and support engineering app sec knowledge.

Topics

Software Engineers
Secure Development (approximately 5 - 7 hours)
1. Security Awareness
2. Introduction to Web Application Security
3. Veracode Application Security Fundamentals
4. Cross Site Request Forgery (CSRF) Explained
5. Secure Coding - Validation and Encoding
6. Secure Coding - Trust Boundaries
7. Secure Coding - Information Handling
8. Secure Coding - Data Protection
9. Secure Coding - Configuration and Deployment
10. Secure Coding - Authorization
11. Secure Coding - Authentication

Tutorials (complete at least 3 - approximately 20 mins each)

1. AppSec Tutorials - Cross Site Scripting


2. AppSec Tutorials - CSRF
3. AppSec Tutorials - SQL Injection
4. AppSec Tutorials - CRLF Injection
5. AppSec Tutorials - Directory Traversal
6. AppSec Tutorials - Information Leakage
7. AppSec Tutorials - Open Redirects
8. AppSec Tutorials - OS Command Injection

Software Engineer Leads


Secure Development (approximately 3 - 5 hours)

1. Security Awareness
2. Introduction to Web Application Security
3. Veracode Application Security Fundamentals
4. Cross Site Request Forgery (CSRF) Explained]
5. Overview of Mobile Application Security
6. Secure Architecture & Design
7. Threat Modeling

Secure Coding (complete as necessary, based on assessment gaps)

1. Secure Coding - Validation and Encoding


2. Secure Coding - Trust Boundaries
3. Secure Coding - Information Handling
4. Secure Coding - Data Protection
5. Secure Coding - Configuration and Deployment
6. Secure Coding - Authorization
7. Secure Coding - Authentication

Tutorials (complete at least 3 - approximately 20 mins each)

1. AppSec Tutorials - Cross Site Scripting


2. AppSec Tutorials - CSRF
3. AppSec Tutorials - SQL Injection
4. AppSec Tutorials - CRLF Injection
5. AppSec Tutorials - Directory Traversal
6. AppSec Tutorials - Information Leakage
7. AppSec Tutorials - Open Redirects
8. AppSec Tutorials - OS Command Injection

Test Engineers [approximately 3 to 5 hours]

1. Security Awareness
2. Introduction to Web Application Security
3. Overview of Mobile Application Security
4. Veracode Application Security Fundamentals
5. Application Security Testing
6. Cross Site Request Forgery (CSRF) Explained

Requirements
 An internet browser
 A veracode account with an e-learning seat assigned (will be provided)
 No previous app sec knowledge needed, but enough comfort around Java, PHP or .NET code to go
through the material or examples.

Success Criteria
1. All WebPT engineers have gone through app sec training with a passing grade and at least 3 tutorials
with a passing grade
2. Passing grade for all courses and tutorials is 70%

You might also like