Security Application and End User Training

Information Security Training Services

Application Security, Secure Coding, End-User Security Awareness Training

Application Security and Security Awareness Training

Secure coding remains critical to avoiding data breaches created by insecure web applications and improperly configured hosts. Regulators, auditors and enterprises are increasingly emphasizing application security because of the growing recognition that applications are the biggest source of data breaches. Over 70% of security vulnerabilities exist at the application layer, not the network layer.” Other researchers have estimated this figure at 90%.

RebootTwice’s approach to team with organizations to enable developing applications that embraces security as an essential of the system development life cycle with the objective of producing applications that achieve the security goals of confidentiality, integrity, and availability.

RebootTwice LLC provides a two prong approach to help organizations to protect their data. Our first approach is focused on organizations to support secure coding of their applications. RebootTwice offers Application Security eLearning Training (eLT), Instructor Led Training (ILT),  Mobile Application Security, Foundation Services, Implementation Services, Verification Services, and Management Services. Our second approach is end-user information technology security training courses, and policy signature management solutions.

Our services are widely used to meet the security training compliance needs of regulations such as PCI DSS, GLBA, Sarbanes-Oxley, ISO 17799, COBIT, FERPA, and HIPAA (Privacy and Security Rules).

You can extend RebootTwice’s services to create a comprehensive IT Compliance system by adding your own training courses and policies for areas other than information security.

You can also use it to host other programs such as new-hire orientation training, classes for your sales staff, or training on a new software product.

As well as affordable hosted training solutions, we can provide security awareness courses in AICC or SCORM format if you already have an LMS.

Security Training Products and Services

Application Security Training

Application Security eLearning (eLT) – We provide a catalog of over 50 courses organized in three levels; 1) Awareness; 2) Technical and 3) Specialist.

Instruct Led Training (ILT) – Our ILT courses are designed to meet IT executives, managers, developers, testers and security architects.

Mobile Application Security Services & Training– Our services includes:  Mobile Application Security Architecture Review, Mobile Application Security Verification, Proactive Mobile Forensics.

Mobile Application Security Training – Instructor Led Training and eLearning Training.

Foundation Services  Our foundation service has helped dozens of organizations bootstrap their application security program by establishing a secure foundation that enables developers and architects to create secure applications. Our services focus on the following areas:

  • Awareness & Training
  • Best Practices & Standards
  • Standard Security Controls
  • Automated Tool Support
  • 3rd Party Security Management

Implementation Services -Development Support

  • Standard Security Controls
  • Secure Coding Guidelines -These guidelines helps GRC, Security and Development teams design, build and deploy secure software applications, mapping to each stage of the SDLC that shows development teams exactly how to fix software vulnerabilities.
  • Tailoring your Automated Tools

Verification Services – Security Code Reviews discover implementation-time vulnerabilities before formal testing begins. Our team employs a combination of static analysis tools and expert manual review to uncover the highest number of flaws possible – and provides remediation advice for those coding errors.  Code reviews may be executed against any type of application (Web, mobile, embedded) or technology (ASP.Net, Java, C/C++, PHP, etc).

Using proven threat modeling techniques, our experts identify the areas that attackers are most likely to exploit. A threat model guides the testing process for greatest effect.  After testing is finished, we’ll deliver a detailed report that includes the threat model, detailed findings for each threat area, our test methodology, and all vulnerabilities discovered (includes a severity rating for each). This “black box” testing is appropriate for acceptance testing and post deployment analysis.

Management Services – This service offers visibility into the state of application security across your entire organization. Combined with asset and application classification, our experts will identify and prioritize high-risk applications based on business impact, security threats, compliance mandates and operational risk.  The result is a risk ranking framework that allows you to better allocate your application security budget and resources.

 

End-User Training

A web-based security training program consists of training courses plus a delivery system – typically a learning management system (LMS) and the associated infrastructure (web servers, firewalls). It might also include complementary services such as online policy signature management, and automated security reminders.

RebootTwice can provide you with an end-to-end hosted training solution to meet these needs. Alternatively, if you already have a LMS within your organization, RebootTwice can work with you to develop courses that will run within your existing LMS.

Security Awareness Training Links:

NIST SP800-50- Building A Security Awareness Program