We have released three new software security training courses as part of our online Security Engineering Training by SAFECode program.

Security Engineering Training by SAFECode is an online community resource offering free security training courses delivered via on-demand webcasts. Covering issues from preventing SQL injection to avoiding cross site request forgery, the courses are designed to be used as building blocks for those looking to create an in-house training program for their product development teams, as well as individuals interested in enhancing their skills.

New course available for immediate viewing include:

  • Product Penetration Testing 101: This course provides a foundation for security penetration testing of products. It reviews the important penetration testing concepts and shares insight into common elements of an attacker’s mindset.
  • Cross Site Scripting (XSS) 101: This course provides viewers with a basic understanding of the core concepts behind XSS. It will help viewers recognize where in a web application they may expect to find XSS and provide guidance on preventing and remediating XSS.
  • Secure Java Programming 101: This course provides a basic introduction to secure coding in Java. Viewers will be introduced to the most frequent attacks and pitfalls that a Java programmer may encounter, along with techniques to avoid them. It is designed to be a starting point for those new to Java security.

In addition, we will release the following courses in the next six weeks:

  • Secure Memory Handling in C 101: This course provides an introduction to basic issues in secure coding in C with a focus on secure memory handling. It specifically focuses on issues associated with traditional string (char*) handling, arrays and format strings.
  • Using Cryptography The Right Way: This course provides an overview of how to use cryptography in a secure way and covers topics such as the uses of hashing and the differences between symmetric and asymmetric encryption. It provides examples of cryptography in action and reinforces the importance of using well-established and accepted cryptography toolkits. 

We’ve also made a number of updates to the site, including adding a new Resources page with additional software security guidance that you may find useful. We will be adding to those resources over time.

And while we don’t require any registration to view the courses, we do encourage you to become a registered user of the site. Registered users can leave feedback on the courses, be alerted when new courses are available, and download the courses for offline viewing.

Finally, we have added an optional survey to the site. While your participation is not required, we do hope you can spare a few minutes to let us know how we are doing. We want to keep improving the program to better serve the needs of the community and your feedback plays a critical role in that effort.