Read Time 2 minutes
Left shifting of security has moved developers to the frontline of application security. However, developers have limited opportunities to learn about secure coding practices at school or in their work environment.
Information security teams lack the bandwidth to impart AppSec knowledge to development teams, as developers often outnumber security professionals 200 to 1. Left shifting of security to the development teams will enable information security teams to focus on defects that escaped testing in the SDLC lifecycle.
Development managers need to rethink how they can impart knowledge at scale on secure coding practices to their development teams. Hands-on training using virtual labs have been proven to enhance learning engagement and improve retention. Put developers in the shoes of a hacker and teach them to identify and fix vulnerabilities using real code samples that model real world hacking scenarios. These training labs can be customized to specific technology stacks relevant to the enterprise. Using gamification and guided lessons help improve engagement and retention by 50-70%.
Training managers can deploy training at scale to their geographically distributed development teams and even include their outsourcing partners. Track progress and completion rates. Make AppSec training a mandatory part of new employee on-boarding process.
Refresh content with new training missions to ensure continuous learning. Embed your SDLC security policies into the training. As an example, lab lessons that focus on OWASP Top 10 vulnerabilities may be relevant for the financial services and retail industries who have to worry about PCI compliance.
Forward thinking enterprises are taking their training to the next level by hosting hackathons and capture-the-flag (CTF) events to foster a security culture in the organization. Pitch your red teams against your blue teams and see the excitement build up. Identify your security ninjas, who can then be groomed to become your security evangelists in development teams.
Our gamified hands-on training platform can put your development teams on the fast track to application security. Now that’s AppSec at the speed of DevOps!
Are you ready to take your AppSec training to the next level?
*** This is a Security Bloggers Network syndicated blog from Blog – Cybersecurity Workforce Training on the Frontlines authored by Harish Bhat. Read the original post at: https://www.cyberlabs360.com/blog/unleash-a-kick-ass-appsec-ninja-program/