Web applications are crucial to all organizations; government agencies use websites for payment services, retail businesses rely on them as part of their eCommerce initiatives, and manufacturers leverage the Internet to get the most from their supply chains. Web-based services lacking a proper level of security can be circumvented more easily, resulting in attacks that can result in data corruption, or a loss of privacy that could lead companies to face sanctions under regulations such as Sarbanes-Oxley, HIPAA, GLBA, and more.

"Operating systems vendors and Web services software providers continue to update their software to address security vulnerabilities," said Roberta Witty, Research Vice President, Gartner, Inc. "But many of these improvements only work if application developers and support teams are aware of how best to code applications and configure systems to take advantage of these improved security capabilities. Education, therefore, is a crucial component of the lifecycle approach that companies must take in developing and supporting Web applications."

The RedSiren Institute's new course, Introduction to Web Application Security, helps participants understand the major vulnerabilities associated with Web applications and the extent to which these threats are real. The course content helps them learn about best practices associated with adding security to applications, as well as how to address security precautions for secondary systems.

"Web applications provide great benefit to companies," said Nick Brigman, RedSiren's vice-president of product strategy. "The high accessibility of browser-based applications, however, also increases the risk and presents security challenges that cannot be addressed by technology alone. Developers, systems support personnel, and management needs to infuse security into every step of the application development process. Training, especially e-learning, effectively improves behavior and produces a security-minded development staff."

Developed in cooperation with application security experts at Abacus Technology, a participant in RedSiren Institute's Subject Matter Expert (SME) program, the course qualifies for 10 continuing professional education credits for (ISC)(2)(R) CISSP(R) and SSCP(R), and ISACA(R) CISA(R) and CISM(TM) holders under current rules. The second course, under development, will provide in-depth technical training for developers and auditors, while the third will review best practices surrounding software testing and assessment.

"The need for application security instruction is immense. There is little time or funding to get the programming ecosystem where it needs to be," said Susan Suskin, vice-president, Abacus Technology Software Group.

"RedSiren Institute's application security program provides a comprehensive curriculum to effectively train application developers, system administrators and development team management."

The new course is being sent to current RedSiren Institute participants via RedSiren and its education channel partners. The course is available for retail purchase at http://www.infosecu.com while enterprise licensing may be obtained through RedSiren and RedSiren Institute's partners, GeoLearning and Qwest. More information about RedSiren, RedSiren Institute, and the application security program is available from the company's website http://www.redsiren.com .