ThreadStrong content, powered by Denim Group, provides in-depth description of Cross Site Request Forgery to train developers to build more secure software
Denim Group, an IT consultancy that develops secure software and helps organizations assess and mitigate risk with their existing software, today opened its ThreadStrong e-Learning Cross Site Request Forgery (CSRF) class to free public access.
ThreadStrong is a self-paced, e-Learning solution designed by Denim Group’s secure application development experts to help developers understand and apply the principles of secure design and coding.
The e-Learning module explains the anatomy of Cross Site Request Forgery vulnerabilities so software developers can identify potential issues in their code and build applications free from this vulnerability. To access the course, users should navigate to http://www.threadstrong.com/csrf.
Dealing with CSRF Vulnerabilities
A Cross Site Request Forgery vulnerability, en.wikipedia.org/wiki/Cross-site_request_forgery, is a complex software design and coding flaw. Software security managers struggle to explain these vulnerabilities and their impact to development teams. Creating secure development strategies that consistently mitigate the risk associated with CSRF vulnerabilities is even more difficult. By providing public access to the ThreadStrong CSRF course, Denim Group hopes to increase the understanding of this prevalent vulnerability and support development teams in creating secure systems.
The recent SANS/Internet Storm Center 2010 Top Cyber Security Risks Report noted that Cross Site Request Forgery vulnerabilities are increasing, even as other web application vulnerabilities such as cross site scripting and SQL injections are decreasing. Given the widespread nature of this vulnerability and high visibility software breaches, development teams need to adapt to this evolving risk.
“Software development teams are constantly asking their security colleagues for guidance on how to create secure applications,” said Dan Cornell, Chief Technology Officer of Denim Group. “By donating this ThreadStrong module for community use, we hope to raise awareness about CSRF vulnerabilities and helps the teams trying to build more secure code.”
About Denim Group
Denim Group develops secure software, helps organizations assess and mitigate risk with existing software, and provides training on best practices in software security. Denim Group has worked with a range of Fortune 500 companies and public sector organizations, bringing a focused software development approach to the world of software security. Denim Group is a strong contributor to the larger application security community, and has been involved with the Open Web Application Security Project (OWASP) since shortly after its inception. Additionally, Denim Group was ranked 1,925 in Inc. Magazine’s 5000 Fastest-Growing Private Companies in America in 2010. For more information about Denim Group, visit www.denimgroup.com.