We recently released a freely-available course to help train developers and security analysts about Cross-Site Request Forgery. This is an extension of our ThreadStrong e-Learning trainig program. The press release is available online here and you can get access to the actual course on the ThreadStrong website.
dan _at_ denimgroup.com
Agency Contact: Denim Group Contact:
Alan Weinkrantz John Dickson
Denim Group Provides Free Public Access to Cross Site Request Forgery e-Learning Module
ThreadStrong content, powered by Denim Group, provides in-depth description of Cross Site Request Forgery to train developers to build more secure software
San Antonio, TX – October 19, 2010 – Denim Group, an IT consultancy that develops secure software and helps organizations assess and mitigate risk with their existing software, today opened its ThreadStrong e-Learning Cross Site Request Forgery (CSRF) class to free public access.
ThreadStrong is a self-paced, e-Learning solution designed by Denim Group’s secure application development experts to help developers understand and apply the principles of secure design and coding.
The e-Learning module explains the anatomy of Cross Site Request Forgery vulnerabilities so software developers can identify potential issues in their code and build applications free from this vulnerability. To access the course, users should navigate to http://www.threadstrong.com/csrf.
Dealing with CSRF Vulnerabilities
A Cross Site Request Forgery vulnerability, en.wikipedia.org/wiki/Cross-site_request_forgery, is a complex software design and coding flaw. Software security managers struggle to explain these vulnerabilities and their impact to development teams. Creating secure development strategies that consistently mitigate the risk associated with CSRF vulnerabilities is even more difficult. By providing public access to the ThreadStrong CSRF course, Denim Group hopes to increase the understanding of this prevalent vulnerability and support development teams in creating secure systems.
The recent SANS/Internet Storm Center 2010 Top Cyber Security Risks Report noted that Cross Site Request Forgery vulnerabilities are increasing, even as other web application vulnerabilities such as cross site scripting and SQL injections are decreasing. Given the widespread nature of this vulnerability and high visibility software breaches, development teams need to adapt to this evolving risk.
“Software development teams are constantly asking their security colleagues for guidance on how to create secure applications,” said Dan Cornell, Chief Technology Officer of Denim Group. “By donating this ThreadStrong module for community use, we hope to raise awareness about CSRF vulnerabilities and helps the teams trying to build more secure code.”
About Denim Group
Denim Group develops secure software, helps organizations assess and mitigate risk with existing software, and provides training on best practices in software security. Denim Group has worked with a range of Fortune 500 companies and public sector organizations, bringing a focused software development approach to the world of software security. Denim Group is a strong contributor to the larger application security community, and has been involved with the Open Web Application Security Project (OWASP) since shortly after its inception. Additionally, in 2010, Denim Group was ranked in Inc. Magazine’s 5000 Fastest-Growing Private Companies in America for the third year in a row. For more information about Denim Group, visit www.denimgroup.com.