Introduction to our safety training

For most requests for training, we will be happy to advise you, but will usually refer you to existing courses offered by other companies that have focused on such courses. However, there are some topics for which we cannot make recommendations, so we have decided to offer training courses for these areas ourselves.

Motivational training for developers

There are an immense number of courses designed to teach developers guidelines for secure programming and how to implement them. However, most developers find the sheer number of rules overwhelming and often have difficulty deciding which of these guidelines make sense in their own company. For example, the OWASP ASVS L3 alone has over 300 so-called ‘controls’ from which the corresponding rules can be derived. As a rule, this means that developers only develop a very limited motivation to apply all these rules consistently in everyday life.

With this in mind, we have developed a course that is primarily aimed at motivating developers by giving them a clear picture of the weaknesses in the development process that make attacks possible. By explicitly applying the attack techniques to their own website, the developers acquire a deep understanding of the consequences of insecure programming and then usually develop a high level of motivation to avoid such errors themselves. In addition, the developers are then able to carry out at least basic security checks themselves and thus validate their own work.

The course is usually held online and typically comprises 8 lessons of 90 minutes each, followed by a further 90 minutes of guided application of the content learned. The optimal course size has proven to be 3 to 7 participants. We recommend splitting larger teams accordingly.

The all-inclusive price for this course is €12'000.

Safety training for managers

This course aims to provide people who perform management functions - i.e. project managers, heads of departments and scrum masters - with a basic understanding of all safety topics relevant to your industry.

The scope and content is tailored to your individual requirements, but can also be expanded on an ad hoc basis if there are any further questions.

The typical course covers the following topics:

What are typical risks in your industry?
What successful attacks have there been in your industry in recent years?
How have your competitors reacted to such attacks?
Should you pay in the event of an extortion attempt?
How do you deal with attacks on your own reputation?
What role do your own developers, system administrators and application testers play in defending against attacks?
Can you buy security from external service providers?
What role does the works committee play in monitoring your own employees, and when does such monitoring make sense?
Which laws are relevant for management and what liability risks arise if these are not complied with?
When can a manager be personally charged with gross negligence in the area of safety?
What documentation of security measures is useful and necessary within the legal framework?
What role does risk management play in security?

The course is planned to run for two training sessions of 3 hours each.

The all-inclusive price for this course is €3'000, or €2'400 if this course takes place immediately after a pentest carried out by us.

Security training for controllers and purchasing

This course is aimed specifically at all those who are responsible for the financial side of security management. It largely dispenses with technical details and instead focuses on the role of the controller or purchasing department in the context of security.