Secure Programming: Developing Defensible Web Applications

The University of Idaho and IT Training Solutions have partnered to hold an open enrollment course, Secured Programming: Developing Defensible Web Applications. McCullough will be teaching the three-day course, November 2-4, 2016 at the University of Idaho, Moscow Campus. This class is onsite but also offered live-remote. 

Over 70 percent of organizations report having been compromised by a successful cyber attack in the past 12 months, according to the 2015 Cyber Threat Defense Report.1 Another report stated 56 percent of organizations say it is unlikely or highly unlikely that they would be able to detect a sophisticated attack. “Attackers are getting better and faster at what they do at a higher rate than defenders are improving their trade...” World-renowned IT instructor Chuck McCullough, who has trained thousands of developers, is coming to University of Idaho at Moscow McCullough said, “I’m looking forward to sharing knowledge from a quarter century of experience in software development, to provide insights regarding the most difficult and challenging issues that must be addressed for success.”

McCullough specializes in software engineering consulting, outsource development, and developer training services. He has worked extensively with corporations, including EDS, IBM, HP/Compaq, Amdocs, Tektronix, Alcatel/DSC, Nortel, Southwest Airlines, American Airlines, Pediatrix, Medical-Edge, Cabela’s, SBC, AT&T, Verizon, Pepsi/Frito Lay, Central Insurance, BNSF, TXU, and Samsung. As an instructor, McCullough has a reputation for taking the “real world” perspective, while concentrating on the skills needed to perform tasks on real projects. As an experienced developer, he provides a unique training experience that other dedicated training curriculums generally lack.

The Course
The three-day course demonstrates to developers how attackers create strategies to compromise applications in order to help students “think like an attacker.” The class then moves into demonstrating how the Open Web Application Security Project (OWASP) provides developers with the tools to successfully create applications that are difficult or impossible to hack.

The class is rich in hands-on opportunities giving developers a chance to see for themselves how attackers think, how the framework protects the application, as well as where it is vulnerable. Importantly, this course satisfies section 6.5 of the Payment Card Industry Data Security Standard (PCI DSS), for any organization that deals with credit cards.

Who should attend
This class is focused specifically on software development but also has value for
anyone who’s comfortable working with code and has an interest in understanding the
developer’s perspective:

• Software Developers and Architects
• Testers/QA specialists
• Systems and Security Administrators
• Penetration Testers