Chapter 17. Getting Required Training

Secure applications that follow best practices and employ all the latest anti-hacking strategies are easy prey to users who are unaware of the need to keep things secure. Social engineering attacks are still the most effective way to break into an organization. Users aren’t inept and it isn’t that they lack the ability to make good decisions—it’s the fact that they often don’t have appropriate training and lack a requirement to retain the knowledge gained. Simply training someone to perform the task well won’t achieve anything unless that knowledge is tested from time to time with repercussions for failure (or perhaps rewards for success).

However, developers, administrators, managers, and all other personnel in your organization also have training requirements. Without proper training, you can’t expect your organization to have even a small chance of keeping hackers at bay. Developers need to keep an eye out for new threats and fix security holes, administrators need to remain vigilant to potential breaches, and management needs to know about the need to provide resources to keep applications safe. In short, everyone has a task to do that requires some level of training to achieve.

This chapter discusses some of the ways in which you can help keep the human element of an application trained so that the application performs better and hackers are less inclined to attack. No, training won’t solve all your problems, but training mixed with secure ...

Get Security for Web Developers now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.