[SC-L] One day software security awareness training?

[Jeremy Epstein]

All,

I'm looking for a one day software security awareness training class for a
client.  Yes, I know one day isn't enough to teach what people need to know,
but I'll be lucky if I can get them to spend that long.  (The initial
reaction to my recommendation was "no way".)

My goal is for them to learn basics like:
- How adversaries work
- Types of tools (static analysis, dynamic analysis, fuzzing)
- Architectural concerns (e.g., don't implement security in an uncontrolled
client)
- Basic code dos & don't - OWASP top 10 / SANS top 25 types of things

System they're building is in Java & Flex.

If you sell such training, please contact me OFF list so this doesn't become
an advertisement.  If you have a recommendation for a course you've taken,
I'd definitely like to hear about it!

Thanks,
--Jeremy

P.S. If geography matters, the client has distributed development between a
US east coast location and a US mountain location.  Open to whether training
would be at one of their locations or bring their people to a site.  It's
only about 15 developers, so definitely not worth a custom course.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://krvw.com/pipermail/sc-l/attachments/20100624/e452f22c/attachment.htm>