The Secure Application Growth & Enablement (SAGE) program, is a selection of training specifically designed to uplift the security culture and awareness of your organisation.Enquire
The SAGE program draws on decades of industry experience our consultants have in application security. Having worked closely with many different development teams around the world, to build and secure some of the world’s most popular and critical software, we understand that teaching developers the knowledge and skills required to build security into their software is important. The effect of this has immediate benefits, and improves the organisation’s sustainability long-term.
We at elttam believe organisations should look at security more as a quality feature, rather than a 'release time' security assurance activity.
SAGE aims to improve your organisation’s ability to efficiently maintain an effective secure software development lifecycle, by uplifting the knowledge and skills of your teams in key areas necessary to build a sustainable application security program.
This will allow your organisation to develop software with fewer security issues, that are less susceptible, and more resilient to attack. This has the added benefit of reducing business risk, while enabling your software teams to move with improved agility
Who better to help design, implement, and test the security of your software, than your actual development teams?
The SAGE program consists of several class-room based training courses, that offer a structured approach to learning, with an emphasis on hands-on activities. Each training course targets a specific secure development process, which allows learned knowledge to be applied directly to the Requirements, Design, Implementation, and Verification phases of a secure development lifecycle more effectively.
We believe the best way to learn is by doing, as such, our SAGE program is designed to be highly engaging, practical, and accessible.
Teaching the security mind-set and concepts - The instructor will pass on extensive insight, experience, and hands-on approaches regarding application security to your developers and testers. Participants are shown real world examples of common security issues, learn professional testing methodology, techniques for measuring risk, and how to prepare effective security patches. The course contains our own lab environment where participants practice hacking and defending various systems and applications.Learn more
Teaching up-to-date secure coding guidance - Java developers will learn via hands-on labs how to design and implement secure software, specific to your organisations frameworks and languages. Participants not only learn how to identify insecure coding practices, but also how to rate the risk likelihood and effort to fix these issues. The course contains our own lab environment, where participants can practice how to hack and defend Java applications.Learn more
Teaching practical threat modelling concepts - Security Champions will learn the concepts behind a Secure SDLC, along with threat modelling approaches that allow for efficient and effective scaling of your application security team via a champion model. The course contains hands on labs that teach the concepts of identifying attack surface, assessing data-flows and use-case threats, and prioritising counter-measures to minimise the threats identified.Learn more
Overall the course was great, but I particularly enjoyed the "Create your hacker mindset" module. As a software engineer, I feel like those techniques are going to be very useful in the next security planning session.
I really liked the integration of business concerns, like UX, when coming up with a security patch. I also loved the hacker mindset component and problems in multiple ways, like inverse thinking. Loved the practical exercises and how they encompassed the whole flow including patching.
Loved the structure (example --> theory --> lab). Was really helpful and engaging. The real world examples were really helpful for seeing the great relevance of the material. Loved the unit testing approach to secure programming. Made it really easy to follow along and do the work.
Daniel was very approachable and hands on during the presentation. Always willing to help. The pace was perfect for learning.
I do a lot of Threat Modelling and wanted to go to Matt’s class at Kiwicon to work out whether it’s really a science or an art. It was very interesting and my takeaway after the class is it really is an art.
I loved the practicality of the thought process and approaches. It really made me think about how to tackle security in a way that makes so much sense to traditional penetration testing.