Startup AppSec Education2021-06-24T12:34:00+00:00

Appsec Education for Startups

“The cost of removing an application security vulnerability during the design phase ranges from 30 to 60 times less than if removed during production.” NIST, Gartner and IBM.

Secure code is developed by developers who are security conscious and have the required skillset to write secure code. In order to achieve this, all developers need to be trained in secure development practices. PreCog Security created unique application security training for dynamic and growing development teams.

Application Security/DevSecOps education training consists of two parts:

Initial AppSec training for the entire team covering the entire class of common AppSec vulnerabilities defined by the current OWASP Top 10 list, expanded with relevant topics and extensions for your business domain:

  • Injection
  • Secure Application Design for Your Business Domain
  • Threat Modeling
  • Insufficient Logging & Monitoring
  • Using Components with Known Vulnerabilities
  • Security Misconfiguration
  • Cross-Site Scripting (XSS)
  • Insecure Deserialization
  • Broken Access Control
  • Application Security Verification Standards
  • XML External Entities (XXE)
  • Sensitive Data Exposure
  • Broken Authentication

Do you have an Information
Security Policy?

Startup Questionnaire


1 / 10

Do you have a documented and available set of updated and current procedures for security and IT management in your organization? This includes documents on data integrity, business conitnuity, incident response, physical security, etc

2 / 10

Is there a person primarily responsible for managing security initiatives within your organization?

3 / 10

Do you have a prepared and tested Business Continuity/Disaster Recovery plan?

4 / 10

Do you have a prepared and tested Incident Response Plan (including handling, monitoring and reporting of the incident)?

5 / 10

If you are developing in software/applications, have you implemented a secure software development lifecycle?

6 / 10

Are you performing vulnerability assessments, penetration testing and vulnerability management on information system assets (network, website, endpoints, servers, software, web applications, etc)?

7 / 10

Are you performing regular inventory of all IT assets (hardware and software)?

8 / 10

Are you a venture backed startup ?

9 / 10

Are you employing anti-malware and other security controls such as firewall, data loss prevention, intrusion detection/prevention systems across your environment?

10 / 10

Are you prepared to satisfy procurement mandates for your large client (internal security, data governance, legal mandates)?

DevSecOps training for the entire team covering the domain of DevSecOps:

  • Connecting AppSec, DevOps and Security
  • Integrating security into the CI/CD process
  • Secrets management and integration
  • DAST testing in CI/CD
  • SAST testing in CI/CD
  • Error tracing for security
  • Hardening systems according to benchmarks and standards
  • Infrastructure as code and its use in disaster recovery

Training will be formed as a workshop that combines lectures, examples, and hands-on work for knowledge transfer that is customized according to your infrastructure and your specific use cases and compliance requirements (For example: GDPR, PCI-DSS/PA-DSS or any other requirement).

The goal of the workshop is to raise awareness of specific issues based on the organization, architecture and infrastructure. The audience will be able to raise specific security tasks with our assistance and create the first batch of security-related tasks and required improvements.