Implementing DevSecOps can be a challenge, particularly if an organization's software development teams approach their work by focusing first on functionality and security later, if ever. Santa Clara, Calif. application security testing firm WhiteHat Security wants to help coders incorporate security into their projects from the get-go with WhiteHat Learning Labs, a new online training and resource repository for secure DevOps education.
"DevSecOps is transforming application security as a whole. Because DevOps moves at a very fast pace, security needs to move fast too, delivering accurate results in near real-time," said WhiteHat's chief scientist, Eric Sheridan, in a statement. "However, without the foundational understanding of how to fix the vulnerabilities identified through security testing, developers will simply not be able to keep up with the data."
Drawing from the know-how of more than 150 security engineers at the company's Threat Research Center, WhiteHat Learning Labs offers security bootcamps and crash courses to help developers sharpen their skills quickly. The company's catalog of computer-based training tracks includes courses on building secure applications as well as threat modeling, defensive remediation and other topics.
"The goal of WhiteHat Learning Labs is to empower both DevOps teams and security teams with a solid foundation in security principles and best practices in development," continued Sheridan. "With proper training and education, developers and their security teammates can collaborate to deliver secure applications at the speed of business."
Although the software industry is making progress in terms of DevSecOps, there's still plenty of room for improvement.
WhiteHat's recent Application Security Statistics Report for 2017 (registration required) found that web applications had three vulnerabilities on average in 2016, down from four vulnerabilities in 2015. Nearly half of all applications contain a vulnerability that haunts them for the duration of an entire year.
As cybersecurity threats mount, the IT industry is increasingly turning to online training to help IT professionals get up to speed.
Last month, Webroot announced it had acquired security awareness training specialist Securecast. On Sept. 12, Cybrary announced it had raised $3.5 million to help fill the cybersecurity skills gap by offering technology professionals an expanded set of learning resources and a scalable, enterprise-grade online learning and testing technology platform. Earlier this month, the SANS Institute announced it had updated its phishing awareness training solution, allowing organizations to keep up with the latest phishing tactics used by online scammers.