Strategic Advisory, Security Training and Assessments (or, SASTA)
The problem: Today's business environment is faced with ever-increasing challenges to meet regulatory and shareholder expectations for securing applications despite a significant shortage of available cyber-security talent in the workforce. The typical approach to application security training is very tactical in nature, and serves only as an introduction.
Our Solution: To meet this challenge, Secure Ideas has developed a strategic program comprised of ongoing training and access to expertise. This model is similar to a traditional trades-person apprenticeship program, mixing on-the-job training and structured study. Secure Ideas calls this program the Strategic Advisory, Security Testing and Assessment (SASTA) service, and it is built around a set of resources and activities designed to provide ongoing support to grow expertise within organizations.
SASTA is made up of three main components: Training, Advisory, and Assistance, and is flexibility to fit the needs of both application security and software development teams. Secure Ideas also offers discounts if SASTA is combined with a purchase of Test Credits.
* Minimum purchase of ten (10) seats
- Online Training
- Webinars (every other month)
- Expert Advice
- Live Guidance
SASTA + TESTING
per 5 credits purchased
* 50+ credits purchased provides free SASTA for 25 seats. For additional seats, please call us.
- SDLC Embed
- Rapid Scheduling
- Includes additional webinar attendees
ALL ABOUT SASTA
Training, Advisory, and Assistance are the three main components of the Strategic Application Security Training & Advisory service. Each of these components offers a variety of channels to facilitate the growth of your team's application security expertise.
1. The Training Component
Members get access to all of the web application security content recorded in our learning management system at training.secureideas.com. This includes full-length training and shorter webcasts and workshops.
Secure Ideas will supplement recorded trainings with one-on-one or small-group training sessions to cover concepts and tools in more detail. These sessions can be scheduled to run from 30 minutes to two hours depending on the topics to be covered. Sessions covering general topics may be recorded and added to the LMS for other SASTA members. These sessions will be conducted at least six times each year.
2. The Advisory Component
SASTA members get a direct line to application security expertise through online chat (e.g. Slack). This channel is intended to provide quick expert answers to simple scenarios and advice such as risk-ranking or verbiage of findings. Secure Ideas monitors this channel during business hours.
Secure Ideas provides SASTA members with some flexible consulting time to assist with items such as providing direction in integrating security testing with the SDLC or reviewing software design and architecture to point out potential areas of interest.
3. The Assistance Component
We want to make sure SASTA members become productive application security experts. Whether an appsec team member is stuck while conducting an application penetration test, a developer needs help understanding static analysis result, or any number of scenarios where they need a quick second set of eyes on something, they have the option of scheduling a 15-30 minute web meeting with a Secure Ideas expert, getting assistance through a screen-share session.
The report is often considered the most important part of a penetration tester's job. SASTA therefore includes an option to have a Secure Ideas consultant review the penetration test reports that are produced by your team member, with the goal of improving the quality of their report writing. This review will consider items such as overall report format, the risk rankings of findings, accuracy of vulnerability descriptions and remediation suggestions.
This service is the Secure Ideas solution for rapid web application penetration tests. It consists of a hybrid manual, and automated test that is time-boxed with a priority focus on high-to-low risk items. This is for those situations where teams are overwhelmed, understaffed, and just need someone to jump in and conduct a test and provide a report. Web Scout is an optional addition to SASTA.