}
SASTA

Our expertise at your fingertips!

The Strategic Application Security Training & Advisory (SASTA) program will provide your application security or developer team with ongoing training and access to expertise year-round.

Strategic Application Security Training & Advisory

The Problem: Today's business environment is faced with ever-increasing challenges to meet regulatory and shareholder expectations for securing applications despite a significant shortage of available cyber-security talent in the workforce. The typical approach to application security training is very tactical in nature, and serves only as an introduction.

Our Solution: To meet this challenge, Secure Ideas has developed a strategic program comprised of ongoing training and access to expertise. This model is similar to a traditional trades-person apprenticeship program, mixing on-the-job training and structured study. Secure Ideas calls this program the Strategic Application Security Testing and Advisory (SASTA) service, and it is built around a set of resources and activities designed to provide ongoing support to grow expertise within organizations.

SASTA is made up of three main components: Training, Advisory, and Assistance, and is flexibility to fit the needs of both application security and software development teams.

SASTA Pricing


All pricing is at a monthly rate for twelve months of access to the program.

Security-Smart Developer Team

Starting at$1,700*Per Month
  • Online Training
  • Tactical Learning
  • Expert Advice
  • Live Guidance
  • Up to 10 Team Members
  • Consulting (optional)
  • Web Scout (optional)
Request This*Bulk Discounts available when purchasing for multiple teams

Application Security Team

Starting at$1,950*Per Month
  • Online Training
  • Tactical Learning
  • Expert Advice
  • Live Guidance
  • Report Reviews
  • Up to 3 Team Members
  • Web Scout (Optional)
Request This*Bulk Discounts available when purchasing for multiple teams

SASTA Details

Training, Advisory, and Assistance are the three main components of the Strategic Application Security Training & Advisory service. Each of these components offers a variety of channels to facilitate the growth of your team's application security expertise.

1. The Training Component


Online Training:

Members get access to all of the web application security content recorded in our learning management system at training.secureideas.com. This includes full-length training and shorter webcasts and workshops.

Tactical Learning:

Secure Ideas will supplement recorded trainings with one-on-one or small-group training sessions to cover concepts and tools in more detail. These sessions can be scheduled to run from 30 minutes to two hours depending on the topics to be covered. Sessions covering general topics may be recorded and added to the LMS for other PASTA members. At least two sessions will be conducted each month.

2. The Advisory Component


Expert Advice:

SASTA members get a direct line to application security expertise through online chat (e.g. Slack). This channel is intended to provide quick expert answers to simple scenarios and advice such as risk-ranking or verbiage of findings. Secure Ideas monitors this channel during business hours.

Consulting:

Secure Ideas provides SASTA members with some flexible consulting time to assist with items such as providing direction in integrating security testing with the SDLC or reviewing software design and architecture to point out potential areas of interest.

3. The Assistance Component


Live Guidance:

We want to make sure SASTA members become productive application security experts. Whether an appsec team member is stuck while conducting an application penetration test, a developer needs help understanding static analysis result, or any number of scenarios where they need a quick second set of eyes on something, they have the option of scheduling a 15-30 minute web meeting with a Secure Ideas expert, getting assistance through a screen-share session.

Report Review:

The report is often considered the most important part of a penetration tester's job. SASTA therefore includes an option to have a Secure Ideas consultant review the penetration test reports that are produced by your team member, with the goal of improving the quality of their report writing. This review will consider items such as overall report format, the risk rankings of findings, accuracy of vulnerability descriptions and remediation suggestions.

Web Scout:

This service is the Secure Ideas solution for rapid web application penetration tests. It consists of a hybrid manual, and automated test that is time-boxed with a priority focus on high-to-low risk items. This is for those situations where teams are overwhelmed, understaffed, and just need someone to jump in and conduct a test and provide a report. Web Scout is an optional addition to SASTA.

Need

Scout Services?

Need

Training?