Vulnerabilities and Weaknesses Continue to be Exploited

Weak or missing developer coding standards, server configuration and hardening techniques can put many companies at risk as threat actors continue to probe and attack vulnerabilities and weaknesses in applications and networks. In fact, 42% of organizations experiencing an external attack attributed it to software security flaws.[1] Further, more than eight of 10 vulnerabilities are in application code — with 20% deemed highly severe.[2] The need to enhance your overall security posture by training your Developers and DevOps engineers has never been more critical.

Cyber Security Defense Training From Aon

As part of an industry-leading suite of proactive security testing services, Aon’s Cyber Solutions delivers practical and effective security training for technical engineers responsible for developing and maintaining applications and networks.[3] Your team will learn modern secure coding practices, and server configuration & hardening techniques, via hands-on instructor-led or on-demand training. Aon’s Cyber Solutions’ outstanding training platform can help you save time and money by proactively helping to reduce or potentially prevent vulnerabilities and misconfigurations, and measures real secure coding competency through real-world exercises, tournaments and powerful analytics.

Cyber Security Defense Training Platform
(annual subscription)

An annual subscription-based service for Cyber Security Defense Training platform from Aon offers practical and effective security training for Developers and DevOps engineers.

What’s included:

• Adaptive Learning – Individualized learning paths, real-time feedback and content tailored to the needs of each individual learner.
• Defensive Training – Hands-on lessons-learned through real-world vulnerabilities that have led to recent security breaches.
• Real Training Grounds – Exercises run in real desktop development environments, created in seconds and accessed through the web browser. Participants are trained with the same integrated development environment (IDE) and tools being used in the workplace.
• Real-time Metrics – Metrics dashboard measures effectiveness in real-time and highlights areas of improvement at individual, team, and organizational levels to measure competency, risks, and remedial actions.
• Tournaments – Learn together through friendly and fun competition. Tournaments engage your teams and promote learning in a fun manner.
• SDLC Integration – Embed our security training as part of your software development lifecycle using our application programming interface (APIs), and create custom exercises using the software development kit (SDK).

Instructor-led Cyber Defense Training Workshop
(on-demand course)

Cyber Security Defense Training workshop for developers covers an introduction to application security and common application security threats, such as those from the Open Web Application Security Project (OWASP) Top 10 List. Training can be customized to the client’s needs with a focus on specific programming languages and security categories. Training can be provided onsite at client offices or virtually.*

What’s included:

• Instructor-led Defensive Training – Presentation of custom-developed application security training content, based on a combination of Cyber Security Solutions Coding Best Practices from Aon, OWASP Top 10 List, OWASP Mobile Top 10 List and industry best practices. Client-specific developer best practices can also be incorporated into the presentation.
• Live Demos & Exercises – A series of live demos will be performed to make sessions interactive and engage the developer audience, in addition to the information provided from the presentation deck.
• Cyber Security Defense Training platform access – As part of our instructor-led Cyber Security Defense Training, a Cyber Security Defense Training platform license can be purchased for developers, which provides unlimited usage during on-site training (up to 3 days), plus an additional 30 days for the authorized user after training has concluded.
• Capture the Moment – Client video and audio recordings from the session may be reused for future internal training purposes.

*Costs associated with performing instructor-led training onsite (travel, etc) is additional. Terms and conditions apply; please contact us for further information.

Why Aon’s Cyber Solutions?

Cyber Security Defense Training from Aon provides industry-leading hands-on technical training through adaptive learning and follow-on exercises run in actual desktop development environments. Developers and DevOps engineers are assessed and measured at the end of each module to gauge effectiveness, and to identify and address existing knowledge and skillset gaps. Cyber Security Defense Training from Aon offers a robust set of training modules covering the most popular programming languages, platforms and secure containers. Further, use the platform to measure ongoing knowledge gained and improvements across your entire team through real-time metrics and tournament results.

Get started today!

Cyber Security Defense Training can be obtained for your organization through either our workshop or annual platform subscription plan, or a combination. For more information and pricing for your organization, email securitytesting@aon.com.

Download PDF

Sources

[1] https://techbeacon.com/security/30-app-sec-stats-matter
[2] https://www.ptsecurity.com/ww-en/analytics/web-vulnerabilities-2020/ 
[3] Cyber Security Defense Training from Aon is powered by SecureFlag. Aon and SecureFlag are in partnership to offer this service directly to Aon clients.