RSS Alerts

Share

More services

Related Stories

  • Finding web app vulnerability earlier saves time and money, says WhiteHat
    The longer the time between the generation of code in a web application with a security vulnerability and the discovery of that vulnerability, the more time and money a developer will need to fix it, noted Bill Pennington, chief strategy officer with WhiteHat.
  • CSI 2010: Improving web application security for free
    By most accounts, web applications are the new and emerging frontier of security vulnerability. In what may have been one of the more useful sessions of last week’s CSI Conference, at least from a practical standpoint, Kristy Westphal of payment card processor TSYS Acquiring Solutions showed attendees some cost-effective methods to increase the security of web-based applications.
  • Google offers bounty for web application bugs
    Google is expanding its reward program to compensate security researchers who find flaws in Google’s web applications, such as YouTube, Blogger, and Orkut.
  • OWASP updates application vulnerability list
    The Open Web Application Security Project (OWASP) has refreshed its list of the top 10 web application vulnerabilities, swapping out two items for new risks.
  • Mykonos to launch counter-hacker tool
    Web application security company Mykonos Software has launched an appliance designed to watch what hackers are doing and take counter measures to confuse and divert them.

Top 5 Stories

News

RIT, Mykonos partner on innovative web application security training program

18 April 2011

The Rochester Institute of Technology (RIT) and Mykonos Software are teaming to provide web application security training as part of the school's information security curriculum, the two parties announced Monday.

As part of the partnership, RIT will use the Mykonos Security Appliance to protect its own web applications from hackers and will use the data obtained from the appliance to train students on web application security.

David Koretz, president and chief executive officer of Mykonos Software, told Infosecurity: “There is not a single required course on web application security for any computer engineering or software program. That’s pretty amazing. Seventy percent of the graduates out there are writing web applications, and yet not one of them has any training even at the basic level on how to protect those applications.”

Koretz explained that the history of security is a "fortress model. The idea was that the networking people own security and their job was to establish a really deep moat….That is the traditional view of security. So all of the security training went to those guys, the people in the IT and networking programs. All these guys on the networking and IT side were trained on IT security; they were not trained on application security.”

Over the last 10 years, the security environment has shifted but the training programs have not kept up, Koretz said. Web applications have developed, and those applications are connected to an organization’s most sensitive information, he noted.

To address this gap in security education, Mykonos is working with RIT on web application security training. Mykonos donated its Security Appliance to RIT. The appliance traps web application attackers, tags their computer, profiles them to understand their threat level, and then deploys counter-measures to protect the website.

RIT is using the Mykonos Security Appliance in the classroom. “RIT is taking the leadership in becoming the first computing school in the nation in which application security is a core part of what they teach”, Koretz explained.

Bo Yuan, director of the RIT’s Center for the Advancement of Research and Education in Information Assurance (CARE-IA), told Infosecurity that the Mykonos Security Appliance "has allowed us to update our computer classes and motivate us to do more cross-departmental cooperation in research and education for application security”.

The CARE-IA director explained that security training at RIT is primarily focused on infrastructure security. “Application security is a weakness in our overall curriculum”, he admitted.

Yuan said he would like to work with Mykonos to expand the application security courses to other technical universities. “I hope that the partnership with Mykonos will set an example for other universities. First of all, based on this partnership, we need to enhance our curriculum. Then, if we can set an example, other universities will be able to follow it”, he said.

This article is featured in:
Application Security • Security Training and Education

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012