TMCnet News
Foundstone Releases Free One-of-a-Kind Software Security Training Application MISSION VIEJO, Calif. --(Business Wire)-- Sept. 8, 2004 -- Hacme Bank Simulates Real World Financial Institution to Show How to Avoid Most Common Software VulnerabilitiesFoundstone Inc., experts in strategic security, today announced it has developed a new, one-of-a-kind software security training application called Hacme Bank(TM) for use in its educational courses. The application is now available to the public for free. Hacme Bank simulates an insecure on-line bank with many of the most common software security vulnerabilities, development flaws and design errors discovered by Foundstone software security consultants during their engagements. Security professionals and software developers can use this tool to experience how these flaws behave in a real world application. While the preferred target for computer threats was once the network perimeter, it is now migrating to poorly designed and insecure software and Web applications, too. Security issues creep in when applications are built by software development teams that focus on functionality at the expense of security. Today, it is more critical than ever to integrate security into the software development lifecycle. Hacme Bank helps train software engineers on how to effectively develop high quality and reliable software that is also secure. "As one of the premiere universities teaching the science of Information Security and Cryptography, we understand the critical nature of security to organizations in every industry," said Andreas Fuchsberger, lecturer in the Information Security Group at Royal Holloway, University of London. "Companies can minimize their exposure to security breaches by providing continuing education to their IT staff, especially software developers. Our Information Security Group values Foundstone's reputation and the tools they produce like Hacme Bank because they are based on real world vulnerabilities." Hacme Bank is used extensively in Foundstone's Building Secure Software, Ultimate Web Hacking, and Writing Secure Code educational courses (ASP.NET and Java). Students are given the opportunity to perform hands-on code and design repair to better understand how to avoid software development errors and build secure software. Hacme Bank and an accompanying solution guide can be downloaded free of charge at www.foundstone.com/s3i for non-commercial purposes. "It's often thousands of times more expensive to fix a vulnerability after deploying an application than it is to eliminate it during the software development lifecycle," said Mark Curphey, director of consulting for Foundstone and founder of OWASP. "Our courses are famous for teaching IT and security professionals how hackers exploit vulnerabilities in their systems, and Hacme Bank helps us teach software developers how to avoid the vulnerabilities altogether." Foundstone Professional Services provides security-related professional services to clients ranging from early-stage startups to the largest Fortune 500 corporations. Services include application and network assessment services, product testing, risk assessment, and incident response, among others. Foundstone consultants are recognized experts and authors with broad security backgrounds in corporate multinationals, the public sector, and the U.S. military. Foundstone's Enterprise Risk Solutions(TM) software helps organizations comprehensively discover, inventory, prioritize, and remediate all assets on a global network. The suite provides exceptionally accurate, high-speed vulnerability assessment of all network assets, intuitive reports and metrics, and a tightly integrated threat correlation module which correlates critical threats with prioritized assets so security and network operations can focus on the assets that matter the most. About Foundstone Foundstone(R) Inc., experts in strategic security, offers a unique combination of software, services, and education to help organizations continuously and measurably protect the most important assets from the most critical threats. Through a strategic approach to security, Foundstone identifies and implements the right balance of technology, people, and process to manage digital risk and leverage security investments more effectively. The company has one of the most dominant security talent pools ever assembled, and has authored twenty books, including the best-seller Hacking Exposed. Foundstone customers include six of the top 11 Fortune companies and many U.S. government agencies. The company is headquartered in Orange County, Calif., and has offices in San Antonio, New York, Washington, D.C., and Singapore. For more information about Foundstone, visit www.foundstone.com, or call 877-91-FOUND within the U.S., and 949-297-5600 outside the U.S. Note to Editors: Foundstone is a registered trademark of Foundstone Inc. All other companies, brand names or products are trademarks or registered trademarks of their respective companies. |
