What people say
"Our developers have used the MDSec labs to learn about what mistakes to avoid, with excellent results!"
Bart Wilkins, Software Development Lead
"After playing with the sample bugs on MDSec’s labs, I can now identify vulnerabilities in my own code, and fix them before it goes live."
Stuart Beddows, Principal Developer
"Since our developers took the MDSec training, we’re spending less on outside testers, and our code is more secure."
Susan Jordan, Senior Development Manager
"These labs are an outstanding hands-on walk through of one of the best web application security books on the market."
Keith Turpin, BlackHat USA attendee
Security testing has traditionally been left to the "experts" - penetration testers who come into your project right at the end, and hand you a list of issues to fix, just when you have the least amount of time available to do so properly. Recent compromises at high-profile organizations have shown the serious limitations of this approach.
It doesn't need to be this way. Our experience with project teams has shown that developers have the curiosity and creativity needed to perform security testing of their own code, and QA professionals have the desire and rigor to integrate security testing into their processes. What holds them back is a perceived lack of knowledge of web application security, and a lack of opportunities to learn more about it.
As penetration testers ourselves, we have created comprehensive examples of precisely the issues that testers will be looking for in your applications. You can use our labs to see these vulnerabilities, understand them, test for them, and avoid them, ahead of time.
Getting an entire development team trained in security issues can require a significant investment of time. Our self-service, on-demand training labs allow your developers to learn about security at their own pace, when they have the time to do so. Our low-cost hourly billing model means that you can set a certain number of hours of training time for each of your developers, at a cost that won't consume your training budget.