As part of the package, Foundstone has come up with Web-based mock-ups of an online bank, a bookstore, a shipping site and a desktop travel application. According to the McAfee division, these so-called Hacme mock-ups, which all have some sort of vulnerability planted in them, should reveal to developers areas where security problems often crop up.

According to Foundstone officials, the Hacme online bank, bookstore, flower shop and so forth are "all open source," and the vulnerabilities put in them are modelled on security flaws found in the real world.

The online bank application, based on asp.net, for instance, has a buffer overflow problem that would let criminals generate fake transactions, while the bookstore, written in C++, has a flaw that would let someone generate a coupon with a 100% discount, officials said. The user guide for these mock ups explains where the vulnerabilities are.

Foundstone also provides classes in secure software development.