Courses

New courses

Short description

This course is the next step for our participants, who completed either our OWASP Top 10, Java Secure Coding or C# Fundamentals course. This is a follow up training, meaning that in order to attend this, everyone must already have the knowledge that is covered in the Fundamentals.

This follow-up course is tailored to participants working as full-stack or frontend developers using Angular and React. The course dives into modern browser security features, as well as framework specific countermeasures and mitigation techniques.

At the end of the training everyone has the possibility to take an exam, where they are able to measure their level of the gained knowledge.

Outline
  • Client-side security

  • Modern browser security features

  • Introduction to Angular security

  • Protection against XSS in Angular

  • Protection against HTTP-level vulnerabilities

  • Introduction to React security

participants attending this course will
  • Learn client-side vulnerabilities and secure coding practices

  • Understand Content Security Policy

  • Explore the security features of Angular

  • Understand Angular's countermeasures against XSS

  • Understand Angular's countermeasures against HTTP-level vulnerabilities

  • Learn about the security of ReactJS

  • Understand React's countermeasures against XSS

  • Learn about JSON security

- Duration: 2 days

- Audience: Developers

Short description

Web and mobile applications are built from multiple components, but one statement is true for most of them: they need a backend. Since the performance of Go is on par with C, but its design and syntax are much more developer-friendly, it is a popular choice for backend development. However, with great power comes great responsibility.

Following the topics outlined by OWASP but tailored especially for Go developers, this course provides a comprehensive overview of the most common security vulnerabilities in today's web applications and how to avoid them. Next to web security, the course also touches on the basics of cryptography and common Go coding errors through various exercises.

After successful completion of this course, participants will have an in-depth understanding about and hands-on practical experience with the secure coding best practices in Go.

Outline
  • IT security and secure coding

  • Web application security

  • Practical cryptography

  • Common coding errors and vulnerabilities

  • Principles of security and secure coding

  • Knowledge sources

participants attending this course will
  • Understand basic concepts of security, IT security and secure coding

  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them

  • Have practical experience with cryptography in Go

  • Know how to avoid typical coding mistakes and vulnerabilities in Go

  • Get sources and further readings on secure coding practices

- Duration: 2 days

- Audience: Developers

Short description

Writing web applications can be rather complex – reasons range from dealing with legacy technologies or underdocumented third-party components to sharp deadlines and code maintainability. Yet, beyond all that, what if we told you that attackers were trying to break into your code right now? How likely would they be to succeed?

This course will change the way you look at your code. We'll teach you the common weaknesses and their consequences that can allow hackers to attack your system, and – more importantly – best practices you can apply to protect yourself. We cover typical Web vulnerabilities with a focus on how they affect web apps on the entire stack – from the base environment to modern AJAX and HTML5-based frontends. In addition, we discuss the security aspects of different platforms as well as typical programming mistakes you need to be aware of. We present the entire course through live practical exercises to keep it engaging and fun.

Writing secure code will give you a distinct edge over your competitors. It is your choice to be ahead of the pack – take a step and be a game-changer in the fight against cybercrime.

Outline
  • IT security and secure coding

  • Web application security

  • Common coding errors and vulnerabilities

  • Principles of security and secure coding

  • Knowledge sources

participants attending this course will
  • Understand basic concepts of security, IT security and secure coding

  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them

  • Learn about XML security

  • Learn client-side vulnerabilities and secure coding practices

  • Learn about typical coding mistakes and how to avoid them

  • Get information about some recent vulnerabilities in the Java framework

  • Get sources and further readings on secure coding practices

- Duration: 3 days

- Audience: Professionals

Short description

As the field of quantum computing continues to evolve and advance, there is a growing need for professionals with the knowledge and skills to tackle the complex challenges and opportunities it presents.

This comprehensive course is designed to provide participants with a thorough understanding of the fundamental principles and practical applications of quantum computing. Through a blend of theoretical and hands-on learning, participants will gain a deep appreciation for the potential of this cutting-edge technology and be equipped with the skills needed to make a real impact in the field.

Whether you are a researcher, engineer, or simply interested in this exciting and rapidly evolving field, this course offers a unique and valuable opportunity to gain the knowledge and skills needed to succeed in the quantum era.

Outline
  • Introduction to quantum computing

  • Postulates of Quantum Mechanics

  • Bloch sphere

  • IBM Quantum

  • Entanglement

  • Quantum Gates

  • No Cloning Theorem

  • Quantum algorithms

  • Programming in Qiskit

participants attending this course will
  • Gain the skills to accurately calculate the probabilities of quantum states

  • Obtain the knowledge and tools necessary to effectively illustrate quantum bits

  • Have the ability to write quantum circuits using the Qiskit language

  • Become proficient in utilizing the Quantum Computer of IBM

- Duration: 3 days

- Audience: Professionals

Short description

As the field of quantum communication continues to evolve and advance, there is a growing need for professionals with the knowledge and skills to tackle the complex challenges and opportunities it presents.

The course covers the fundamental concepts of quantum communication, including the properties of qubits and quantum registers, the manipulation of quantum states through quantum gates, and the principles and implementations of quantum key distribution.

Additionally, the course delves into various quantum communication protocols and their respective approaches, and the security challenges in quantum communication, such as attacks against quantum key distribution protocols, and the potential applications and future developments of a quantum internet.

Outline
  • Introduction to quantum communication

  • Qubit and quantum register

  • Quantum gates

  • Quantum key distribution

  • Quantum communication protocols

  • Quantum key distribution approaches

  • Attacks against QKD protocols

  • Quantum internet

participants attending this course will
  • Be able to apply their knowledge of quantum key distribution

  • Be equipped to utilize key distribution protocols

  • Be able to comply with existing quantum communication standards

Fundamental courses

Short description

This course is the next step for our participants, who completed either our OWASP Top 10, Java Secure Coding or C# Fundamentals course. This is a follow up training, meaning that in order to attend this, everyone must already have the knowledge that is covered in the Fundamentals.

This follow-up course is tailored to participants working as full-stack or frontend developers using Angular and React. The course dives into modern browser security features, as well as framework specific countermeasures and mitigation techniques.

At the end of the training everyone has the possibility to take an exam, where they are able to measure their level of the gained knowledge.

Outline
  • Client-side security

  • Modern browser security features

  • Introduction to Angular security

  • Protection against XSS in Angular

  • Protection against HTTP-level vulnerabilities

  • Introduction to React security

participants attending this course will
  • Learn client-side vulnerabilities and secure coding practices

  • Understand Content Security Policy

  • Explore the security features of Angular

  • Understand Angular's countermeasures against XSS

  • Understand Angular's countermeasures against HTTP-level vulnerabilities

  • Learn about the security of ReactJS

  • Understand React's countermeasures against XSS

  • Learn about JSON security

- Duration: 2 days

- Audience: Developers

Short description

Web and mobile applications are built from multiple components, but one statement is true for most of them: they need a backend. Since the performance of Go is on par with C, but its design and syntax are much more developer-friendly, it is a popular choice for backend development. However, with great power comes great responsibility.

Following the topics outlined by OWASP but tailored especially for Go developers, this course provides a comprehensive overview of the most common security vulnerabilities in today's web applications and how to avoid them. Next to web security, the course also touches on the basics of cryptography and common Go coding errors through various exercises.

After successful completion of this course, participants will have an in-depth understanding about and hands-on practical experience with the secure coding best practices in Go.

Outline
  • IT security and secure coding

  • Web application security

  • Practical cryptography

  • Common coding errors and vulnerabilities

  • Principles of security and secure coding

  • Knowledge sources

participants attending this course will
  • Understand basic concepts of security, IT security and secure coding

  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them

  • Have practical experience with cryptography in Go

  • Know how to avoid typical coding mistakes and vulnerabilities in Go

  • Get sources and further readings on secure coding practices

- Duration: 2 days

- Audience: Developers

Short description

Writing web applications can be rather complex – reasons range from dealing with legacy technologies or underdocumented third-party components to sharp deadlines and code maintainability. Yet, beyond all that, what if we told you that attackers were trying to break into your code right now? How likely would they be to succeed?

This course will change the way you look at your code. We'll teach you the common weaknesses and their consequences that can allow hackers to attack your system, and – more importantly – best practices you can apply to protect yourself. We cover typical Web vulnerabilities with a focus on how they affect web apps on the entire stack – from the base environment to modern AJAX and HTML5-based frontends. In addition, we discuss the security aspects of different platforms as well as typical programming mistakes you need to be aware of. We present the entire course through live practical exercises to keep it engaging and fun.

Writing secure code will give you a distinct edge over your competitors. It is your choice to be ahead of the pack – take a step and be a game-changer in the fight against cybercrime.

Outline
  • IT security and secure coding

  • Web application security

  • Common coding errors and vulnerabilities

  • Principles of security and secure coding

  • Knowledge sources

participants attending this course will
  • Understand basic concepts of security, IT security and secure coding

  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them

  • Learn about XML security

  • Learn client-side vulnerabilities and secure coding practices

  • Learn about typical coding mistakes and how to avoid them

  • Get information about some recent vulnerabilities in the Java framework

  • Get sources and further readings on secure coding practices

- Duration: 1 days

- Audience: Developers

Short description

This course is the next step for our participants, who completed our OWASP Top 10, Java Secure Coding Fundamentals course. This is a follow up training, meaning that in order to attend this, everyone must already have the knowledge that is covered in the Fundamentals.

This course enables our participants to gain a deeper knowledge in the field, because here we emphasize the Java-specific aspects of secure coding instead of the general vulnerabilities.

At the end of the training everyone has the possibility to take an exam, where they are able to measure their level of the gained knowledge.

Outline
  • Client-side security

  • Practical cryptography

  • Secure communication in Java

  • Java security services

participants attending this course will
  • Learn client-side vulnerabilities and secure coding practices

  • Have a practical understanding of cryptography

  • Learn to use various security features of the Java development environment

- Duration: 2 days

- Audience: Developers

Short description

Writing web applications in Java can be rather complex – reasons range from dealing with legacy technologies or underdocumented third-party components to sharp deadlines and code maintainability. Yet, beyond all that, what if we told you that attackers were trying to break into your code right now? How likely would they be to succeed?

This course will change the way you look at your Java code. We'll teach you the common weaknesses and their consequences that can allow hackers to attack your system, and – more importantly – best practices you can apply to protect yourself. We cover typical Web vulnerabilities with a focus on how they affect Java web apps on the entire stack – from the Java runtime environment to modern AJAX and HTML5-based frontends. In addition, we discuss the security aspects of the Java platform itself as well as typical Java programming mistakes you need to be aware of. We present the entire course through live practical exercises to keep it engaging and fun.

Writing secure code will give you a distinct edge over your competitors. It is your choice to be ahead of the pack – take a step and be a game-changer in the fight against cybercrime.

Outline
  • IT security and secure coding

  • Web application security

  • Common coding errors and vulnerabilities

  • Principles of security and secure coding

  • Knowledge sources

participants attending this course will
  • Understand basic concepts of security, IT security and secure coding

  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them

  • Learn about XML security

  • Learn client-side vulnerabilities and secure coding practices

  • Learn about typical coding mistakes and how to avoid them

  • Get information about some recent vulnerabilities in the Java framework

  • Get sources and further readings on secure coding practices

Short description

This course is the next step for our participants, who completed our OWASP Top 10, C# Secure Coding Fundamentals course. This is a follow up training, meaning that in order to attend this, everyone must already have the knowledge that is covered in the Fundamentals.

This course enables our participants to gain a deeper knowledge in the field, because here we emphasize the C#-specific aspects of secure coding instead of the general vulnerabilities.

At the end of the training everyone has the possibility to take an exam, where they are able to measure their level of the gained knowledge.

Outline
  • Client-side security

  • .NET security architecture and services

  • Practical cryptography

participants attending this course will
  • Learn client-side vulnerabilities and secure coding practices

  • Learn to use various security features of the .NET development environment

  • Have a practical understanding of cryptography

Short description

Writing .NET web applications can be rather complex - reasons range from dealing with legacy technologies or underdocumented third-party components to sharp deadlines and code maintainability. Yet, beyond all that, what if we told you that attackers were trying to break into your code right now? How likely would they be to succeed?

This course will change the way you look at your C# code. We'll teach you the common weaknesses and their consequences that can allow hackers to attack your system, and - more importantly - best practices you can apply to protect yourself. We give you a holistic view on the security aspects of the .NET framework as well as common C# programming mistakes you need to be aware of. We also cover typical Web vulnerabilities with a focus on how they affect ASP.NET web apps on the entire stack. We present the entire course through live practical exercises to keep it engaging and fun.

Outline
  • IT security and secure coding

  • Web application security

  • Common coding errors and vulnerabilities

  • Principles of security and secure coding

  • Knowledge sources

participants attending this course will
  • Understand basic concepts of security, IT security and secure coding

  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them

  • Learn about typical coding mistakes and how to avoid them

  • Get sources and further readings on secure coding practices

Standard courses

Short description

As a developer, your duty is to write bulletproof code. However...

What if we told you that despite all of your efforts, the code you have been writing your entire career is full of weaknesses you never knew existed? What if, as you are reading this, hackers were trying to break into your code? How likely would they be to succeed?

This combined course will change the way you look at code. A hands-on training during which we will teach you all of the attackers’ tricks and how to mitigate them, leaving you with no other feeling than the desire to know more.

It is your choice to be ahead of the pack, and be seen as a game changer in the fight against cybercrime.

Outline
  • IT security and secure coding

  • Common coding errors and vulnerabilities

  • .NET security architecture and services

  • Practical cryptography

  • Desktop application security

  • Data access security in .NET

  • Windows Communication Foundation security

  • Denial of service

  • Principles of security and secure coding

  • Knowledge sources

participants attending this course will
  • Understand basic concepts of security, IT security and secure coding

  • Learn about typical coding mistakes and how to avoid them

  • Learn to use various security features of the .NET development environment

  • Have a practical understanding of cryptography

  • Understand security concepts of Web services

  • Learn about XML security

  • Learn about denial of service attacks and protections

  • Get sources and further readings on secure coding practices

- Duration: 3 days

- Audience: Developers

Short description

To put it bluntly, writing C/C++ code can be a minefield for reasons ranging from memory management or dealing with legacy code to sharp deadlines and code maintainability. Yet, beyond all that, what if we told you that attackers were trying to break into your code right now? How likely would they be to succeed?

This course will change the way you look at your C/C++ code. We'll teach you the common weaknesses and their consequences that can allow hackers to attack your system, and – more importantly – best practices you can apply to protect yourself. We give you a holistic view on C/C++ programming mistakes and their countermeasures from the machine code level to virtual functions and OS memory management. We present the entire course through live practical exercises to keep it engaging and fun.

Writing secure code will give you a distinct edge over your competitors. It is your choice to be ahead of the pack – take a step and be a game-changer in the fight against cybercrime.

Outline
  • IT security and secure coding

  • ARM machine code, memory layout and stack operations

  • Buffer overflow

  • Practical cryptography

  • XML security

  • Common coding errors and vulnerabilities

  • Denial of service

  • Principles of security and secure coding

  • Knowledge sources

participants attending this course will
  • Understand basic concepts of security, IT security and secure coding

  • Realize the severe consequences of unsecure buffer handling

  • Understand the architectural protection techniques and their weaknesses

  • Have a practical understanding of cryptography

  • Learn about XML security

  • Learn about typical coding mistakes and how to avoid them

  • Be informed about recent vulnerabilities in various platforms, frameworks and libraries

  • Learn about denial of service attacks and protections

  • Get sources and further readings on secure coding practices

- Duration: 3 days

- Audience: Developers

Short description

To put it bluntly, writing C/C++ code can be a minefield for reasons ranging from memory management or dealing with legacy code to sharp deadlines and code maintainability. Yet, beyond all that, what if we told you that attackers were trying to break into your code right now? How likely would they be to succeed?

This course will change the way you look at your C/C++ code. We'll teach you the common weaknesses and their consequences that can allow hackers to attack your system, and – more importantly – best practices you can apply to protect yourself. We give you a holistic view on C/C++ programming mistakes and their countermeasures from the machine code level to virtual functions and OS memory management. We present the entire course through live practical exercises to keep it engaging and fun.

Writing secure code will give you a distinct edge over your competitors. It is your choice to be ahead of the pack – take a step and be a game-changer in the fight against cybercrime.

Outline
  • IT security and secure coding

  • x86 machine code, memory layout and stack operations

  • Buffer overflow

  • Practical cryptography

  • XML security

  • Common coding errors and vulnerabilities

  • Principles of security and secure coding

  • Knowledge sources

participants attending this course will
  • Understand basic concepts of security, IT security and secure coding

  • Realize the severe consequences of unsecure buffer handling

  • Understand the architectural protection techniques and their weaknesses

  • Have a practical understanding of cryptography

  • Learn about XML security

  • Learn about typical coding mistakes and how to avoid them

  • Be informed about recent vulnerabilities in various platforms, frameworks and libraries

  • Get sources and further readings on secure coding practices

- Duration: 3 days

- Audience: Developers

Short description

Writing web applications in Java can be rather complex – reasons range from dealing with legacy technologies or underdocumented third-party components to sharp deadlines and code maintainability. Yet, beyond all that, what if we told you that attackers were trying to break into your code right now? How likely would they be to succeed?

This course will change the way you look at your Java code. We'll teach you the common weaknesses and their consequences that can allow hackers to attack your system, and – more importantly – best practices you can apply to protect yourself. We cover typical Web vulnerabilities with a focus on how they affect Java web apps on the entire stack – from the Java runtime environment to modern AJAX and HTML5-based frontends. In addition, we discuss the security aspects of the Java platform itself as well as typical Java programming mistakes you need to be aware of. We present the entire course through live practical exercises to keep it engaging and fun.

Writing secure code will give you a distinct edge over your competitors. It is your choice to be ahead of the pack – take a step and be a game-changer in the fight against cybercrime.

Outline
  • IT security and secure coding

  • Web application security

  • Client-side security

  • Practical cryptography

  • Secure communication in Java

  • Java security services

  • Common coding errors and vulnerabilities

  • Principles of security and secure coding

  • Knowledge sources

participants attending this course will
  • Understand basic concepts of security, IT security and secure coding

  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them

  • Learn about XML security

  • Learn client-side vulnerabilities and secure coding practices

  • Have a practical understanding of cryptography

  • Learn to use various security features of the Java development environment

  • Learn about typical coding mistakes and how to avoid them

  • Get information about some recent vulnerabilities in the Java framework

  • Get sources and further readings on secure coding practices

- Duration: 3 days

- Audience: Developers

Short description

Writing .NET web applications can be rather complex - reasons range from dealing with legacy technologies or underdocumented third-party components to sharp deadlines and code maintainability. Yet, beyond all that, what if we told you that attackers were trying to break into your code right now? How likely would they be to succeed?

This course will change the way you look at your C# code. We'll teach you the common weaknesses and their consequences that can allow hackers to attack your system, and - more importantly - best practices you can apply to protect yourself. We give you a holistic view on the security aspects of the .NET framework as well as common C# programming mistakes you need to be aware of. We also cover typical Web vulnerabilities with a focus on how they affect ASP.NET web apps on the entire stack. We present the entire course through live practical exercises to keep it engaging and fun.

Writing secure code will give you a distinct edge over your competitors. It is your choice to be ahead of the pack - take a step and be a game-changer in the fight against cybercrime.

Outline
  • IT security and secure coding

  • Web application security

  • .NET security architecture and services

  • Practical cryptography

  • Common coding errors and vulnerabilities

  • Principles of security and secure coding

  • Knowledge sources

participants attending this course will
  • Understand basic concepts of security, IT security and secure coding

  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them

  • Learn to use various security features of the .NET development environment

  • Have a practical understanding of cryptography

  • Learn about typical coding mistakes and how to avoid them

  • Get sources and further readings on secure coding practices

- Duration: 3 days

- Audience: Developers

Short description

The Python language is used in many different settings – from command-line tools to complex Web applications. Many of these Python programs are exposed to attack, either by being directly accessible through the Internet or by directly processing user-provided data in a server environment. Developers must therefore be extremely cautious in how to use different technologies securely, and should also have a deep understanding in secure coding techniques and potential pitfalls.

This course covers the most critical security issues in Python applications. We cover vulnerabilities from the OWASP Top Ten list for the web as they concern Python web applications as well as the Django framework. The course also encompasses the most significant security issues for Python code in general (including many Python-specific issues such as function hijacking), while also presenting security solutions provided by the Python ecosystem – such as authentication, access control and encryption.

<i>Understanding the security solutions provided by Python as well as the various security issues and vulnerabilities is a must for all programmers using these technologies to develop web, desktop or server applications. </i></p>

Outline
  • IT security and secure coding

  • Web application security (OWASP Top Ten)

  • Client-side security

  • XML security

  • Python security architecture

  • Practical cryptography

  • Common coding errors and vulnerabilities

  • Denial of service

  • Principles of security and secure coding

  • Knowledge sources

participants attending this course will
  • Understand basic concepts of security, IT security and secure coding

  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them

  • Learn about XML security

  • Learn client-side vulnerabilities and secure coding practices

  • Understand security concepts of Web services

  • Learn about JSON security

  • Learn about Python security architecture

  • Have a practical understanding of cryptography

  • Learn about typical coding mistakes and how to avoid them

  • Learn about denial of service attacks and protections

  • Get sources and further readings on secure coding practices

- Duration: 3 days

- Audience: Developers

Short description

As a developer, your duty is to write bulletproof code. However...

What if we told you that despite all of your efforts, the code you have been writing your entire career is full of weaknesses you never knew existed? What if, as you are reading this, hackers were trying to break into your code? How likely would they be to succeed? What if they could steal away your database and sell it on the black market?

This Web application security course will change the way you look at code. A hands-on training during which we will teach you all of the attackers’ tricks and how to mitigate them, leaving you with no other feeling than the desire to know more.

It is your choice to be ahead of the pack, and be seen as a game changer in the fight against cybercrime.

Outline
  • IT security and secure coding

  • Web application security (OWASP Top Ten)

  • Client-side security

  • Practical cryptography

  • Security protocols

  • Security of Web services

  • Common coding errors and vulnerabilities

  • Denial of service

  • Principles of security and secure coding

  • Knowledge sources

participants attending this course will
  • Understand basic concepts of security, IT security and secure coding

  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them

  • Learn about XML security

  • Learn client-side vulnerabilities and secure coding practices

  • Have a practical understanding of cryptography

  • Understand essential security protocols

  • Understand some recent attacks against cryptosystems

  • Understand security concepts of Web services

  • Learn about JSON security

  • Learn about typical coding mistakes and how to avoid them

  • Get information about some recent vulnerabilities in the Java framework

  • Learn about denial of service attacks and protections

  • Get sources and further readings on secure coding practices

Master courses

- Duration: 5 days

- Audience: Developers, Testers

Short description

As a developer, your duty is to write bulletproof code. However...

What if we told you that despite all of your efforts, the code you have been writing your entire career is full of weaknesses you never knew existed? What if, as you are reading this, hackers were trying to break into your code? How likely would they be to succeed?

This advanced course will change the way you look at code. A hands-on training during which we will teach you all of the attackers’ tricks and how to mitigate them, leaving you with no other feeling than the desire to know more.

It is your choice to be ahead of the pack, and be seen as a game changer in the fight against cybercrime.

Outline
  • IT security and secure coding

  • ARM machine code, memory layout and stack operations

  • Buffer overflow

  • Common coding errors and vulnerabilities

  • Requirements of secure communication

  • Practical cryptography

  • XML security

  • Security protocols

  • Security in the software development lifecycle

  • Security testing

  • Security testing techniques and tools

  • Deployment environment

  • Principles of security and secure coding

  • Knowledge sources

participants attending this course will
  • Understand basic concepts of security, IT security and secure coding

  • Realize the severe consequences of unsecure buffer handling

  • Understand the architectural protection techniques and their weaknesses

  • Learn about typical coding mistakes and how to avoid them

  • Be informed about recent vulnerabilities in various platforms, frameworks and libraries

  • Understand the requirements of secure communication

  • Have a practical understanding of cryptography

  • Learn about XML security

  • Understand essential security protocols

  • Understand some recent attacks against cryptosystems

  • Understand security considerations in the SDLC

  • Understand security testing approaches and methodologies

  • Get practical knowledge in using security testing techniques and tools

  • Learn how to set up and operate the deployment environment securely

  • Get sources and further readings on secure coding practices

- Duration: 5 days

- Audience: Developers, Testers

Short description

As a developer, your duty is to write bulletproof code. However...

What if we told you that despite all of your efforts, the code you have been writing your entire career is full of weaknesses you never knew existed? What if, as you are reading this, hackers were trying to break into your code? How likely would they be to succeed?

This advanced course will change the way you look at code. A hands-on training during which we will teach you all of the attackers’ tricks and how to mitigate them, leaving you with no other feeling than the desire to know more.

It is your choice to be ahead of the pack, and be seen as a game changer in the fight against cybercrime.

Outline
  • IT security and secure coding

  • x86 machine code, memory layout and stack operations

  • Buffer overflow

  • Common coding errors and vulnerabilities

  • Requirements of secure communication

  • Practical cryptography

  • XML security

  • Security protocols

  • Security in the software development lifecycle

  • Security testing

  • Security testing techniques and tools

  • Deployment environment

  • Principles of security and secure coding

  • Knowledge sources

participants attending this course will
  • Understand basic concepts of security, IT security and secure coding

  • Realize the severe consequences of unsecure buffer handling

  • Understand the architectural protection techniques and their weaknesses

  • Learn about typical coding mistakes and how to avoid them

  • Be informed about recent vulnerabilities in various platforms, frameworks and libraries

  • Understand the requirements of secure communication

  • Have a practical understanding of cryptography

  • Learn about XML security

  • Understand essential security protocols

  • Understand some recent attacks against cryptosystems

  • Understand security considerations in the SDLC

  • Understand security testing approaches and methodologies

  • Get practical knowledge in using security testing techniques and tools

  • Learn how to set up and operate the deployment environment securely

  • Get sources and further readings on secure coding practices

- Duration: 5 days

- Audience: Developers, Testers

Short description

Writing web applications in Java can be rather complex – reasons range from dealing with legacy technologies or underdocumented third-party components to sharp deadlines and code maintainability. Yet, beyond all that, what if we told you that attackers were trying to break into your code right now? How likely would they be to succeed?

This course will change the way you look at your Java code. We'll teach you the common weaknesses and their consequences that can allow hackers to attack your system, and – more importantly – best practices you can apply to protect yourself. We cover typical Web vulnerabilities with a focus on how they affect Java web apps on the entire stack – from the Java runtime environment to modern AJAX and HTML5-based frontends. In addition, we discuss the security aspects of the Java platform itself as well as typical Java programming mistakes you need to be aware of. We present the entire course through live practical exercises to keep it engaging and fun.

Writing secure code will give you a distinct edge over your competitors. It is your choice to be ahead of the pack – take a step and be a game-changer in the fight against cybercrime.

Outline
  • IT security and secure coding

  • Web application security (OWASP Top Ten)

  • Client-side security

  • Practical cryptography

  • Java security services

  • Foundations of Java security

  • Secure communication in Java

  • Common coding errors and vulnerabilities

  • Security of Web services

  • Cryptographic vulnerabilities

  • Hibernate security

  • Spring security

  • Denial of service

  • Security testing

  • Principles of security and secure coding

  • Knowledge sources

participants attending this course will
  • Understand basic concepts of security, IT security and secure coding

  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them

  • Learn about XML security

  • Learn client-side vulnerabilities and secure coding practices

  • Have a practical understanding of cryptography

  • Learn to use various security features of the Java development environment

  • Learn about typical coding mistakes and how to avoid them

  • Get information about some recent vulnerabilities in the Java framework

  • Understand security concepts of Web services

  • Learn about JSON security

  • Understand some recent attacks against cryptosystems

  • Learn about Hibernate security

  • Learn about Spring security

  • Learn about denial of service attacks and protections

  • Get practical knowledge in using security testing techniques and tools

  • Get sources and further readings on secure coding practices

- Duration: 5 days

- Audience: Developers, Testers

Short description

As a developer, your duty is to write bulletproof code. However...

What if we told you that despite all of your efforts, the code you have been writing your entire career is full of weaknesses you never knew existed? What if, as you are reading this, hackers were trying to break into your code? How likely would they be to succeed?

This combined course will change the way you look at code. A hands-on training during which we will teach you all of the attackers’ tricks and how to mitigate them, leaving you with no other feeling than the desire to know more.

It is your choice to be ahead of the pack, and be seen as a game changer in the fight against cybercrime.

Outline
  • IT security and secure coding

  • Web application security (OWASP Top Ten)

  • Client-side security

  • Denial of service

  • Data access security in .NET

  • .NET security architecture and services

  • Practical cryptography

  • Security protocols

  • Security of Web services

  • Desktop application security

  • Common coding errors and vulnerabilities

  • Security testing

  • Security testing techniques and tools

  • Principles of security and secure coding

  • Knowledge sources

participants attending this course will
  • Understand basic concepts of security, IT security and secure coding

  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them

  • Learn about XML security

  • Learn client-side vulnerabilities and secure coding practices

  • Learn about denial of service attacks and protections

  • Understand security concepts of Web services

  • Learn about JSON security

  • Learn to use various security features of the .NET development environment

  • Have a practical understanding of cryptography

  • Understand essential security protocols

  • Get information about some recent vulnerabilities in .NET and ASP.NET

  • Learn about typical coding mistakes and how to avoid them

  • Understand security testing approaches and methodologies

  • Get practical knowledge in using security testing techniques and tools

  • Get sources and further readings on secure coding practices

- Duration: 5 days

- Audience: Developers, Testers

Short description

As a developer, your duty is to write bulletproof code. However...

What if we told you that despite all of your efforts, the code you have been writing your entire career is full of weaknesses you never knew existed? What if, as you are reading this, hackers were trying to break into your code? How likely would they be to succeed?

This advanced course will change the way you look at code. A hands-on training during which we will teach you all of the attackers’ tricks and how to mitigate them, leaving you with no other feeling than the desire to know more.

It is your choice to be ahead of the pack, and be seen as a game changer in the fight against cybercrime.

Outline
  • IT security and secure coding

  • Web application security (OWASP Top Ten)

  • Content security policy

  • Client-side security

  • Denial of service

  • Practical cryptography

  • Security protocols

  • Common coding errors and vulnerabilities

  • Security in the software development lifecycle

  • Security testing

  • Security testing methodology

  • Security testing techniques and tools

  • Deployment environment

  • Principles of security and secure coding

  • Knowledge sources

participants attending this course will
  • Understand basic concepts of security, IT security and secure coding

  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them

  • Learn about XML security

  • Understand Content Security Policy

  • Learn client-side vulnerabilities and secure coding practices

  • Learn about denial of service attacks and protections

  • Understand security concepts of Web services

  • Learn about JSON security

  • Have a practical understanding of cryptography

  • Understand essential security protocols

  • Understand some recent attacks against cryptosystems

  • Learn about typical coding mistakes and how to avoid them

  • Get information about some recent vulnerabilities in the Java framework

  • Understand security considerations in the SDLC

  • Understand security testing approaches and methodologies

  • Get practical knowledge in using security testing techniques and tools

  • Learn how to set up and operate the deployment environment securely

  • Get sources and further readings on secure coding practices

Comprehensive courses

- Duration: 4 days

- Audience: Developers

Short description

As a developer, your duty is to write bulletproof code. However...

What if we told you that despite all of your efforts, the code you have been writing your entire career is full of weaknesses you never knew existed? What if, as you are reading this, hackers were trying to break into your code? How likely would they be to succeed?

This advanced course will change the way you look at code. A hands-on training during which we will teach you all of the attackers’ tricks and how to mitigate them, leaving you with no other feeling than the desire to know more.

It is your choice to be ahead of the pack, and be seen as a game changer in the fight against cybercrime.

Outline
  • IT security and secure coding

  • ARM machine code, memory layout and stack operations

  • Buffer overflow

  • Practical cryptography

  • Security protocols

  • Cryptographic vulnerabilities

  • XML security

  • Common coding errors and vulnerabilities

  • Security testing techniques and tools

  • Deployment environment

  • Principles of security and secure coding

  • Knowledge sources

participants attending this course will
  • Understand basic concepts of security, IT security and secure coding

  • Realize the severe consequences of unsecure buffer handling

  • Understand the architectural protection techniques and their weaknesses

  • Have a practical understanding of cryptography

  • Understand essential security protocols

  • Understand some recent attacks against cryptosystems

  • Learn about XML security

  • Learn about typical coding mistakes and how to avoid them

  • Be informed about recent vulnerabilities in various platforms, frameworks and libraries

  • Get practical knowledge in using security testing techniques and tools

  • Learn how to set up and operate the deployment environment securely

  • Get sources and further readings on secure coding practices

- Duration: 4 days

- Audience: Developers

Short description

As a developer, your duty is to write bulletproof code. However...

What if we told you that despite all of your efforts, the code you have been writing your entire career is full of weaknesses you never knew existed? What if, as you are reading this, hackers were trying to break into your code? How likely would they be to succeed?

This advanced course will change the way you look at code. A hands-on training during which we will teach you all of the attackers’ tricks and how to mitigate them, leaving you with no other feeling than the desire to know more.

It is your choice to be ahead of the pack, and be seen as a game changer in the fight against cybercrime.

Outline
  • IT security and secure coding

  • x86 machine code, memory layout and stack operations

  • Buffer overflow

  • Practical cryptography

  • Security protocols

  • Cryptographic vulnerabilities

  • XML security

  • Common coding errors and vulnerabilities

  • Security testing techniques and tools

  • Deployment environment

  • Principles of security and secure coding

  • Knowledge sources

participants attending this course will
  • Understand basic concepts of security, IT security and secure coding

  • Realize the severe consequences of unsecure buffer handling

  • Understand the architectural protection techniques and their weaknesses

  • Have a practical understanding of cryptography

  • Understand essential security protocols

  • Understand some recent attacks against cryptosystems

  • Learn about XML security

  • Learn about typical coding mistakes and how to avoid them

  • Be informed about recent vulnerabilities in various platforms, frameworks and libraries

  • Get practical knowledge in using security testing techniques and tools

  • Learn how to set up and operate the deployment environment securely

  • Get sources and further readings on secure coding practices

Vertical courses

- Duration: 5 days

- Audience: Developers, Testers, Professionals

Short description

<i>“Money makes the world go round....” </i>– remember? And yes: it is your responsibility to secure all that. As a fintech company you have to take up the challenge, and beat the bad guys with bomb-proof, secure applications!

If there is a domain where security is critical, it is definitely fintech. Vulnerability is not an option if you want to stay a trusted and reliable vendor with systems and applications that certainly comply with PCI-DSS requirements. You need devoted secure coders with high-level professional attitude and developers eager to fight all coding problems: yes, you need a skilled team of software engineers.

Want to know why? Just for the record: even though IT security best practices are widely available, 90% of security incidents stem from common vulnerabilities as a result of ignorance and malpractice. So, you better keep loaded in all possible ways with up to date knowledge about secure coding – unless you <i>wanna cry</i>!

We offer a training program exclusively targeting engineers developing applications for the banking and finance sector. Our dedicated trainers share their experience and expertise through hands-on labs, and give real-life case studies from the banking industry – engaging participants in live hacking fun to reveal all consequences of insecure coding.

Outline
  • IT security and secure coding

  • Special threats in the banking and finance sector

  • Regulations and standards

  • Web application security (OWASP Top Ten)

  • Client-side security

  • Security architecture

  • Requirements of secure communication

  • Practical cryptography

  • Crypto libraries and APIs

  • Security protocols

  • Input validation

  • Security of Web services

  • Improper use of security features

  • Object-relational mapping (ORM) security

  • Improper error and exception handling

  • Time and state problems

  • Code quality problems

  • Denial of service

  • Security testing techniques and tools

  • Deployment environment

  • Principles of security and secure coding

  • Knowledge sources

participants attending this course will
  • Understand basic concepts of security, IT security and secure coding

  • Understand security considerations in the SDLC

  • Understand special threats in the banking and finance sector

  • Understand regulations and standards

  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them

  • Learn about XML security

  • Learn client-side vulnerabilities and secure coding practices

  • Have a practical understanding of cryptography

  • Understand the requirements of secure communication

  • Understand essential security protocols

  • Understand some recent attacks against cryptosystems

  • Understand security concepts of Web services

  • Learn about JSON security

  • Learn about typical coding mistakes and how to avoid them

  • Get information about some recent vulnerabilities in the Java framework

  • Learn about denial of service attacks and protections

  • Get practical knowledge in using security testing techniques and tools

  • Learn how to set up and operate the deployment environment securely

  • Get sources and further readings on secure coding practices

- Duration: 5 days

- Audience: Developers, Testers, Professionals

Short description

The past few years have seen a massive increase in attacks, data breaches and medical identity theft targeting the healthcare industry; there have also been various ransomware attacks paralyzing healthcare computer networks as well as the various medical devices connected to them. The rise of mobile devices used in the industry needs to be addressed as well: there is a huge growth of medical software applications for mobiles and tablets that connect the patient with the organization – carrying and storing personally identifiable information (PII).

Healthcare is one of the business domains where security is absolutely crucial. Vulnerability is not an option when working with life-saving devices. There is also significant compliance pressure – if you want to stay a trusted and reliable vendor, your systems and applications need to comply with Health Information Portability and Accountability Act (HIPAA) requirements. To deal with these challenges, you need motivated secure coders with the right skills and the right attitude to fight security problems: a skilled team of software engineers as well as network administrators.

This training program exclusively targets engineers developing applications or maintaining networks for the healthcare sector. Our dedicated trainers share their experience and expertise through hands-on labs, and give real-life case studies from the healthcare industry – engaging participants in live hacking fun to reveal all consequences of insecure coding.

Outline
  • IT security and secure coding

  • Special threats in the healthcare sector

  • Regulations and standards

  • Web application security (OWASP Top Ten)

  • Client-side security

  • Security architecture

  • Requirements of secure communication

  • Practical cryptography

  • Crypto libraries and APIs

  • Security protocols

  • Input validation

  • Security of Web services

  • Improper use of security features

  • Object-relational mapping (ORM) security

  • Improper error and exception handling

  • Time and state problems

  • Code quality problems

  • Denial of service

  • Security testing techniques and tools

  • Principles of security and secure coding

  • Knowledge sources

participants attending this course will
  • Understand basic concepts of security, IT security and secure coding

  • Understand special threats in the healthcare sector

  • Understand regulations and standards

  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them

  • Learn about XML security

  • Learn client-side vulnerabilities and secure coding practices

  • Have a practical understanding of cryptography

  • Understand the requirements of secure communication

  • Understand essential security protocols

  • Understand some recent attacks against cryptosystems

  • Understand security concepts of Web services

  • Learn about JSON security

  • Learn about typical coding mistakes and how to avoid them

  • Get information about some recent vulnerabilities in the Java framework

  • Learn about denial of service attacks and protections

  • Get practical knowledge in using security testing techniques and tools

  • Get sources and further readings on secure coding practices

- Duration: 5 days

- Audience: Developers, Testers, Professionals

Short description

Telecommunication is the foundation on which critical infrastructures are built – all modern technologies heavily rely on its security. The continued adoption of IP-based telecommunication and the exposure of telecom equipment opens additional paths for attackers, with a massive increase in security incidents against telecom systems.

The security of customer premises equipment and the prevalence of Internet of Things (IoT) devices is especially critical, as these devices are directly exposed to attackers and potentially resulting in large-scale attacks against users and companies alike. IoT security is recognized by the industry as a critical area of telecommunications, as evidenced by the efforts of the GSM Alliance to produce a set of IoT security guidelines for network operators.

The threats against telecom systems run the gamut from simple-yet-effective DDoS attacks to large-scale exploitation of vulnerabilities in communication equipment. Ultimately, the best way to deal with these challenges, you need motivated secure coders with the right skills and the right attitude to fight security problems: a skilled team of software and network engineers.

This training program exclusively targets engineers developing software applications or network equipment for the healthcare sector. Our dedicated trainers share their experience and expertise through hands-on labs, and give real-life case studies from the telecom industry – engaging participants in hands-on labs to realize the harsh consequences of insecure coding.

Our dedicated trainers share their experience and expertise through hands-on labs, and give real-life case studies from the telecom industry – engaging participants in hands-on labs to realize the harsh consequences of insecure coding.

Outline
  • IT security and secure coding

  • Special threats in the telecom sector

  • Regulations and standards

  • Web application security

  • Client-side security

  • Practical cryptography

  • Network security

  • Common coding errors and vulnerabilities

  • Foundations of Java security

  • Secure communication in Java

  • Java security services

  • x86 machine code, memory layout and stack operations

  • Buffer overflow

  • Some additional native code-related vulnerabilities

  • Denial of service

  • Principles of security and secure coding

  • Knowledge sources

participants attending this course will
  • Understand basic concepts of security, IT security and secure coding

  • Understand special threats in the telecom sector

  • Understand regulations and standards

  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them

  • Learn about XML security

  • Learn client-side vulnerabilities and secure coding practices

  • Have a practical understanding of cryptography

  • Learn about network attacks and defenses at different OSI layers

  • Learn about typical coding mistakes and how to avoid them

  • Get information about some recent vulnerabilities in the Java framework

  • Learn to use various security features of the Java development environment

  • Understand security concepts of Web services

  • Realize the severe consequences of unsecure buffer handling

  • Understand the architectural protection techniques and their weaknesses

  • Learn about denial of service attacks and protections

  • Get sources and further readings on secure coding practices

Special courses

- Duration: 3 days

- Audience: Developers, Professionals

Short description

Implementing a secure networked application can be difficult, even for developers who may have used various cryptographic building blocks (such as encryption and digital signatures) beforehand. In order to make the participants understand the role and usage of these cryptographic primitives, first a solid foundation on the main requirements of secure communication – secure acknowledgement, integrity, confidentiality, remote identification and anonymity – is given, while also presenting the typical problems that may damage these requirements along with real-world solutions.

As a critical aspect of network security is cryptography, the most important cryptographic algorithms in symmetric cryptography, hashing, asymmetric cryptography, and key agreement are also discussed. Instead of presenting an in-depth mathematical background, these elements are discussed from a developer's perspective, showing typical use-case examples and practical considerations related to the use of crypto, such as public key infrastructures. Security protocols in many different areas of secure communication are introduced, with an in-depth discussion on the most widely-used protocol families such as IPSEC and SSL/TLS.

Finally, as XML technology is central for data exchange by networked applications, the security aspects of XML are described. This includes the usage of XML within web services and SOAP messages alongside protection measures such as XML signature and XML encryption – as well as weaknesses in those protection measures and XML-specific security issues such as XML injection, XML external entity (XXE) attacks, XML bombs, and XPath injection.

Outline
  • IT security and secure coding

  • Requirements of secure communication

  • Network security

  • Practical cryptography

  • Security protocols

  • Cryptographic vulnerabilities

  • Common coding errors and vulnerabilities

  • Knowledge sources

participants attending this course will
  • Understand basic concepts of security, IT security and secure coding

  • Understand the requirements of secure communication

  • Learn about network attacks and defenses at different OSI layers

  • Have a practical understanding of cryptography

  • Understand essential security protocols

  • Understand some recent attacks against cryptosystems

  • Learn about typical coding mistakes and how to avoid them

  • Get information about some recent vulnerabilities in the Java framework

  • Learn about XML security

  • Get information about some recent related vulnerabilities

  • Get sources and further readings on secure coding practices

- Duration: 3 days

- Audience: Developers

Short description

The course will start with a brief overview of cryptographic principles, symmetric, asymmetric encryption, hash-based authentication, digital signatures, the public key architectures and the use of OpenSSL basic commands as the TPM programming will heavily build on these principles.

TPM chip features form a complex toolset in order to provide root of trust protection, measurement of integrity, secure storage and secure auditing and reporting. All these features are backed with key management, organized into special hierarchies. In order to provide a robust solution for measuring the integrity of software and build a secure boot loading procedure, the TPM chips use so-called Platform Counter Registers (PCR). Several exercises will help to understand the operation of the PCR based hash calculation mechanism. The secure and protected storage is solved by the TPM with the concept of non-volatile memory blocks addressed by NV indexes, which also have special forms, like NV Counters, Bit Fields and NV Extend Indexes. Besides these TPM specific concepts, the usual crypto primitives and how TPM supports their secure execution will also be discussed and demonstrated by hands-on exercises.

The more complex application of TPM based secure solutions will be demonstrated on a sample application framework that was developed for educational purposes. This demonstration application covers the topics of device identification, firmware integrity protection, secure boot loader, chain of trust verification remote attestation and encryption-based solutions. Within this application framework on one hand, we will be able to demonstrate the typical implementation mistakes, pitfalls of past incidents that led to exploitable security weaknesses and on the other hand provide hands-on exercises for the participants to implement their secure solutions based on TPM chip features.

The course is supplemented with real world case studies connected to the explained topics.

Outline
  • IT security and secure coding

  • Practical cryptography

  • Basic TPM security features

  • TPM based Cryptographic Operations

  • Firmware Integrity Protection

  • Remote Attestation

  • Principles of security and secure coding

  • Knowledge sources

participants attending this course will
  • Understand basic concepts of security, IT security and secure coding

  • Have a practical understanding of cryptography

  • Learn about various TPM security features

  • Learn about TPM based Cryptographic Operations

  • Understand the concept of PKI based device identification

  • Learn about Firmware integrity protection

  • Learn about Chain of trust verification

  • Learn about Remote attestation

  • Understand the concept of TPM boot loading

- Duration: 3 days

- Audience: Professionals

Short description

The biggest challenge for professionals working on design and development of crypto chip-sets is to be continuously up-to-date regarding the attack methods and their mitigation. Serving them, this course explains various physical and logical attacks on security chips, possible countermeasures and best practices.

Regarding physical attacks, the passive attacks are detailed through optical reverse engineering and various side channel analysis methods, while active attacks are discussed with special emphasis on fault injection, Focused Ion Beams and hardware Trojans. The very powerful passive and active combined attack (PACA) type is introduced through the practical example of RSA implementations. Discussion of logical attacks not only covers practical attacks against specific cryptographic algorithm implementations, but also the relevant programming bugs and mitigation techniques like buffer overflow or integer problems are introduced.

Finally, a set of guidelines is assembled to follow by engineers working in this field, and the testing methods are presented that can help to find and avoid the discussed security flaws and vulnerabilities.

Outline
  • IT security and secure coding

  • Requirements of secure communication

  • Practical cryptography

  • Security protocols

  • Simple physical attacks and protections

  • Passive physical attacks

  • Active physical attacks

  • Passive and active combined attacks

  • Special security functions – Requirements and solutions

  • Principles of security and secure coding

participants attending this course will
  • Understand basic concepts of security, IT security and secure coding

  • Have a practical understanding of cryptography

  • Understand the requirements of secure communication

  • Understand essential security protocols

  • Understand some recent attacks against cryptosystems

- Duration: 3 days

- Audience: Developers

Short description

Today, cryptography protects the confidentiality and integrity of data in all states. Modern cryptographic functions are provided by well-established libraries, one of which is OpenSSL. It is imperative to understand how the pieces fit together, as misusing them can completely nullify the protections applied.

This course explores practical cryptography from the ground up, combining theory, practice using OpenSSL, and real-life case studies. First, we define secure-communication requirements (e.g. confidentiality, integrity) and transition into cryptographic primitives and their properties. Participants learn about symmetric encryption modes, hashing, message authentication codes (MACs), and correct usage. Next, asymmetric encryption is introduced, exploring RSA, DSA, and ECC. We then see how these building blocks construct the Public Key Infrastructure (PKI), certificates, and root of trust. At last, we build the TLS protocol and examine some of its vulnerabilities.

The course is invaluable for anyone working directly or indirectly with cryptographic functions. Following the practices and recommendations in this course ensures that cryptography applied will genuinely serve its function and protect data as intended.

Outline
  • IT security and secure coding

  • Requirements of secure communication

  • Practical cryptography

  • Asymmetric (public-key) cryptography

  • Public Key Infrastructure (PKI)

  • Improper use of cryptography

  • Security protocols

  • Cryptographic vulnerabilities

  • Principles of security and secure coding

  • Knowledge sources

participants attending this course will
  • Understand basic concepts of security, IT security and secure coding

  • Have a practical understanding of cryptography

  • Understand the requirements of secure communication

  • Understand essential security protocols

  • Understand some recent attacks against cryptosystems

  • Get sources and further readings on secure coding practices

- Duration: 3 days

- Audience: Developers, Managers, Professionals

Short description

Migrating to the cloud introduces immense benefits for companies and individuals in terms of efficiency and costs. With respect to security, the effects are quite diverse, but it is a common perception that using cloud services impacts security in a positive manner. Opinions, however, diverge many times even on defining who is responsible for ensuring the security of cloud resources.

Covering IaaS, PaaS and SaaS, first the security of the infrastructure is discussed: hardening and configuration issues as well as various solutions for authentication and authorization alongside identity management that should be at the core of all security architecture. This is followed by some basics regarding legal and contractual issues, namely how trust is established and governed in the cloud.

The journey through cloud security continues with understanding cloud-specific threats and the attackers’ goals and motivations as well as typical attack steps taken against cloud solutions. Special focus is also given to auditing the cloud and providing security evaluation of cloud solutions on all levels, including penetration testing and vulnerability analysis.

The focus of the course is on application security issues, dealing both with data security and the security of the applications themselves. From the standpoint of application security, cloud computing security is not substantially different than general software security, and therefore basically all OWASP-enlisted vulnerabilities are relevant in this domain as well. It is the set of threats and risks that makes the difference, and thus the training is concluded with the enumeration of various cloud-specific attack vectors connected to the weaknesses discussed beforehand.

Outline
  • IT security and secure coding

  • Cloud security basics

  • Threats and risks in the clouds

  • Cloud security solutions

  • Practical cryptography

  • Web application security

  • Denial of service

  • Input validation

  • Data security in the cloud

  • Security audit in the cloud

  • Dynamic security testing

  • Securing the cloud environment

  • Knowledge sources

participants attending this course will
  • Understand basic concepts of security, IT security and secure coding

  • Understand major threats and risks in the cloud domain

  • Learn about elementary cloud security solutions

  • Understand security concepts of Web services

  • Learn about XML security

  • Have a practical understanding of cryptography

  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them

  • Learn about denial of service attacks and protections

  • Learn typical input validation mistakes

  • Understand data security challenges in the cloud

  • Learn about NoSQL security

  • Learn about MongoDB security

  • Understand the challenges of auditing and evaluating cloud systems for security

  • Learn how to secure the cloud environment and infrastructure

  • Learn how to set up and operate the deployment environment securely

  • Get sources and further readings on secure coding practices

- Duration: 3 days

- Audience: Developers, Testers

Short description

To put it bluntly, writing C/C++ code can be a minefield for reasons ranging from memory management or dealing with legacy code to sharp deadlines and code maintainability. Yet, beyond all that, what if we told you that attackers were trying to break into your applications right now? How likely would they be to succeed?

After getting familiar with the common weaknesses and their consequences that can allow hackers to attack your system, participants learn about the general approach and the methodology for security testing, and the techniques that can be applied to reveal specific vulnerabilities. Security testing should start with information gathering about the system (ToC, i.e. Target of Evaluation), then a thorough threat modeling should reveal and rate all threats, arriving to the most appropriate risk analysis-driven test plan.

Security evaluations can happen at various steps of the SDLC, and so we discuss design review, code review, reconnaissance and information gathering about the system, testing the implementation and the testing and hardening the environment for secure deployment. Many different security testing techniques are introduced in details, like taint analysis and heuristics-based code review, static code analysis or fuzzing. Various types of tools are introduced that can be applied in order to automate security evaluation of software products, which is also supported by a number of exercises, where we execute these tools to analyze the already discussed vulnerable code.

This course prepares testers and QA staff to adequately plan and precisely execute security tests for applications written in C or C++, select and use the most appropriate tools and techniques to find even hidden security flaws, and thus gives essential practical skills that can be applied on the next day working day.

Having secure applications will give you a distinct edge over your competitors. It is your choice to be ahead of the pack – take a step and be a game-changer in the fight against cybercrime.

Outline
  • IT security and secure coding

  • x86 machine code, memory layout and stack operations

  • Buffer overflow

  • Common coding errors and vulnerabilities

  • Denial of service

  • Security testing

  • Security testing techniques and tools

  • Deployment environment

  • Principles of security and secure coding

  • Knowledge sources

participants attending this course will
  • Understand basic concepts of security, IT security and secure coding

  • Realize the severe consequences of unsecure buffer handling

  • Understand the architectural protection techniques and their weaknesses

  • Learn about typical coding mistakes and how to avoid them

  • Be informed about recent vulnerabilities in various platforms, frameworks and libraries

  • Learn about denial of service attacks and protections

  • Understand security testing approaches and methodologies

  • Get practical knowledge in using security testing techniques and tools

  • Learn how to set up and operate the deployment environment securely

  • Get sources and further readings on secure coding practices

- Duration: 3 days

- Audience: Developers

Short description

As a developer, your duty is to write bulletproof code. However...

What if we told you that despite all of your efforts, the code you have been writing your entire career is full of weaknesses you never knew existed? What if, as you are reading this, hackers were trying to break into your code? How likely would they be to succeed? What if they could steal away your database and sell it on the black market?

This Web application security course will change the way you look at code. A hands-on training during which we will teach you all of the attackers’ tricks and how to mitigate them, leaving you with no other feeling than the desire to know more.

It is your choice to be ahead of the pack, and be seen as a game changer in the fight against cybercrime.

Outline
  • IT security and secure coding

  • Web application security

  • Client-side security

  • Node.js security

  • Practical cryptography

  • Security of Web services

  • MongoDB security

  • Common coding errors and vulnerabilities

  • Denial of service

  • Principles of security and secure coding

  • Knowledge sources

participants attending this course will
  • Understand basic concepts of security, IT security and secure coding

  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them

  • Learn about XML security

  • Learn client-side vulnerabilities and secure coding practices

  • Learn about Node.js security

  • Have a practical understanding of cryptography

  • Understand security concepts of Web services

  • Learn about JSON security

  • Learn about MongoDB security

  • Learn about typical coding mistakes and how to avoid them

  • Get information about some recent vulnerabilities in the Java framework

  • Learn about denial of service attacks and protections

  • Get sources and further readings on secure coding practices

- Duration: 1 days

- Audience: Developers, Managers

Short description

The course introduces some common security concepts, gives an overview about the nature of the vulnerabilities regardless of the used programming languages and platforms, and explains how to handle the risks that apply regarding software security in the various phases of the software development lifecycle. Without going deeply into technical details, it highlights some of the most interesting and most aching vulnerabilities in various software development technologies, and presents the challenges of security testing, along with some techniques and tools that one can apply to find any existing problems in their code.

Outline
  • Agenda

  • IT security and secure coding

  • Security challenges of various platforms &ndash; highlights &ndash;

  • Challenges of security testing

  • Principles of security and secure coding

  • Knowledge sources

participants attending this course will
  • Understand basic concepts of security, IT security and secure coding

  • Understand Web vulnerabilities both on server and client side

  • Realize the severe consequences of unsecure buffer handling

  • Be informated about some recent vulnerabilities in development environments and frameworks

  • Learn about typical coding mistakes and how to avoid them

  • Understand security testing approaches and methodologies

  • Get sources and further readings on secure coding practices

- Duration: 2 days

- Audience: Developers

Short description

PLCs play a significant role in the world today. They are used in office buildings, factories, and even power plants to automate tasks previously done by relays. While a compromised PLC in an office building usually does not mean a serious threat to the employees, a PLC in a nuclear power plant that has been overtaken by an attacker can cause a blackout in a city or even human deaths.

Embedded PLCs are often used for decades. Therefore, their security is a crucial question. But even when a PLC is manufactured perfectly, human programming and implementation errors are still present.

This course gives an overview of PLC security based on the Top 20 PLC Secure Coding Practices List, explained with examples that can occur anytime in real life.

Outline
  • IT security and secure coding

  • Security architecture of ICS / SCADA / DCS networks

  • PLC Input Validation

  • PLC Access Control and Integrity Check

  • Human Machine Interface (PLC HMI)

  • Secure Coding Principles

  • Principles of security and secure coding

  • Knowledge sources

participants attending this course will
  • Be able to plan a secure industrial architecture

  • Be ready to write code for PLCs with proper input validation

  • Have the competence to implement access control mechanisms

  • Be able to check and ensure the integrity of the code running on the PLC

  • Understand basic concepts of security, IT security and secure coding

  • Be able to display relevant information on the HMI

  • Write modularized code split into sub-routines to enhance maintainability

  • Get sources and further readings on secure coding practices

- Duration: 3 days

- Audience: Developers

Short description

The course provides essential skills for PHP developers necessary to make their applications resistant to contemporary attacks through the Internet. Web vulnerabilities are discussed through PHP-based examples going beyond the OWASP top ten, tackling various injection attacks, script injections, attacks against session handling of PHP, insecure direct object references, issues with file upload, and many others. PHP-related vulnerabilities are introduced grouped into the standard vulnerability types of missing or improper input validation, incorrect error and exception handling, improper use of security features and time- and state-related problems. For this latter we discuss attacks like the open_basedir circumvention, denial-of-service through magic float or the hash table collision attack. In all cases participants will get familiar with the most important techniques and functions to be used to mitigate the enlisted risks.

A special focus is given to client-side security tackling security issues of JavaScript, Ajax and HTML5. A number of security-related extensions to PHP are introduced like hash, mcrypt and OpenSSL for cryptography, or Ctype, ext/filter and HTML Purifier for input validation. Hardening best practices are given in connection with PHP configuration (setting php.ini), Apache and the server in general. Finally, an overview is given to various security testing tools and techniques which developers and testers can use, including security scanners, penetration testing and exploit packs, sniffers, proxy servers, fuzzing tools and static source code analyzers.

Both the introduction of vulnerabilities and the configuration practices are supported by a number of hands-on exercises demonstrating the consequences of successful attacks, showing how to apply mitigation techniques and introducing the use of various extensions and tools.

Outline
  • IT security and secure coding

  • Web application security

  • Client-side security

  • Practical cryptography

  • Deployment environment

  • Denial of service

  • Common coding errors and vulnerabilities

  • XML security

  • Principles of security and secure coding

  • Knowledge sources

participants attending this course will
  • Understand basic concepts of security, IT security and secure coding

  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them

  • Learn about XML security

  • Learn client-side vulnerabilities and secure coding practices

  • Learn to use various security features of PHP

  • Have a practical understanding of cryptography

  • Learn how to set up and operate the deployment environment securely

  • Learn about denial of service attacks and protections

  • Learn about typical coding mistakes and how to avoid them

  • Be informed about recent vulnerabilities of the PHP framework

  • Get sources and further readings on secure coding practices

- Duration: 3 days

- Audience: Professionals

Short description

As the field of quantum computing continues to evolve and advance, there is a growing need for professionals with the knowledge and skills to tackle the complex challenges and opportunities it presents.

This comprehensive course is designed to provide participants with a thorough understanding of the fundamental principles and practical applications of quantum computing. Through a blend of theoretical and hands-on learning, participants will gain a deep appreciation for the potential of this cutting-edge technology and be equipped with the skills needed to make a real impact in the field.

Whether you are a researcher, engineer, or simply interested in this exciting and rapidly evolving field, this course offers a unique and valuable opportunity to gain the knowledge and skills needed to succeed in the quantum era.

Outline
  • Introduction to quantum computing

  • Postulates of Quantum Mechanics

  • Bloch sphere

  • IBM Quantum

  • Entanglement

  • Quantum Gates

  • No Cloning Theorem

  • Quantum algorithms

  • Programming in Qiskit

participants attending this course will
  • Gain the skills to accurately calculate the probabilities of quantum states

  • Obtain the knowledge and tools necessary to effectively illustrate quantum bits

  • Have the ability to write quantum circuits using the Qiskit language

  • Become proficient in utilizing the Quantum Computer of IBM

- Duration: 3 days

- Audience: Professionals

Short description

As the field of quantum communication continues to evolve and advance, there is a growing need for professionals with the knowledge and skills to tackle the complex challenges and opportunities it presents.

The course covers the fundamental concepts of quantum communication, including the properties of qubits and quantum registers, the manipulation of quantum states through quantum gates, and the principles and implementations of quantum key distribution.

Additionally, the course delves into various quantum communication protocols and their respective approaches, and the security challenges in quantum communication, such as attacks against quantum key distribution protocols, and the potential applications and future developments of a quantum internet.

Outline
  • Introduction to quantum communication

  • Qubit and quantum register

  • Quantum gates

  • Quantum key distribution

  • Quantum communication protocols

  • Quantum key distribution approaches

  • Attacks against QKD protocols

  • Quantum internet

participants attending this course will
  • Be able to apply their knowledge of quantum key distribution

  • Be equipped to utilize key distribution protocols

  • Be able to comply with existing quantum communication standards

- Duration: 3 days

- Audience: Developers, Testers

Short description

After getting familiar with the vulnerabilities and the attack methods, participants learn about the general approach and the methodology for security testing, and the techniques that can be applied to reveal specific vulnerabilities. Security testing should start with information gathering about the system (ToC, i.e. Target of Evaluation), then a thorough threat modeling should reveal and rate all threats, arriving to the most appropriate risk analysis-driven test plan.

Security evaluations can happen at various steps of the SDLC, and so we discuss design review, code review, reconnaissance and information gathering about the system, testing the implementation and the testing and hardening the environment for secure deployment. Many different security testing techniques are introduced in details, like taint analysis and heuristics-based code review, static code analysis, dynamic web vulnerability testing or fuzzing. Various types of tools are introduced that can be applied in order to automate security evaluation of software products, which is also supported by a number of exercises, where we execute these tools to analyze the already discussed vulnerable code. Many real life case studies support better understanding of various vulnerabilities.

This course prepares testers and QA staff to adequately plan and precisely execute security tests, select and use the most appropriate tools and techniques to find even hidden security flaws, and thus gives essential practical skills that can be applied on the next day working day.

Outline
  • IT security and secure coding

  • Web application security

  • Client-side security

  • Security testing

  • Security testing techniques and tools

  • Source code review

  • Input validation

  • Improper use of security features

  • Testing the implementation

  • Deployment environment

  • Principles of security and secure coding

  • Knowledge sources

participants attending this course will
  • Understand basic concepts of security, IT security and secure coding

  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them

  • Learn about XML security

  • Learn client-side vulnerabilities and secure coding practices

  • Understand security testing approaches and methodologies

  • Get practical knowledge in using security testing techniques and tools

  • Learn how to set up and operate the deployment environment securely

  • Get sources and further readings on secure coding practices

- Duration: 3 days

- Audience: Developers, Testers

Short description

Testing plays a very important role in ensuring security and robustness of web applications. Various approaches – from high level auditing through penetration testing to ethical hacking – can be applied to find vulnerabilities of different types. However if you want to go beyond the easy-to-find low-hanging fruits, security testing should be well planned and properly executed. Remember: security testers should ideally find all bugs to protect a system, while for adversaries it is enough to find one exploitable vulnerability to penetrate into it.

Attending this course will prepare software testers to adequately plan and precisely execute security tests, select and use the most appropriate tools and techniques to find even hidden security flaws. Practical exercises will help understanding web application vulnerabilities and mitigation techniques, together with hands-on trials of various testing tools from security scanners, through sniffers, proxy servers, fuzzing tools to static source code analyzers, this course gives the essential practical skills that can be applied on the next day at the workplace.

Outline
  • IT security and secure coding

  • Web application security (OWASP Top Ten)

  • Client-side security

  • Denial of service

  • Security testing

  • Security testing techniques and tools

  • Knowledge sources

participants attending this course will
  • Understand basic concepts of security, IT security and secure coding

  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them

  • Learn about XML security

  • Learn client-side vulnerabilities and secure coding practices

  • Understand security concepts of Web services

  • Learn about JSON security

  • Learn about denial of service attacks and protections

  • Understand security testing approaches and methodologies

  • Get practical knowledge in using security testing techniques and tools

  • Get sources and further readings on secure coding practices