Courses
- Duration: 1 days
- Audience: Web Developers
Short description
This course is the next step for our participants, who completed either our OWASP Top 10, Java Secure Coding or C# Fundamentals course. This is a follow up training, meaning that in order to attend this, everyone must already have the knowledge that is covered in the Fundamentals.
This follow-up course is tailored to participants working as full-stack or frontend developers using Angular and React. The course dives into modern browser security features, as well as framework specific countermeasures and mitigation techniques.
At the end of the training everyone has the possibility to take an exam, where they are able to measure their level of the gained knowledge.
Outline
Client-side security
Modern browser security features
Introduction to Angular security
Protection against XSS in Angular
Protection against HTTP-level vulnerabilities
Introduction to React security
participants attending this course will
Learn client-side vulnerabilities and secure coding practices
Understand Content Security Policy
Explore the security features of Angular
Understand Angular's countermeasures against XSS
Understand Angular's countermeasures against HTTP-level vulnerabilities
Learn about the security of ReactJS
Understand React's countermeasures against XSS
Learn about JSON security
Short description
Web and mobile applications are built from multiple components, but one statement is true for most of them: they need a backend. Since the performance of Go is on par with C, but its design and syntax are much more developer-friendly, it is a popular choice for backend development. However, with great power comes great responsibility.
Following the topics outlined by OWASP but tailored especially for Go developers, this course provides a comprehensive overview of the most common security vulnerabilities in today's web applications and how to avoid them. Next to web security, the course also touches on the basics of cryptography and common Go coding errors through various exercises.
After successful completion of this course, participants will have an in-depth understanding about and hands-on practical experience with the secure coding best practices in Go.
Outline
IT security and secure coding
Web application security
Practical cryptography
Common coding errors and vulnerabilities
Principles of security and secure coding
Knowledge sources
participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Have practical experience with cryptography in Go
Know how to avoid typical coding mistakes and vulnerabilities in Go
Get sources and further readings on secure coding practices
Short description
Writing web applications can be rather complex – reasons range from dealing with legacy technologies or underdocumented third-party components to sharp deadlines and code maintainability. Yet, beyond all that, what if we told you that attackers were trying to break into your code right now? How likely would they be to succeed?
This course will change the way you look at your code. We'll teach you the common weaknesses and their consequences that can allow hackers to attack your system, and – more importantly – best practices you can apply to protect yourself. We cover typical Web vulnerabilities with a focus on how they affect web apps on the entire stack – from the base environment to modern AJAX and HTML5-based frontends. In addition, we discuss the security aspects of different platforms as well as typical programming mistakes you need to be aware of. We present the entire course through live practical exercises to keep it engaging and fun.
Writing secure code will give you a distinct edge over your competitors. It is your choice to be ahead of the pack – take a step and be a game-changer in the fight against cybercrime.
Outline
IT security and secure coding
Web application security
Common coding errors and vulnerabilities
Principles of security and secure coding
Knowledge sources
participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn about XML security
Learn client-side vulnerabilities and secure coding practices
Learn about typical coding mistakes and how to avoid them
Get information about some recent vulnerabilities in the Java framework
Get sources and further readings on secure coding practices
Short description
As the field of quantum computing continues to evolve and advance, there is a growing need for professionals with the knowledge and skills to tackle the complex challenges and opportunities it presents.
This comprehensive course is designed to provide participants with a thorough understanding of the fundamental principles and practical applications of quantum computing. Through a blend of theoretical and hands-on learning, participants will gain a deep appreciation for the potential of this cutting-edge technology and be equipped with the skills needed to make a real impact in the field.
Whether you are a researcher, engineer, or simply interested in this exciting and rapidly evolving field, this course offers a unique and valuable opportunity to gain the knowledge and skills needed to succeed in the quantum era.
Outline
Introduction to quantum computing
Postulates of Quantum Mechanics
Bloch sphere
IBM Quantum
Entanglement
Quantum Gates
No Cloning Theorem
Quantum algorithms
Programming in Qiskit
participants attending this course will
Gain the skills to accurately calculate the probabilities of quantum states
Obtain the knowledge and tools necessary to effectively illustrate quantum bits
Have the ability to write quantum circuits using the Qiskit language
Become proficient in utilizing the Quantum Computer of IBM
Short description
As the field of quantum communication continues to evolve and advance, there is a growing need for professionals with the knowledge and skills to tackle the complex challenges and opportunities it presents.
The course covers the fundamental concepts of quantum communication, including the properties of qubits and quantum registers, the manipulation of quantum states through quantum gates, and the principles and implementations of quantum key distribution.
Additionally, the course delves into various quantum communication protocols and their respective approaches, and the security challenges in quantum communication, such as attacks against quantum key distribution protocols, and the potential applications and future developments of a quantum internet.
Outline
Introduction to quantum communication
Qubit and quantum register
Quantum gates
Quantum key distribution
Quantum communication protocols
Quantum key distribution approaches
Attacks against QKD protocols
Quantum internet
participants attending this course will
Be able to apply their knowledge of quantum key distribution
Be equipped to utilize key distribution protocols
Be able to comply with existing quantum communication standards
- Duration: 1 days
- Audience: Web Developers
Short description
This course is the next step for our participants, who completed either our OWASP Top 10, Java Secure Coding or C# Fundamentals course. This is a follow up training, meaning that in order to attend this, everyone must already have the knowledge that is covered in the Fundamentals.
This follow-up course is tailored to participants working as full-stack or frontend developers using Angular and React. The course dives into modern browser security features, as well as framework specific countermeasures and mitigation techniques.
At the end of the training everyone has the possibility to take an exam, where they are able to measure their level of the gained knowledge.
Outline
Client-side security
Modern browser security features
Introduction to Angular security
Protection against XSS in Angular
Protection against HTTP-level vulnerabilities
Introduction to React security
participants attending this course will
Learn client-side vulnerabilities and secure coding practices
Understand Content Security Policy
Explore the security features of Angular
Understand Angular's countermeasures against XSS
Understand Angular's countermeasures against HTTP-level vulnerabilities
Learn about the security of ReactJS
Understand React's countermeasures against XSS
Learn about JSON security
Short description
Web and mobile applications are built from multiple components, but one statement is true for most of them: they need a backend. Since the performance of Go is on par with C, but its design and syntax are much more developer-friendly, it is a popular choice for backend development. However, with great power comes great responsibility.
Following the topics outlined by OWASP but tailored especially for Go developers, this course provides a comprehensive overview of the most common security vulnerabilities in today's web applications and how to avoid them. Next to web security, the course also touches on the basics of cryptography and common Go coding errors through various exercises.
After successful completion of this course, participants will have an in-depth understanding about and hands-on practical experience with the secure coding best practices in Go.
Outline
IT security and secure coding
Web application security
Practical cryptography
Common coding errors and vulnerabilities
Principles of security and secure coding
Knowledge sources
participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Have practical experience with cryptography in Go
Know how to avoid typical coding mistakes and vulnerabilities in Go
Get sources and further readings on secure coding practices
Short description
Writing web applications can be rather complex – reasons range from dealing with legacy technologies or underdocumented third-party components to sharp deadlines and code maintainability. Yet, beyond all that, what if we told you that attackers were trying to break into your code right now? How likely would they be to succeed?
This course will change the way you look at your code. We'll teach you the common weaknesses and their consequences that can allow hackers to attack your system, and – more importantly – best practices you can apply to protect yourself. We cover typical Web vulnerabilities with a focus on how they affect web apps on the entire stack – from the base environment to modern AJAX and HTML5-based frontends. In addition, we discuss the security aspects of different platforms as well as typical programming mistakes you need to be aware of. We present the entire course through live practical exercises to keep it engaging and fun.
Writing secure code will give you a distinct edge over your competitors. It is your choice to be ahead of the pack – take a step and be a game-changer in the fight against cybercrime.
Outline
IT security and secure coding
Web application security
Common coding errors and vulnerabilities
Principles of security and secure coding
Knowledge sources
participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn about XML security
Learn client-side vulnerabilities and secure coding practices
Learn about typical coding mistakes and how to avoid them
Get information about some recent vulnerabilities in the Java framework
Get sources and further readings on secure coding practices
Short description
This course is the next step for our participants, who completed our OWASP Top 10, Java Secure Coding Fundamentals course. This is a follow up training, meaning that in order to attend this, everyone must already have the knowledge that is covered in the Fundamentals.
This course enables our participants to gain a deeper knowledge in the field, because here we emphasize the Java-specific aspects of secure coding instead of the general vulnerabilities.
At the end of the training everyone has the possibility to take an exam, where they are able to measure their level of the gained knowledge.
Outline
Client-side security
Practical cryptography
Secure communication in Java
Java security services
participants attending this course will
Learn client-side vulnerabilities and secure coding practices
Have a practical understanding of cryptography
Learn to use various security features of the Java development environment
Short description
Writing web applications in Java can be rather complex – reasons range from dealing with legacy technologies or underdocumented third-party components to sharp deadlines and code maintainability. Yet, beyond all that, what if we told you that attackers were trying to break into your code right now? How likely would they be to succeed?
This course will change the way you look at your Java code. We'll teach you the common weaknesses and their consequences that can allow hackers to attack your system, and – more importantly – best practices you can apply to protect yourself. We cover typical Web vulnerabilities with a focus on how they affect Java web apps on the entire stack – from the Java runtime environment to modern AJAX and HTML5-based frontends. In addition, we discuss the security aspects of the Java platform itself as well as typical Java programming mistakes you need to be aware of. We present the entire course through live practical exercises to keep it engaging and fun.
Writing secure code will give you a distinct edge over your competitors. It is your choice to be ahead of the pack – take a step and be a game-changer in the fight against cybercrime.
Outline
IT security and secure coding
Web application security
Common coding errors and vulnerabilities
Principles of security and secure coding
Knowledge sources
participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn about XML security
Learn client-side vulnerabilities and secure coding practices
Learn about typical coding mistakes and how to avoid them
Get information about some recent vulnerabilities in the Java framework
Get sources and further readings on secure coding practices
- Duration: 1 days
- Audience: Developers
Short description
This course is the next step for our participants, who completed our OWASP Top 10, C# Secure Coding Fundamentals course. This is a follow up training, meaning that in order to attend this, everyone must already have the knowledge that is covered in the Fundamentals.
This course enables our participants to gain a deeper knowledge in the field, because here we emphasize the C#-specific aspects of secure coding instead of the general vulnerabilities.
At the end of the training everyone has the possibility to take an exam, where they are able to measure their level of the gained knowledge.
Outline
Client-side security
.NET security architecture and services
Practical cryptography
participants attending this course will
Learn client-side vulnerabilities and secure coding practices
Learn to use various security features of the .NET development environment
Have a practical understanding of cryptography
- Duration: 2 days
- Audience: Developers
Short description
Writing .NET web applications can be rather complex - reasons range from dealing with legacy technologies or underdocumented third-party components to sharp deadlines and code maintainability. Yet, beyond all that, what if we told you that attackers were trying to break into your code right now? How likely would they be to succeed?
This course will change the way you look at your C# code. We'll teach you the common weaknesses and their consequences that can allow hackers to attack your system, and - more importantly - best practices you can apply to protect yourself. We give you a holistic view on the security aspects of the .NET framework as well as common C# programming mistakes you need to be aware of. We also cover typical Web vulnerabilities with a focus on how they affect ASP.NET web apps on the entire stack. We present the entire course through live practical exercises to keep it engaging and fun.
Outline
IT security and secure coding
Web application security
Common coding errors and vulnerabilities
Principles of security and secure coding
Knowledge sources
participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn about typical coding mistakes and how to avoid them
Get sources and further readings on secure coding practices
- Duration: 3 days
- Audience: Developers
Short description
As a developer, your duty is to write bulletproof code. However...
What if we told you that despite all of your efforts, the code you have been writing your entire career is full of weaknesses you never knew existed? What if, as you are reading this, hackers were trying to break into your code? How likely would they be to succeed?
This combined course will change the way you look at code. A hands-on training during which we will teach you all of the attackers’ tricks and how to mitigate them, leaving you with no other feeling than the desire to know more.
It is your choice to be ahead of the pack, and be seen as a game changer in the fight against cybercrime.
Outline
IT security and secure coding
Common coding errors and vulnerabilities
.NET security architecture and services
Practical cryptography
Desktop application security
Data access security in .NET
Windows Communication Foundation security
Denial of service
Principles of security and secure coding
Knowledge sources
participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn about typical coding mistakes and how to avoid them
Learn to use various security features of the .NET development environment
Have a practical understanding of cryptography
Understand security concepts of Web services
Learn about XML security
Learn about denial of service attacks and protections
Get sources and further readings on secure coding practices
Short description
To put it bluntly, writing C/C++ code can be a minefield for reasons ranging from memory management or dealing with legacy code to sharp deadlines and code maintainability. Yet, beyond all that, what if we told you that attackers were trying to break into your code right now? How likely would they be to succeed?
This course will change the way you look at your C/C++ code. We'll teach you the common weaknesses and their consequences that can allow hackers to attack your system, and – more importantly – best practices you can apply to protect yourself. We give you a holistic view on C/C++ programming mistakes and their countermeasures from the machine code level to virtual functions and OS memory management. We present the entire course through live practical exercises to keep it engaging and fun.
Writing secure code will give you a distinct edge over your competitors. It is your choice to be ahead of the pack – take a step and be a game-changer in the fight against cybercrime.
Outline
IT security and secure coding
ARM machine code, memory layout and stack operations
Buffer overflow
Practical cryptography
XML security
Common coding errors and vulnerabilities
Denial of service
Principles of security and secure coding
Knowledge sources
participants attending this course will
Understand basic concepts of security, IT security and secure coding
Realize the severe consequences of unsecure buffer handling
Understand the architectural protection techniques and their weaknesses
Have a practical understanding of cryptography
Learn about XML security
Learn about typical coding mistakes and how to avoid them
Be informed about recent vulnerabilities in various platforms, frameworks and libraries
Learn about denial of service attacks and protections
Get sources and further readings on secure coding practices
Short description
To put it bluntly, writing C/C++ code can be a minefield for reasons ranging from memory management or dealing with legacy code to sharp deadlines and code maintainability. Yet, beyond all that, what if we told you that attackers were trying to break into your code right now? How likely would they be to succeed?
This course will change the way you look at your C/C++ code. We'll teach you the common weaknesses and their consequences that can allow hackers to attack your system, and – more importantly – best practices you can apply to protect yourself. We give you a holistic view on C/C++ programming mistakes and their countermeasures from the machine code level to virtual functions and OS memory management. We present the entire course through live practical exercises to keep it engaging and fun.
Writing secure code will give you a distinct edge over your competitors. It is your choice to be ahead of the pack – take a step and be a game-changer in the fight against cybercrime.
Outline
IT security and secure coding
x86 machine code, memory layout and stack operations
Buffer overflow
Practical cryptography
XML security
Common coding errors and vulnerabilities
Principles of security and secure coding
Knowledge sources
participants attending this course will
Understand basic concepts of security, IT security and secure coding
Realize the severe consequences of unsecure buffer handling
Understand the architectural protection techniques and their weaknesses
Have a practical understanding of cryptography
Learn about XML security
Learn about typical coding mistakes and how to avoid them
Be informed about recent vulnerabilities in various platforms, frameworks and libraries
Get sources and further readings on secure coding practices
Short description
Writing web applications in Java can be rather complex – reasons range from dealing with legacy technologies or underdocumented third-party components to sharp deadlines and code maintainability. Yet, beyond all that, what if we told you that attackers were trying to break into your code right now? How likely would they be to succeed?
This course will change the way you look at your Java code. We'll teach you the common weaknesses and their consequences that can allow hackers to attack your system, and – more importantly – best practices you can apply to protect yourself. We cover typical Web vulnerabilities with a focus on how they affect Java web apps on the entire stack – from the Java runtime environment to modern AJAX and HTML5-based frontends. In addition, we discuss the security aspects of the Java platform itself as well as typical Java programming mistakes you need to be aware of. We present the entire course through live practical exercises to keep it engaging and fun.
Writing secure code will give you a distinct edge over your competitors. It is your choice to be ahead of the pack – take a step and be a game-changer in the fight against cybercrime.
Outline
IT security and secure coding
Web application security
Client-side security
Practical cryptography
Secure communication in Java
Java security services
Common coding errors and vulnerabilities
Principles of security and secure coding
Knowledge sources
participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn about XML security
Learn client-side vulnerabilities and secure coding practices
Have a practical understanding of cryptography
Learn to use various security features of the Java development environment
Learn about typical coding mistakes and how to avoid them
Get information about some recent vulnerabilities in the Java framework
Get sources and further readings on secure coding practices
Short description
Writing .NET web applications can be rather complex - reasons range from dealing with legacy technologies or underdocumented third-party components to sharp deadlines and code maintainability. Yet, beyond all that, what if we told you that attackers were trying to break into your code right now? How likely would they be to succeed?
This course will change the way you look at your C# code. We'll teach you the common weaknesses and their consequences that can allow hackers to attack your system, and - more importantly - best practices you can apply to protect yourself. We give you a holistic view on the security aspects of the .NET framework as well as common C# programming mistakes you need to be aware of. We also cover typical Web vulnerabilities with a focus on how they affect ASP.NET web apps on the entire stack. We present the entire course through live practical exercises to keep it engaging and fun.
Writing secure code will give you a distinct edge over your competitors. It is your choice to be ahead of the pack - take a step and be a game-changer in the fight against cybercrime.
Outline
IT security and secure coding
Web application security
.NET security architecture and services
Practical cryptography
Common coding errors and vulnerabilities
Principles of security and secure coding
Knowledge sources
participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn to use various security features of the .NET development environment
Have a practical understanding of cryptography
Learn about typical coding mistakes and how to avoid them
Get sources and further readings on secure coding practices
Short description
The Python language is used in many different settings – from command-line tools to complex Web applications. Many of these Python programs are exposed to attack, either by being directly accessible through the Internet or by directly processing user-provided data in a server environment. Developers must therefore be extremely cautious in how to use different technologies securely, and should also have a deep understanding in secure coding techniques and potential pitfalls.
This course covers the most critical security issues in Python applications. We cover vulnerabilities from the OWASP Top Ten list for the web as they concern Python web applications as well as the Django framework. The course also encompasses the most significant security issues for Python code in general (including many Python-specific issues such as function hijacking), while also presenting security solutions provided by the Python ecosystem – such as authentication, access control and encryption.
<i>Understanding the security solutions provided by Python as well as the various security issues and vulnerabilities is a must for all programmers using these technologies to develop web, desktop or server applications. </i></p>
Outline
IT security and secure coding
Web application security (OWASP Top Ten)
Client-side security
XML security
Python security architecture
Practical cryptography
Common coding errors and vulnerabilities
Denial of service
Principles of security and secure coding
Knowledge sources
participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn about XML security
Learn client-side vulnerabilities and secure coding practices
Understand security concepts of Web services
Learn about JSON security
Learn about Python security architecture
Have a practical understanding of cryptography
Learn about typical coding mistakes and how to avoid them
Learn about denial of service attacks and protections
Get sources and further readings on secure coding practices
Short description
As a developer, your duty is to write bulletproof code. However...
What if we told you that despite all of your efforts, the code you have been writing your entire career is full of weaknesses you never knew existed? What if, as you are reading this, hackers were trying to break into your code? How likely would they be to succeed? What if they could steal away your database and sell it on the black market?
This Web application security course will change the way you look at code. A hands-on training during which we will teach you all of the attackers’ tricks and how to mitigate them, leaving you with no other feeling than the desire to know more.
It is your choice to be ahead of the pack, and be seen as a game changer in the fight against cybercrime.
Outline
IT security and secure coding
Web application security (OWASP Top Ten)
Client-side security
Practical cryptography
Security protocols
Security of Web services
Common coding errors and vulnerabilities
Denial of service
Principles of security and secure coding
Knowledge sources
participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn about XML security
Learn client-side vulnerabilities and secure coding practices
Have a practical understanding of cryptography
Understand essential security protocols
Understand some recent attacks against cryptosystems
Understand security concepts of Web services
Learn about JSON security
Learn about typical coding mistakes and how to avoid them
Get information about some recent vulnerabilities in the Java framework
Learn about denial of service attacks and protections
Get sources and further readings on secure coding practices
Short description
As a developer, your duty is to write bulletproof code. However...
What if we told you that despite all of your efforts, the code you have been writing your entire career is full of weaknesses you never knew existed? What if, as you are reading this, hackers were trying to break into your code? How likely would they be to succeed?
This advanced course will change the way you look at code. A hands-on training during which we will teach you all of the attackers’ tricks and how to mitigate them, leaving you with no other feeling than the desire to know more.
It is your choice to be ahead of the pack, and be seen as a game changer in the fight against cybercrime.
Outline
IT security and secure coding
ARM machine code, memory layout and stack operations
Buffer overflow
Common coding errors and vulnerabilities
Requirements of secure communication
Practical cryptography
XML security
Security protocols
Security in the software development lifecycle
Security testing
Security testing techniques and tools
Deployment environment
Principles of security and secure coding
Knowledge sources
participants attending this course will
Understand basic concepts of security, IT security and secure coding
Realize the severe consequences of unsecure buffer handling
Understand the architectural protection techniques and their weaknesses
Learn about typical coding mistakes and how to avoid them
Be informed about recent vulnerabilities in various platforms, frameworks and libraries
Understand the requirements of secure communication
Have a practical understanding of cryptography
Learn about XML security
Understand essential security protocols
Understand some recent attacks against cryptosystems
Understand security considerations in the SDLC
Understand security testing approaches and methodologies
Get practical knowledge in using security testing techniques and tools
Learn how to set up and operate the deployment environment securely
Get sources and further readings on secure coding practices
Short description
As a developer, your duty is to write bulletproof code. However...
What if we told you that despite all of your efforts, the code you have been writing your entire career is full of weaknesses you never knew existed? What if, as you are reading this, hackers were trying to break into your code? How likely would they be to succeed?
This advanced course will change the way you look at code. A hands-on training during which we will teach you all of the attackers’ tricks and how to mitigate them, leaving you with no other feeling than the desire to know more.
It is your choice to be ahead of the pack, and be seen as a game changer in the fight against cybercrime.
Outline
IT security and secure coding
x86 machine code, memory layout and stack operations
Buffer overflow
Common coding errors and vulnerabilities
Requirements of secure communication
Practical cryptography
XML security
Security protocols
Security in the software development lifecycle
Security testing
Security testing techniques and tools
Deployment environment
Principles of security and secure coding
Knowledge sources
participants attending this course will
Understand basic concepts of security, IT security and secure coding
Realize the severe consequences of unsecure buffer handling
Understand the architectural protection techniques and their weaknesses
Learn about typical coding mistakes and how to avoid them
Be informed about recent vulnerabilities in various platforms, frameworks and libraries
Understand the requirements of secure communication
Have a practical understanding of cryptography
Learn about XML security
Understand essential security protocols
Understand some recent attacks against cryptosystems
Understand security considerations in the SDLC
Understand security testing approaches and methodologies
Get practical knowledge in using security testing techniques and tools
Learn how to set up and operate the deployment environment securely
Get sources and further readings on secure coding practices
- Duration: 5 days
- Audience: Developers, Testers
Short description
Writing web applications in Java can be rather complex – reasons range from dealing with legacy technologies or underdocumented third-party components to sharp deadlines and code maintainability. Yet, beyond all that, what if we told you that attackers were trying to break into your code right now? How likely would they be to succeed?
This course will change the way you look at your Java code. We'll teach you the common weaknesses and their consequences that can allow hackers to attack your system, and – more importantly – best practices you can apply to protect yourself. We cover typical Web vulnerabilities with a focus on how they affect Java web apps on the entire stack – from the Java runtime environment to modern AJAX and HTML5-based frontends. In addition, we discuss the security aspects of the Java platform itself as well as typical Java programming mistakes you need to be aware of. We present the entire course through live practical exercises to keep it engaging and fun.
Writing secure code will give you a distinct edge over your competitors. It is your choice to be ahead of the pack – take a step and be a game-changer in the fight against cybercrime.
Outline
IT security and secure coding
Web application security (OWASP Top Ten)
Client-side security
Practical cryptography
Java security services
Foundations of Java security
Secure communication in Java
Common coding errors and vulnerabilities
Security of Web services
Cryptographic vulnerabilities
Hibernate security
Spring security
Denial of service
Security testing
Principles of security and secure coding
Knowledge sources
participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn about XML security
Learn client-side vulnerabilities and secure coding practices
Have a practical understanding of cryptography
Learn to use various security features of the Java development environment
Learn about typical coding mistakes and how to avoid them
Get information about some recent vulnerabilities in the Java framework
Understand security concepts of Web services
Learn about JSON security
Understand some recent attacks against cryptosystems
Learn about Hibernate security
Learn about Spring security
Learn about denial of service attacks and protections
Get practical knowledge in using security testing techniques and tools
Get sources and further readings on secure coding practices
- Duration: 5 days
- Audience: Developers, Testers
Short description
As a developer, your duty is to write bulletproof code. However...
What if we told you that despite all of your efforts, the code you have been writing your entire career is full of weaknesses you never knew existed? What if, as you are reading this, hackers were trying to break into your code? How likely would they be to succeed?
This combined course will change the way you look at code. A hands-on training during which we will teach you all of the attackers’ tricks and how to mitigate them, leaving you with no other feeling than the desire to know more.
It is your choice to be ahead of the pack, and be seen as a game changer in the fight against cybercrime.
Outline
IT security and secure coding
Web application security (OWASP Top Ten)
Client-side security
Denial of service
Data access security in .NET
.NET security architecture and services
Practical cryptography
Security protocols
Security of Web services
Desktop application security
Common coding errors and vulnerabilities
Security testing
Security testing techniques and tools
Principles of security and secure coding
Knowledge sources
participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn about XML security
Learn client-side vulnerabilities and secure coding practices
Learn about denial of service attacks and protections
Understand security concepts of Web services
Learn about JSON security
Learn to use various security features of the .NET development environment
Have a practical understanding of cryptography
Understand essential security protocols
Get information about some recent vulnerabilities in .NET and ASP.NET
Learn about typical coding mistakes and how to avoid them
Understand security testing approaches and methodologies
Get practical knowledge in using security testing techniques and tools
Get sources and further readings on secure coding practices
Short description
As a developer, your duty is to write bulletproof code. However...
What if we told you that despite all of your efforts, the code you have been writing your entire career is full of weaknesses you never knew existed? What if, as you are reading this, hackers were trying to break into your code? How likely would they be to succeed?
This advanced course will change the way you look at code. A hands-on training during which we will teach you all of the attackers’ tricks and how to mitigate them, leaving you with no other feeling than the desire to know more.
It is your choice to be ahead of the pack, and be seen as a game changer in the fight against cybercrime.
Outline
IT security and secure coding
Web application security (OWASP Top Ten)
Content security policy
Client-side security
Denial of service
Practical cryptography
Security protocols
Common coding errors and vulnerabilities
Security in the software development lifecycle
Security testing
Security testing methodology
Security testing techniques and tools
Deployment environment
Principles of security and secure coding
Knowledge sources
participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn about XML security
Understand Content Security Policy
Learn client-side vulnerabilities and secure coding practices
Learn about denial of service attacks and protections
Understand security concepts of Web services
Learn about JSON security
Have a practical understanding of cryptography
Understand essential security protocols
Understand some recent attacks against cryptosystems
Learn about typical coding mistakes and how to avoid them
Get information about some recent vulnerabilities in the Java framework
Understand security considerations in the SDLC
Understand security testing approaches and methodologies
Get practical knowledge in using security testing techniques and tools
Learn how to set up and operate the deployment environment securely
Get sources and further readings on secure coding practices
Short description
As a developer, your duty is to write bulletproof code. However...
What if we told you that despite all of your efforts, the code you have been writing your entire career is full of weaknesses you never knew existed? What if, as you are reading this, hackers were trying to break into your code? How likely would they be to succeed?
This advanced course will change the way you look at code. A hands-on training during which we will teach you all of the attackers’ tricks and how to mitigate them, leaving you with no other feeling than the desire to know more.
It is your choice to be ahead of the pack, and be seen as a game changer in the fight against cybercrime.
Outline
IT security and secure coding
ARM machine code, memory layout and stack operations
Buffer overflow
Practical cryptography
Security protocols
Cryptographic vulnerabilities
XML security
Common coding errors and vulnerabilities
Security testing techniques and tools
Deployment environment
Principles of security and secure coding
Knowledge sources
participants attending this course will
Understand basic concepts of security, IT security and secure coding
Realize the severe consequences of unsecure buffer handling
Understand the architectural protection techniques and their weaknesses
Have a practical understanding of cryptography
Understand essential security protocols
Understand some recent attacks against cryptosystems
Learn about XML security
Learn about typical coding mistakes and how to avoid them
Be informed about recent vulnerabilities in various platforms, frameworks and libraries
Get practical knowledge in using security testing techniques and tools
Learn how to set up and operate the deployment environment securely
Get sources and further readings on secure coding practices
Short description
As a developer, your duty is to write bulletproof code. However...
What if we told you that despite all of your efforts, the code you have been writing your entire career is full of weaknesses you never knew existed? What if, as you are reading this, hackers were trying to break into your code? How likely would they be to succeed?
This advanced course will change the way you look at code. A hands-on training during which we will teach you all of the attackers’ tricks and how to mitigate them, leaving you with no other feeling than the desire to know more.
It is your choice to be ahead of the pack, and be seen as a game changer in the fight against cybercrime.
Outline
IT security and secure coding
x86 machine code, memory layout and stack operations
Buffer overflow
Practical cryptography
Security protocols
Cryptographic vulnerabilities
XML security
Common coding errors and vulnerabilities
Security testing techniques and tools
Deployment environment
Principles of security and secure coding
Knowledge sources
participants attending this course will
Understand basic concepts of security, IT security and secure coding
Realize the severe consequences of unsecure buffer handling
Understand the architectural protection techniques and their weaknesses
Have a practical understanding of cryptography
Understand essential security protocols
Understand some recent attacks against cryptosystems
Learn about XML security
Learn about typical coding mistakes and how to avoid them
Be informed about recent vulnerabilities in various platforms, frameworks and libraries
Get practical knowledge in using security testing techniques and tools
Learn how to set up and operate the deployment environment securely
Get sources and further readings on secure coding practices
- Duration: 5 days
- Audience: Developers, Testers, Professionals
Short description
<i>“Money makes the world go round....” </i>– remember? And yes: it is your responsibility to secure all that. As a fintech company you have to take up the challenge, and beat the bad guys with bomb-proof, secure applications!
If there is a domain where security is critical, it is definitely fintech. Vulnerability is not an option if you want to stay a trusted and reliable vendor with systems and applications that certainly comply with PCI-DSS requirements. You need devoted secure coders with high-level professional attitude and developers eager to fight all coding problems: yes, you need a skilled team of software engineers.
Want to know why? Just for the record: even though IT security best practices are widely available, 90% of security incidents stem from common vulnerabilities as a result of ignorance and malpractice. So, you better keep loaded in all possible ways with up to date knowledge about secure coding – unless you <i>wanna cry</i>!
We offer a training program exclusively targeting engineers developing applications for the banking and finance sector. Our dedicated trainers share their experience and expertise through hands-on labs, and give real-life case studies from the banking industry – engaging participants in live hacking fun to reveal all consequences of insecure coding.
Outline
IT security and secure coding
Special threats in the banking and finance sector
Regulations and standards
Web application security (OWASP Top Ten)
Client-side security
Security architecture
Requirements of secure communication
Practical cryptography
Crypto libraries and APIs
Security protocols
Input validation
Security of Web services
Improper use of security features
Object-relational mapping (ORM) security
Improper error and exception handling
Time and state problems
Code quality problems
Denial of service
Security testing techniques and tools
Deployment environment
Principles of security and secure coding
Knowledge sources
participants attending this course will
Understand basic concepts of security, IT security and secure coding
Understand security considerations in the SDLC
Understand special threats in the banking and finance sector
Understand regulations and standards
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn about XML security
Learn client-side vulnerabilities and secure coding practices
Have a practical understanding of cryptography
Understand the requirements of secure communication
Understand essential security protocols
Understand some recent attacks against cryptosystems
Understand security concepts of Web services
Learn about JSON security
Learn about typical coding mistakes and how to avoid them
Get information about some recent vulnerabilities in the Java framework
Learn about denial of service attacks and protections
Get practical knowledge in using security testing techniques and tools
Learn how to set up and operate the deployment environment securely
Get sources and further readings on secure coding practices
- Duration: 5 days
- Audience: Developers, Testers, Professionals
Short description
The past few years have seen a massive increase in attacks, data breaches and medical identity theft targeting the healthcare industry; there have also been various ransomware attacks paralyzing healthcare computer networks as well as the various medical devices connected to them. The rise of mobile devices used in the industry needs to be addressed as well: there is a huge growth of medical software applications for mobiles and tablets that connect the patient with the organization – carrying and storing personally identifiable information (PII).
Healthcare is one of the business domains where security is absolutely crucial. Vulnerability is not an option when working with life-saving devices. There is also significant compliance pressure – if you want to stay a trusted and reliable vendor, your systems and applications need to comply with Health Information Portability and Accountability Act (HIPAA) requirements. To deal with these challenges, you need motivated secure coders with the right skills and the right attitude to fight security problems: a skilled team of software engineers as well as network administrators.
This training program exclusively targets engineers developing applications or maintaining networks for the healthcare sector. Our dedicated trainers share their experience and expertise through hands-on labs, and give real-life case studies from the healthcare industry – engaging participants in live hacking fun to reveal all consequences of insecure coding.
Outline
IT security and secure coding
Special threats in the healthcare sector
Regulations and standards
Web application security (OWASP Top Ten)
Client-side security
Security architecture
Requirements of secure communication
Practical cryptography
Crypto libraries and APIs
Security protocols
Input validation
Security of Web services
Improper use of security features
Object-relational mapping (ORM) security
Improper error and exception handling
Time and state problems
Code quality problems
Denial of service
Security testing techniques and tools
Principles of security and secure coding
Knowledge sources
participants attending this course will
Understand basic concepts of security, IT security and secure coding
Understand special threats in the healthcare sector
Understand regulations and standards
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn about XML security
Learn client-side vulnerabilities and secure coding practices
Have a practical understanding of cryptography
Understand the requirements of secure communication
Understand essential security protocols
Understand some recent attacks against cryptosystems
Understand security concepts of Web services
Learn about JSON security
Learn about typical coding mistakes and how to avoid them
Get information about some recent vulnerabilities in the Java framework
Learn about denial of service attacks and protections
Get practical knowledge in using security testing techniques and tools
Get sources and further readings on secure coding practices
- Duration: 5 days
- Audience: Developers, Testers, Professionals
Short description
Telecommunication is the foundation on which critical infrastructures are built – all modern technologies heavily rely on its security. The continued adoption of IP-based telecommunication and the exposure of telecom equipment opens additional paths for attackers, with a massive increase in security incidents against telecom systems.
The security of customer premises equipment and the prevalence of Internet of Things (IoT) devices is especially critical, as these devices are directly exposed to attackers and potentially resulting in large-scale attacks against users and companies alike. IoT security is recognized by the industry as a critical area of telecommunications, as evidenced by the efforts of the GSM Alliance to produce a set of IoT security guidelines for network operators.
The threats against telecom systems run the gamut from simple-yet-effective DDoS attacks to large-scale exploitation of vulnerabilities in communication equipment. Ultimately, the best way to deal with these challenges, you need motivated secure coders with the right skills and the right attitude to fight security problems: a skilled team of software and network engineers.
This training program exclusively targets engineers developing software applications or network equipment for the healthcare sector. Our dedicated trainers share their experience and expertise through hands-on labs, and give real-life case studies from the telecom industry – engaging participants in hands-on labs to realize the harsh consequences of insecure coding.
Our dedicated trainers share their experience and expertise through hands-on labs, and give real-life case studies from the telecom industry – engaging participants in hands-on labs to realize the harsh consequences of insecure coding.
Outline
IT security and secure coding
Special threats in the telecom sector
Regulations and standards
Web application security
Client-side security
Practical cryptography
Network security
Common coding errors and vulnerabilities
Foundations of Java security
Secure communication in Java
Java security services
x86 machine code, memory layout and stack operations
Buffer overflow
Some additional native code-related vulnerabilities
Denial of service
Principles of security and secure coding
Knowledge sources
participants attending this course will
Understand basic concepts of security, IT security and secure coding
Understand special threats in the telecom sector
Understand regulations and standards
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn about XML security
Learn client-side vulnerabilities and secure coding practices
Have a practical understanding of cryptography
Learn about network attacks and defenses at different OSI layers
Learn about typical coding mistakes and how to avoid them
Get information about some recent vulnerabilities in the Java framework
Learn to use various security features of the Java development environment
Understand security concepts of Web services
Realize the severe consequences of unsecure buffer handling
Understand the architectural protection techniques and their weaknesses
Learn about denial of service attacks and protections
Get sources and further readings on secure coding practices
- Duration: 3 days
- Audience: Developers, Professionals
Short description
Implementing a secure networked application can be difficult, even for developers who may have used various cryptographic building blocks (such as encryption and digital signatures) beforehand. In order to make the participants understand the role and usage of these cryptographic primitives, first a solid foundation on the main requirements of secure communication – secure acknowledgement, integrity, confidentiality, remote identification and anonymity – is given, while also presenting the typical problems that may damage these requirements along with real-world solutions.
As a critical aspect of network security is cryptography, the most important cryptographic algorithms in symmetric cryptography, hashing, asymmetric cryptography, and key agreement are also discussed. Instead of presenting an in-depth mathematical background, these elements are discussed from a developer's perspective, showing typical use-case examples and practical considerations related to the use of crypto, such as public key infrastructures. Security protocols in many different areas of secure communication are introduced, with an in-depth discussion on the most widely-used protocol families such as IPSEC and SSL/TLS.
Finally, as XML technology is central for data exchange by networked applications, the security aspects of XML are described. This includes the usage of XML within web services and SOAP messages alongside protection measures such as XML signature and XML encryption – as well as weaknesses in those protection measures and XML-specific security issues such as XML injection, XML external entity (XXE) attacks, XML bombs, and XPath injection.
Outline
IT security and secure coding
Requirements of secure communication
Network security
Practical cryptography
Security protocols
Cryptographic vulnerabilities
Common coding errors and vulnerabilities
Knowledge sources
participants attending this course will
Understand basic concepts of security, IT security and secure coding
Understand the requirements of secure communication
Learn about network attacks and defenses at different OSI layers
Have a practical understanding of cryptography
Understand essential security protocols
Understand some recent attacks against cryptosystems
Learn about typical coding mistakes and how to avoid them
Get information about some recent vulnerabilities in the Java framework
Learn about XML security
Get information about some recent related vulnerabilities
Get sources and further readings on secure coding practices
Short description
The course will start with a brief overview of cryptographic principles, symmetric, asymmetric encryption, hash-based authentication, digital signatures, the public key architectures and the use of OpenSSL basic commands as the TPM programming will heavily build on these principles.
TPM chip features form a complex toolset in order to provide root of trust protection, measurement of integrity, secure storage and secure auditing and reporting. All these features are backed with key management, organized into special hierarchies. In order to provide a robust solution for measuring the integrity of software and build a secure boot loading procedure, the TPM chips use so-called Platform Counter Registers (PCR). Several exercises will help to understand the operation of the PCR based hash calculation mechanism. The secure and protected storage is solved by the TPM with the concept of non-volatile memory blocks addressed by NV indexes, which also have special forms, like NV Counters, Bit Fields and NV Extend Indexes. Besides these TPM specific concepts, the usual crypto primitives and how TPM supports their secure execution will also be discussed and demonstrated by hands-on exercises.
The more complex application of TPM based secure solutions will be demonstrated on a sample application framework that was developed for educational purposes. This demonstration application covers the topics of device identification, firmware integrity protection, secure boot loader, chain of trust verification remote attestation and encryption-based solutions. Within this application framework on one hand, we will be able to demonstrate the typical implementation mistakes, pitfalls of past incidents that led to exploitable security weaknesses and on the other hand provide hands-on exercises for the participants to implement their secure solutions based on TPM chip features.
The course is supplemented with real world case studies connected to the explained topics.
Outline
IT security and secure coding
Practical cryptography
Basic TPM security features
TPM based Cryptographic Operations
Firmware Integrity Protection
Remote Attestation
Principles of security and secure coding
Knowledge sources
participants attending this course will
Understand basic concepts of security, IT security and secure coding
Have a practical understanding of cryptography
Learn about various TPM security features
Learn about TPM based Cryptographic Operations
Understand the concept of PKI based device identification
Learn about Firmware integrity protection
Learn about Chain of trust verification
Learn about Remote attestation
Understand the concept of TPM boot loading
Short description
The biggest challenge for professionals working on design and development of crypto chip-sets is to be continuously up-to-date regarding the attack methods and their mitigation. Serving them, this course explains various physical and logical attacks on security chips, possible countermeasures and best practices.
Regarding physical attacks, the passive attacks are detailed through optical reverse engineering and various side channel analysis methods, while active attacks are discussed with special emphasis on fault injection, Focused Ion Beams and hardware Trojans. The very powerful passive and active combined attack (PACA) type is introduced through the practical example of RSA implementations. Discussion of logical attacks not only covers practical attacks against specific cryptographic algorithm implementations, but also the relevant programming bugs and mitigation techniques like buffer overflow or integer problems are introduced.
Finally, a set of guidelines is assembled to follow by engineers working in this field, and the testing methods are presented that can help to find and avoid the discussed security flaws and vulnerabilities.
Outline
IT security and secure coding
Requirements of secure communication
Practical cryptography
Security protocols
Simple physical attacks and protections
Passive physical attacks
Active physical attacks
Passive and active combined attacks
Special security functions – Requirements and solutions
Principles of security and secure coding
participants attending this course will
Understand basic concepts of security, IT security and secure coding
Have a practical understanding of cryptography
Understand the requirements of secure communication
Understand essential security protocols
Understand some recent attacks against cryptosystems
Short description
Today, cryptography protects the confidentiality and integrity of data in all states. Modern cryptographic functions are provided by well-established libraries, one of which is OpenSSL. It is imperative to understand how the pieces fit together, as misusing them can completely nullify the protections applied.
This course explores practical cryptography from the ground up, combining theory, practice using OpenSSL, and real-life case studies. First, we define secure-communication requirements (e.g. confidentiality, integrity) and transition into cryptographic primitives and their properties. Participants learn about symmetric encryption modes, hashing, message authentication codes (MACs), and correct usage. Next, asymmetric encryption is introduced, exploring RSA, DSA, and ECC. We then see how these building blocks construct the Public Key Infrastructure (PKI), certificates, and root of trust. At last, we build the TLS protocol and examine some of its vulnerabilities.
The course is invaluable for anyone working directly or indirectly with cryptographic functions. Following the practices and recommendations in this course ensures that cryptography applied will genuinely serve its function and protect data as intended.
Outline
IT security and secure coding
Requirements of secure communication
Practical cryptography
Asymmetric (public-key) cryptography
Public Key Infrastructure (PKI)
Improper use of cryptography
Security protocols
Cryptographic vulnerabilities
Principles of security and secure coding
Knowledge sources
participants attending this course will
Understand basic concepts of security, IT security and secure coding
Have a practical understanding of cryptography
Understand the requirements of secure communication
Understand essential security protocols
Understand some recent attacks against cryptosystems
Get sources and further readings on secure coding practices
- Duration: 3 days
- Audience: Developers, Managers, Professionals
Short description
Migrating to the cloud introduces immense benefits for companies and individuals in terms of efficiency and costs. With respect to security, the effects are quite diverse, but it is a common perception that using cloud services impacts security in a positive manner. Opinions, however, diverge many times even on defining who is responsible for ensuring the security of cloud resources.
Covering IaaS, PaaS and SaaS, first the security of the infrastructure is discussed: hardening and configuration issues as well as various solutions for authentication and authorization alongside identity management that should be at the core of all security architecture. This is followed by some basics regarding legal and contractual issues, namely how trust is established and governed in the cloud.
The journey through cloud security continues with understanding cloud-specific threats and the attackers’ goals and motivations as well as typical attack steps taken against cloud solutions. Special focus is also given to auditing the cloud and providing security evaluation of cloud solutions on all levels, including penetration testing and vulnerability analysis.
The focus of the course is on application security issues, dealing both with data security and the security of the applications themselves. From the standpoint of application security, cloud computing security is not substantially different than general software security, and therefore basically all OWASP-enlisted vulnerabilities are relevant in this domain as well. It is the set of threats and risks that makes the difference, and thus the training is concluded with the enumeration of various cloud-specific attack vectors connected to the weaknesses discussed beforehand.
Outline
IT security and secure coding
Cloud security basics
Threats and risks in the clouds
Cloud security solutions
Practical cryptography
Web application security
Denial of service
Input validation
Data security in the cloud
Security audit in the cloud
Dynamic security testing
Securing the cloud environment
Knowledge sources
participants attending this course will
Understand basic concepts of security, IT security and secure coding
Understand major threats and risks in the cloud domain
Learn about elementary cloud security solutions
Understand security concepts of Web services
Learn about XML security
Have a practical understanding of cryptography
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn about denial of service attacks and protections
Learn typical input validation mistakes
Understand data security challenges in the cloud
Learn about NoSQL security
Learn about MongoDB security
Understand the challenges of auditing and evaluating cloud systems for security
Learn how to secure the cloud environment and infrastructure
Learn how to set up and operate the deployment environment securely
Get sources and further readings on secure coding practices
Short description
To put it bluntly, writing C/C++ code can be a minefield for reasons ranging from memory management or dealing with legacy code to sharp deadlines and code maintainability. Yet, beyond all that, what if we told you that attackers were trying to break into your applications right now? How likely would they be to succeed?
After getting familiar with the common weaknesses and their consequences that can allow hackers to attack your system, participants learn about the general approach and the methodology for security testing, and the techniques that can be applied to reveal specific vulnerabilities. Security testing should start with information gathering about the system (ToC, i.e. Target of Evaluation), then a thorough threat modeling should reveal and rate all threats, arriving to the most appropriate risk analysis-driven test plan.
Security evaluations can happen at various steps of the SDLC, and so we discuss design review, code review, reconnaissance and information gathering about the system, testing the implementation and the testing and hardening the environment for secure deployment. Many different security testing techniques are introduced in details, like taint analysis and heuristics-based code review, static code analysis or fuzzing. Various types of tools are introduced that can be applied in order to automate security evaluation of software products, which is also supported by a number of exercises, where we execute these tools to analyze the already discussed vulnerable code.
This course prepares testers and QA staff to adequately plan and precisely execute security tests for applications written in C or C++, select and use the most appropriate tools and techniques to find even hidden security flaws, and thus gives essential practical skills that can be applied on the next day working day.
Having secure applications will give you a distinct edge over your competitors. It is your choice to be ahead of the pack – take a step and be a game-changer in the fight against cybercrime.
Outline
IT security and secure coding
x86 machine code, memory layout and stack operations
Buffer overflow
Common coding errors and vulnerabilities
Denial of service
Security testing
Security testing techniques and tools
Deployment environment
Principles of security and secure coding
Knowledge sources
participants attending this course will
Understand basic concepts of security, IT security and secure coding
Realize the severe consequences of unsecure buffer handling
Understand the architectural protection techniques and their weaknesses
Learn about typical coding mistakes and how to avoid them
Be informed about recent vulnerabilities in various platforms, frameworks and libraries
Learn about denial of service attacks and protections
Understand security testing approaches and methodologies
Get practical knowledge in using security testing techniques and tools
Learn how to set up and operate the deployment environment securely
Get sources and further readings on secure coding practices
Short description
As a developer, your duty is to write bulletproof code. However...
What if we told you that despite all of your efforts, the code you have been writing your entire career is full of weaknesses you never knew existed? What if, as you are reading this, hackers were trying to break into your code? How likely would they be to succeed? What if they could steal away your database and sell it on the black market?
This Web application security course will change the way you look at code. A hands-on training during which we will teach you all of the attackers’ tricks and how to mitigate them, leaving you with no other feeling than the desire to know more.
It is your choice to be ahead of the pack, and be seen as a game changer in the fight against cybercrime.
Outline
IT security and secure coding
Web application security
Client-side security
Node.js security
Practical cryptography
Security of Web services
MongoDB security
Common coding errors and vulnerabilities
Denial of service
Principles of security and secure coding
Knowledge sources
participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn about XML security
Learn client-side vulnerabilities and secure coding practices
Learn about Node.js security
Have a practical understanding of cryptography
Understand security concepts of Web services
Learn about JSON security
Learn about MongoDB security
Learn about typical coding mistakes and how to avoid them
Get information about some recent vulnerabilities in the Java framework
Learn about denial of service attacks and protections
Get sources and further readings on secure coding practices
- Duration: 1 days
- Audience: Developers, Managers
Short description
The course introduces some common security concepts, gives an overview about the nature of the vulnerabilities regardless of the used programming languages and platforms, and explains how to handle the risks that apply regarding software security in the various phases of the software development lifecycle. Without going deeply into technical details, it highlights some of the most interesting and most aching vulnerabilities in various software development technologies, and presents the challenges of security testing, along with some techniques and tools that one can apply to find any existing problems in their code.
Outline
Agenda
IT security and secure coding
Security challenges of various platforms – highlights –
Challenges of security testing
Principles of security and secure coding
Knowledge sources
participants attending this course will
Understand basic concepts of security, IT security and secure coding
Understand Web vulnerabilities both on server and client side
Realize the severe consequences of unsecure buffer handling
Be informated about some recent vulnerabilities in development environments and frameworks
Learn about typical coding mistakes and how to avoid them
Understand security testing approaches and methodologies
Get sources and further readings on secure coding practices
Short description
PLCs play a significant role in the world today. They are used in office buildings, factories, and even power plants to automate tasks previously done by relays. While a compromised PLC in an office building usually does not mean a serious threat to the employees, a PLC in a nuclear power plant that has been overtaken by an attacker can cause a blackout in a city or even human deaths.
Embedded PLCs are often used for decades. Therefore, their security is a crucial question. But even when a PLC is manufactured perfectly, human programming and implementation errors are still present.
This course gives an overview of PLC security based on the Top 20 PLC Secure Coding Practices List, explained with examples that can occur anytime in real life.
Outline
IT security and secure coding
Security architecture of ICS / SCADA / DCS networks
PLC Input Validation
PLC Access Control and Integrity Check
Human Machine Interface (PLC HMI)
Secure Coding Principles
Principles of security and secure coding
Knowledge sources
participants attending this course will
Be able to plan a secure industrial architecture
Be ready to write code for PLCs with proper input validation
Have the competence to implement access control mechanisms
Be able to check and ensure the integrity of the code running on the PLC
Understand basic concepts of security, IT security and secure coding
Be able to display relevant information on the HMI
Write modularized code split into sub-routines to enhance maintainability
Get sources and further readings on secure coding practices
Short description
The course provides essential skills for PHP developers necessary to make their applications resistant to contemporary attacks through the Internet. Web vulnerabilities are discussed through PHP-based examples going beyond the OWASP top ten, tackling various injection attacks, script injections, attacks against session handling of PHP, insecure direct object references, issues with file upload, and many others. PHP-related vulnerabilities are introduced grouped into the standard vulnerability types of missing or improper input validation, incorrect error and exception handling, improper use of security features and time- and state-related problems. For this latter we discuss attacks like the open_basedir circumvention, denial-of-service through magic float or the hash table collision attack. In all cases participants will get familiar with the most important techniques and functions to be used to mitigate the enlisted risks.
A special focus is given to client-side security tackling security issues of JavaScript, Ajax and HTML5. A number of security-related extensions to PHP are introduced like hash, mcrypt and OpenSSL for cryptography, or Ctype, ext/filter and HTML Purifier for input validation. Hardening best practices are given in connection with PHP configuration (setting php.ini), Apache and the server in general. Finally, an overview is given to various security testing tools and techniques which developers and testers can use, including security scanners, penetration testing and exploit packs, sniffers, proxy servers, fuzzing tools and static source code analyzers.
Both the introduction of vulnerabilities and the configuration practices are supported by a number of hands-on exercises demonstrating the consequences of successful attacks, showing how to apply mitigation techniques and introducing the use of various extensions and tools.
Outline
IT security and secure coding
Web application security
Client-side security
Practical cryptography
Deployment environment
Denial of service
Common coding errors and vulnerabilities
XML security
Principles of security and secure coding
Knowledge sources
participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn about XML security
Learn client-side vulnerabilities and secure coding practices
Learn to use various security features of PHP
Have a practical understanding of cryptography
Learn how to set up and operate the deployment environment securely
Learn about denial of service attacks and protections
Learn about typical coding mistakes and how to avoid them
Be informed about recent vulnerabilities of the PHP framework
Get sources and further readings on secure coding practices
Short description
As the field of quantum computing continues to evolve and advance, there is a growing need for professionals with the knowledge and skills to tackle the complex challenges and opportunities it presents.
This comprehensive course is designed to provide participants with a thorough understanding of the fundamental principles and practical applications of quantum computing. Through a blend of theoretical and hands-on learning, participants will gain a deep appreciation for the potential of this cutting-edge technology and be equipped with the skills needed to make a real impact in the field.
Whether you are a researcher, engineer, or simply interested in this exciting and rapidly evolving field, this course offers a unique and valuable opportunity to gain the knowledge and skills needed to succeed in the quantum era.
Outline
Introduction to quantum computing
Postulates of Quantum Mechanics
Bloch sphere
IBM Quantum
Entanglement
Quantum Gates
No Cloning Theorem
Quantum algorithms
Programming in Qiskit
participants attending this course will
Gain the skills to accurately calculate the probabilities of quantum states
Obtain the knowledge and tools necessary to effectively illustrate quantum bits
Have the ability to write quantum circuits using the Qiskit language
Become proficient in utilizing the Quantum Computer of IBM
Short description
As the field of quantum communication continues to evolve and advance, there is a growing need for professionals with the knowledge and skills to tackle the complex challenges and opportunities it presents.
The course covers the fundamental concepts of quantum communication, including the properties of qubits and quantum registers, the manipulation of quantum states through quantum gates, and the principles and implementations of quantum key distribution.
Additionally, the course delves into various quantum communication protocols and their respective approaches, and the security challenges in quantum communication, such as attacks against quantum key distribution protocols, and the potential applications and future developments of a quantum internet.
Outline
Introduction to quantum communication
Qubit and quantum register
Quantum gates
Quantum key distribution
Quantum communication protocols
Quantum key distribution approaches
Attacks against QKD protocols
Quantum internet
participants attending this course will
Be able to apply their knowledge of quantum key distribution
Be equipped to utilize key distribution protocols
Be able to comply with existing quantum communication standards
- Duration: 3 days
- Audience: Developers, Testers
Short description
After getting familiar with the vulnerabilities and the attack methods, participants learn about the general approach and the methodology for security testing, and the techniques that can be applied to reveal specific vulnerabilities. Security testing should start with information gathering about the system (ToC, i.e. Target of Evaluation), then a thorough threat modeling should reveal and rate all threats, arriving to the most appropriate risk analysis-driven test plan.
Security evaluations can happen at various steps of the SDLC, and so we discuss design review, code review, reconnaissance and information gathering about the system, testing the implementation and the testing and hardening the environment for secure deployment. Many different security testing techniques are introduced in details, like taint analysis and heuristics-based code review, static code analysis, dynamic web vulnerability testing or fuzzing. Various types of tools are introduced that can be applied in order to automate security evaluation of software products, which is also supported by a number of exercises, where we execute these tools to analyze the already discussed vulnerable code. Many real life case studies support better understanding of various vulnerabilities.
This course prepares testers and QA staff to adequately plan and precisely execute security tests, select and use the most appropriate tools and techniques to find even hidden security flaws, and thus gives essential practical skills that can be applied on the next day working day.
Outline
IT security and secure coding
Web application security
Client-side security
Security testing
Security testing techniques and tools
Source code review
Input validation
Improper use of security features
Testing the implementation
Deployment environment
Principles of security and secure coding
Knowledge sources
participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn about XML security
Learn client-side vulnerabilities and secure coding practices
Understand security testing approaches and methodologies
Get practical knowledge in using security testing techniques and tools
Learn how to set up and operate the deployment environment securely
Get sources and further readings on secure coding practices
Short description
Testing plays a very important role in ensuring security and robustness of web applications. Various approaches – from high level auditing through penetration testing to ethical hacking – can be applied to find vulnerabilities of different types. However if you want to go beyond the easy-to-find low-hanging fruits, security testing should be well planned and properly executed. Remember: security testers should ideally find all bugs to protect a system, while for adversaries it is enough to find one exploitable vulnerability to penetrate into it.
Attending this course will prepare software testers to adequately plan and precisely execute security tests, select and use the most appropriate tools and techniques to find even hidden security flaws. Practical exercises will help understanding web application vulnerabilities and mitigation techniques, together with hands-on trials of various testing tools from security scanners, through sniffers, proxy servers, fuzzing tools to static source code analyzers, this course gives the essential practical skills that can be applied on the next day at the workplace.
Outline
IT security and secure coding
Web application security (OWASP Top Ten)
Client-side security
Denial of service
Security testing
Security testing techniques and tools
Knowledge sources
participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn about XML security
Learn client-side vulnerabilities and secure coding practices
Understand security concepts of Web services
Learn about JSON security
Learn about denial of service attacks and protections
Understand security testing approaches and methodologies
Get practical knowledge in using security testing techniques and tools
Get sources and further readings on secure coding practices