Courses

Short description

This course is the next step for our participants, who completed either our OWASP Top 10, Java Secure Coding or C# Fundamentals course. This is a follow up training, meaning that in order to attend this, everyone must already have the knowledge that is covered in the Fundamentals.

This follow-up course is tailored to participants working as full-stack or frontend developers using Angular and React. The course dives into modern browser security features, as well as framework specific countermeasures and mitigation techniques.

At the end of the training everyone has the possibility to take an exam, where they are able to measure their level of the gained knowledge.

Short description

Web and mobile applications are built from multiple components, but one statement is true for most of them: they need a backend. Since the performance of Go is on par with C, but its design and syntax are much more developer-friendly, it is a popular choice for backend development. However, with great power comes great responsibility.

Following the topics outlined by OWASP but tailored especially for Go developers, this course provides a comprehensive overview of the most common security vulnerabilities in today's web applications and how to avoid them. Next to web security, the course also touches on the basics of cryptography and common Go coding errors through various exercises.

After successful completion of this course, participants will have an in-depth understanding about and hands-on practical experience with the secure coding best practices in Go.

Short description

Writing web applications can be rather complex – reasons range from dealing with legacy technologies or underdocumented third-party components to sharp deadlines and code maintainability. Yet, beyond all that, what if we told you that attackers were trying to break into your code right now? How likely would they be to succeed?

This course will change the way you look at your code. We'll teach you the common weaknesses and their consequences that can allow hackers to attack your system, and – more importantly – best practices you can apply to protect yourself. We cover typical Web vulnerabilities with a focus on how they affect web apps on the entire stack – from the base environment to modern AJAX and HTML5-based frontends. In addition, we discuss the security aspects of different platforms as well as typical programming mistakes you need to be aware of. We present the entire course through live practical exercises to keep it engaging and fun.

Writing secure code will give you a distinct edge over your competitors. It is your choice to be ahead of the pack – take a step and be a game-changer in the fight against cybercrime.

Short description

As the field of quantum computing continues to evolve and advance, there is a growing need for professionals with the knowledge and skills to tackle the complex challenges and opportunities it presents.

This comprehensive course is designed to provide participants with a thorough understanding of the fundamental principles and practical applications of quantum computing. Through a blend of theoretical and hands-on learning, participants will gain a deep appreciation for the potential of this cutting-edge technology and be equipped with the skills needed to make a real impact in the field.

Whether you are a researcher, engineer, or simply interested in this exciting and rapidly evolving field, this course offers a unique and valuable opportunity to gain the knowledge and skills needed to succeed in the quantum era.

Short description

As the field of quantum communication continues to evolve and advance, there is a growing need for professionals with the knowledge and skills to tackle the complex challenges and opportunities it presents.

The course covers the fundamental concepts of quantum communication, including the properties of qubits and quantum registers, the manipulation of quantum states through quantum gates, and the principles and implementations of quantum key distribution.

Additionally, the course delves into various quantum communication protocols and their respective approaches, and the security challenges in quantum communication, such as attacks against quantum key distribution protocols, and the potential applications and future developments of a quantum internet.

Short description

This course is the next step for our participants, who completed either our OWASP Top 10, Java Secure Coding or C# Fundamentals course. This is a follow up training, meaning that in order to attend this, everyone must already have the knowledge that is covered in the Fundamentals.

This follow-up course is tailored to participants working as full-stack or frontend developers using Angular and React. The course dives into modern browser security features, as well as framework specific countermeasures and mitigation techniques.

At the end of the training everyone has the possibility to take an exam, where they are able to measure their level of the gained knowledge.

Short description

Web and mobile applications are built from multiple components, but one statement is true for most of them: they need a backend. Since the performance of Go is on par with C, but its design and syntax are much more developer-friendly, it is a popular choice for backend development. However, with great power comes great responsibility.

Following the topics outlined by OWASP but tailored especially for Go developers, this course provides a comprehensive overview of the most common security vulnerabilities in today's web applications and how to avoid them. Next to web security, the course also touches on the basics of cryptography and common Go coding errors through various exercises.

After successful completion of this course, participants will have an in-depth understanding about and hands-on practical experience with the secure coding best practices in Go.

Short description

Writing web applications can be rather complex – reasons range from dealing with legacy technologies or underdocumented third-party components to sharp deadlines and code maintainability. Yet, beyond all that, what if we told you that attackers were trying to break into your code right now? How likely would they be to succeed?

This course will change the way you look at your code. We'll teach you the common weaknesses and their consequences that can allow hackers to attack your system, and – more importantly – best practices you can apply to protect yourself. We cover typical Web vulnerabilities with a focus on how they affect web apps on the entire stack – from the base environment to modern AJAX and HTML5-based frontends. In addition, we discuss the security aspects of different platforms as well as typical programming mistakes you need to be aware of. We present the entire course through live practical exercises to keep it engaging and fun.

Writing secure code will give you a distinct edge over your competitors. It is your choice to be ahead of the pack – take a step and be a game-changer in the fight against cybercrime.

Short description

This course is the next step for our participants, who completed our OWASP Top 10, Java Secure Coding Fundamentals course. This is a follow up training, meaning that in order to attend this, everyone must already have the knowledge that is covered in the Fundamentals.

This course enables our participants to gain a deeper knowledge in the field, because here we emphasize the Java-specific aspects of secure coding instead of the general vulnerabilities.

At the end of the training everyone has the possibility to take an exam, where they are able to measure their level of the gained knowledge.

Short description

Writing web applications in Java can be rather complex – reasons range from dealing with legacy technologies or underdocumented third-party components to sharp deadlines and code maintainability. Yet, beyond all that, what if we told you that attackers were trying to break into your code right now? How likely would they be to succeed?

This course will change the way you look at your Java code. We'll teach you the common weaknesses and their consequences that can allow hackers to attack your system, and – more importantly – best practices you can apply to protect yourself. We cover typical Web vulnerabilities with a focus on how they affect Java web apps on the entire stack – from the Java runtime environment to modern AJAX and HTML5-based frontends. In addition, we discuss the security aspects of the Java platform itself as well as typical Java programming mistakes you need to be aware of. We present the entire course through live practical exercises to keep it engaging and fun.

Writing secure code will give you a distinct edge over your competitors. It is your choice to be ahead of the pack – take a step and be a game-changer in the fight against cybercrime.

Short description

This course is the next step for our participants, who completed our OWASP Top 10, C# Secure Coding Fundamentals course. This is a follow up training, meaning that in order to attend this, everyone must already have the knowledge that is covered in the Fundamentals.

This course enables our participants to gain a deeper knowledge in the field, because here we emphasize the C#-specific aspects of secure coding instead of the general vulnerabilities.

At the end of the training everyone has the possibility to take an exam, where they are able to measure their level of the gained knowledge.

Short description

Writing .NET web applications can be rather complex – reasons range from dealing with legacy technologies or underdocumented third-party components to sharp deadlines and code maintainability. Yet, beyond all that, what if we told you that attackers were trying to break into your code right now? How likely would they be to succeed?

This course will change the way you look at your C# code. We'll teach you the common weaknesses and their consequences that can allow hackers to attack your system, and – more importantly – best practices you can apply to protect yourself. We give you a holistic view on the security aspects of the .NET framework – such as making use of cryptography or Code Access Security – as well as common C# programming mistakes you need to be aware of. We also cover typical Web vulnerabilities with a focus on how they affect ASP.NET web apps on the entire stack – from the CLR to modern AJAX and HTML5-based frontends. We present the entire course through live practical exercises to keep it engaging and fun.

Writing secure code will give you a distinct edge over your competitors. It is your choice to be ahead of the pack – take a step and be a game-changer in the fight against cybercrime.

Short description

As a developer, your duty is to write bulletproof code. However...

What if we told you that despite all of your efforts, the code you have been writing your entire career is full of weaknesses you never knew existed? What if, as you are reading this, hackers were trying to break into your code? How likely would they be to succeed?

This combined course will change the way you look at code. A hands-on training during which we will teach you all of the attackers’ tricks and how to mitigate them, leaving you with no other feeling than the desire to know more.

It is your choice to be ahead of the pack, and be seen as a game changer in the fight against cybercrime.

Short description

To put it bluntly, writing C/C++ code can be a minefield for reasons ranging from memory management or dealing with legacy code to sharp deadlines and code maintainability. Yet, beyond all that, what if we told you that attackers were trying to break into your code right now? How likely would they be to succeed?

This course will change the way you look at your C/C++ code. We'll teach you the common weaknesses and their consequences that can allow hackers to attack your system, and – more importantly – best practices you can apply to protect yourself. We give you a holistic view on C/C++ programming mistakes and their countermeasures from the machine code level to virtual functions and OS memory management. We present the entire course through live practical exercises to keep it engaging and fun.

Writing secure code will give you a distinct edge over your competitors. It is your choice to be ahead of the pack – take a step and be a game-changer in the fight against cybercrime.

Short description

To put it bluntly, writing C/C++ code can be a minefield for reasons ranging from memory management or dealing with legacy code to sharp deadlines and code maintainability. Yet, beyond all that, what if we told you that attackers were trying to break into your code right now? How likely would they be to succeed?

This course will change the way you look at your C/C++ code. We'll teach you the common weaknesses and their consequences that can allow hackers to attack your system, and – more importantly – best practices you can apply to protect yourself. We give you a holistic view on C/C++ programming mistakes and their countermeasures from the machine code level to virtual functions and OS memory management. We present the entire course through live practical exercises to keep it engaging and fun.

Writing secure code will give you a distinct edge over your competitors. It is your choice to be ahead of the pack – take a step and be a game-changer in the fight against cybercrime.

Short description

Writing web applications in Java can be rather complex – reasons range from dealing with legacy technologies or underdocumented third-party components to sharp deadlines and code maintainability. Yet, beyond all that, what if we told you that attackers were trying to break into your code right now? How likely would they be to succeed?

This course will change the way you look at your Java code. We'll teach you the common weaknesses and their consequences that can allow hackers to attack your system, and – more importantly – best practices you can apply to protect yourself. We cover typical Web vulnerabilities with a focus on how they affect Java web apps on the entire stack – from the Java runtime environment to modern AJAX and HTML5-based frontends. In addition, we discuss the security aspects of the Java platform itself as well as typical Java programming mistakes you need to be aware of. We present the entire course through live practical exercises to keep it engaging and fun.

Writing secure code will give you a distinct edge over your competitors. It is your choice to be ahead of the pack – take a step and be a game-changer in the fight against cybercrime.

Short description

Writing .NET web applications can be rather complex – reasons range from dealing with legacy technologies or underdocumented third-party components to sharp deadlines and code maintainability. Yet, beyond all that, what if we told you that attackers were trying to break into your code right now? How likely would they be to succeed?

This course will change the way you look at your C# code. We'll teach you the common weaknesses and their consequences that can allow hackers to attack your system, and – more importantly – best practices you can apply to protect yourself. We give you a holistic view on the security aspects of the .NET framework – such as making use of cryptography or Code Access Security – as well as common C# programming mistakes you need to be aware of. We also cover typical Web vulnerabilities with a focus on how they affect ASP.NET web apps on the entire stack – from the CLR to modern AJAX and HTML5-based frontends. We present the entire course through live practical exercises to keep it engaging and fun.

Writing secure code will give you a distinct edge over your competitors. It is your choice to be ahead of the pack – take a step and be a game-changer in the fight against cybercrime.

Short description

The Python language is used in many different settings – from command-line tools to complex Web applications. Many of these Python programs are exposed to attack, either by being directly accessible through the Internet or by directly processing user-provided data in a server environment. Developers must therefore be extremely cautious in how to use different technologies securely, and should also have a deep understanding in secure coding techniques and potential pitfalls.

This course covers the most critical security issues in Python applications. We cover vulnerabilities from the OWASP Top Ten list for the web as they concern Python web applications as well as the Django framework. The course also encompasses the most significant security issues for Python code in general (including many Python-specific issues such as function hijacking), while also presenting security solutions provided by the Python ecosystem – such as authentication, access control and encryption.

<i>Understanding the security solutions provided by Python as well as the various security issues and vulnerabilities is a must for all programmers using these technologies to develop web, desktop or server applications. </i></p>

Short description

As a developer, your duty is to write bulletproof code. However...

What if we told you that despite all of your efforts, the code you have been writing your entire career is full of weaknesses you never knew existed? What if, as you are reading this, hackers were trying to break into your code? How likely would they be to succeed? What if they could steal away your database and sell it on the black market?

This Web application security course will change the way you look at code. A hands-on training during which we will teach you all of the attackers’ tricks and how to mitigate them, leaving you with no other feeling than the desire to know more.

It is your choice to be ahead of the pack, and be seen as a game changer in the fight against cybercrime.

Short description

As a developer, your duty is to write bulletproof code. However...

What if we told you that despite all of your efforts, the code you have been writing your entire career is full of weaknesses you never knew existed? What if, as you are reading this, hackers were trying to break into your code? How likely would they be to succeed?

This advanced course will change the way you look at code. A hands-on training during which we will teach you all of the attackers’ tricks and how to mitigate them, leaving you with no other feeling than the desire to know more.

It is your choice to be ahead of the pack, and be seen as a game changer in the fight against cybercrime.

Short description

As a developer, your duty is to write bulletproof code. However...

What if we told you that despite all of your efforts, the code you have been writing your entire career is full of weaknesses you never knew existed? What if, as you are reading this, hackers were trying to break into your code? How likely would they be to succeed?

This advanced course will change the way you look at code. A hands-on training during which we will teach you all of the attackers’ tricks and how to mitigate them, leaving you with no other feeling than the desire to know more.

It is your choice to be ahead of the pack, and be seen as a game changer in the fight against cybercrime.

Short description

Writing web applications in Java can be rather complex – reasons range from dealing with legacy technologies or underdocumented third-party components to sharp deadlines and code maintainability. Yet, beyond all that, what if we told you that attackers were trying to break into your code right now? How likely would they be to succeed?

This course will change the way you look at your Java code. We'll teach you the common weaknesses and their consequences that can allow hackers to attack your system, and – more importantly – best practices you can apply to protect yourself. We cover typical Web vulnerabilities with a focus on how they affect Java web apps on the entire stack – from the Java runtime environment to modern AJAX and HTML5-based frontends. In addition, we discuss the security aspects of the Java platform itself as well as typical Java programming mistakes you need to be aware of. We present the entire course through live practical exercises to keep it engaging and fun.

Writing secure code will give you a distinct edge over your competitors. It is your choice to be ahead of the pack – take a step and be a game-changer in the fight against cybercrime.

Short description

As a developer, your duty is to write bulletproof code. However...

What if we told you that despite all of your efforts, the code you have been writing your entire career is full of weaknesses you never knew existed? What if, as you are reading this, hackers were trying to break into your code? How likely would they be to succeed?

This combined course will change the way you look at code. A hands-on training during which we will teach you all of the attackers’ tricks and how to mitigate them, leaving you with no other feeling than the desire to know more.

It is your choice to be ahead of the pack, and be seen as a game changer in the fight against cybercrime.

Short description

As a developer, your duty is to write bulletproof code. However...

What if we told you that despite all of your efforts, the code you have been writing your entire career is full of weaknesses you never knew existed? What if, as you are reading this, hackers were trying to break into your code? How likely would they be to succeed?

This advanced course will change the way you look at code. A hands-on training during which we will teach you all of the attackers’ tricks and how to mitigate them, leaving you with no other feeling than the desire to know more.

It is your choice to be ahead of the pack, and be seen as a game changer in the fight against cybercrime.

Short description

As a developer, your duty is to write bulletproof code. However...

What if we told you that despite all of your efforts, the code you have been writing your entire career is full of weaknesses you never knew existed? What if, as you are reading this, hackers were trying to break into your code? How likely would they be to succeed?

This advanced course will change the way you look at code. A hands-on training during which we will teach you all of the attackers’ tricks and how to mitigate them, leaving you with no other feeling than the desire to know more.

It is your choice to be ahead of the pack, and be seen as a game changer in the fight against cybercrime.

Short description

As a developer, your duty is to write bulletproof code. However...

What if we told you that despite all of your efforts, the code you have been writing your entire career is full of weaknesses you never knew existed? What if, as you are reading this, hackers were trying to break into your code? How likely would they be to succeed?

This advanced course will change the way you look at code. A hands-on training during which we will teach you all of the attackers’ tricks and how to mitigate them, leaving you with no other feeling than the desire to know more.

It is your choice to be ahead of the pack, and be seen as a game changer in the fight against cybercrime.

Short description

<i>“Money makes the world go round....” </i>– remember? And yes: it is your responsibility to secure all that. As a fintech company you have to take up the challenge, and beat the bad guys with bomb-proof, secure applications!

If there is a domain where security is critical, it is definitely fintech. Vulnerability is not an option if you want to stay a trusted and reliable vendor with systems and applications that certainly comply with PCI-DSS requirements. You need devoted secure coders with high-level professional attitude and developers eager to fight all coding problems: yes, you need a skilled team of software engineers.

Want to know why? Just for the record: even though IT security best practices are widely available, 90% of security incidents stem from common vulnerabilities as a result of ignorance and malpractice. So, you better keep loaded in all possible ways with up to date knowledge about secure coding – unless you <i>wanna cry</i>!

We offer a training program exclusively targeting engineers developing applications for the banking and finance sector. Our dedicated trainers share their experience and expertise through hands-on labs, and give real-life case studies from the banking industry – engaging participants in live hacking fun to reveal all consequences of insecure coding.

Short description

The past few years have seen a massive increase in attacks, data breaches and medical identity theft targeting the healthcare industry; there have also been various ransomware attacks paralyzing healthcare computer networks as well as the various medical devices connected to them. The rise of mobile devices used in the industry needs to be addressed as well: there is a huge growth of medical software applications for mobiles and tablets that connect the patient with the organization – carrying and storing personally identifiable information (PII).

Healthcare is one of the business domains where security is absolutely crucial. Vulnerability is not an option when working with life-saving devices. There is also significant compliance pressure – if you want to stay a trusted and reliable vendor, your systems and applications need to comply with Health Information Portability and Accountability Act (HIPAA) requirements. To deal with these challenges, you need motivated secure coders with the right skills and the right attitude to fight security problems: a skilled team of software engineers as well as network administrators.

This training program exclusively targets engineers developing applications or maintaining networks for the healthcare sector. Our dedicated trainers share their experience and expertise through hands-on labs, and give real-life case studies from the healthcare industry – engaging participants in live hacking fun to reveal all consequences of insecure coding.

Short description

Telecommunication is the foundation on which critical infrastructures are built – all modern technologies heavily rely on its security. The continued adoption of IP-based telecommunication and the exposure of telecom equipment opens additional paths for attackers, with a massive increase in security incidents against telecom systems.

The security of customer premises equipment and the prevalence of Internet of Things (IoT) devices is especially critical, as these devices are directly exposed to attackers and potentially resulting in large-scale attacks against users and companies alike. IoT security is recognized by the industry as a critical area of telecommunications, as evidenced by the efforts of the GSM Alliance to produce a set of IoT security guidelines for network operators.

The threats against telecom systems run the gamut from simple-yet-effective DDoS attacks to large-scale exploitation of vulnerabilities in communication equipment. Ultimately, the best way to deal with these challenges, you need motivated secure coders with the right skills and the right attitude to fight security problems: a skilled team of software and network engineers.

This training program exclusively targets engineers developing software applications or network equipment for the healthcare sector. Our dedicated trainers share their experience and expertise through hands-on labs, and give real-life case studies from the telecom industry – engaging participants in hands-on labs to realize the harsh consequences of insecure coding.

Our dedicated trainers share their experience and expertise through hands-on labs, and give real-life case studies from the telecom industry – engaging participants in hands-on labs to realize the harsh consequences of insecure coding.

Short description

Implementing a secure networked application can be difficult, even for developers who may have used various cryptographic building blocks (such as encryption and digital signatures) beforehand. In order to make the participants understand the role and usage of these cryptographic primitives, first a solid foundation on the main requirements of secure communication – secure acknowledgement, integrity, confidentiality, remote identification and anonymity – is given, while also presenting the typical problems that may damage these requirements along with real-world solutions.

As a critical aspect of network security is cryptography, the most important cryptographic algorithms in symmetric cryptography, hashing, asymmetric cryptography, and key agreement are also discussed. Instead of presenting an in-depth mathematical background, these elements are discussed from a developer's perspective, showing typical use-case examples and practical considerations related to the use of crypto, such as public key infrastructures. Security protocols in many different areas of secure communication are introduced, with an in-depth discussion on the most widely-used protocol families such as IPSEC and SSL/TLS.

Finally, as XML technology is central for data exchange by networked applications, the security aspects of XML are described. This includes the usage of XML within web services and SOAP messages alongside protection measures such as XML signature and XML encryption – as well as weaknesses in those protection measures and XML-specific security issues such as XML injection, XML external entity (XXE) attacks, XML bombs, and XPath injection.

Short description

The course will start with a brief overview of cryptographic principles, symmetric, asymmetric encryption, hash-based authentication, digital signatures, the public key architectures and the use of OpenSSL basic commands as the TPM programming will heavily build on these principles.

TPM chip features form a complex toolset in order to provide root of trust protection, measurement of integrity, secure storage and secure auditing and reporting. All these features are backed with key management, organized into special hierarchies. In order to provide a robust solution for measuring the integrity of software and build a secure boot loading procedure, the TPM chips use so-called Platform Counter Registers (PCR). Several exercises will help to understand the operation of the PCR based hash calculation mechanism. The secure and protected storage is solved by the TPM with the concept of non-volatile memory blocks addressed by NV indexes, which also have special forms, like NV Counters, Bit Fields and NV Extend Indexes. Besides these TPM specific concepts, the usual crypto primitives and how TPM supports their secure execution will also be discussed and demonstrated by hands-on exercises.

The more complex application of TPM based secure solutions will be demonstrated on a sample application framework that was developed for educational purposes. This demonstration application covers the topics of device identification, firmware integrity protection, secure boot loader, chain of trust verification remote attestation and encryption-based solutions. Within this application framework on one hand, we will be able to demonstrate the typical implementation mistakes, pitfalls of past incidents that led to exploitable security weaknesses and on the other hand provide hands-on exercises for the participants to implement their secure solutions based on TPM chip features.

The course is supplemented with real world case studies connected to the explained topics.

Short description

The biggest challenge for professionals working on design and development of crypto chip-sets is to be continuously up-to-date regarding the attack methods and their mitigation. Serving them, this course explains various physical and logical attacks on security chips, possible countermeasures and best practices.

Regarding physical attacks, the passive attacks are detailed through optical reverse engineering and various side channel analysis methods, while active attacks are discussed with special emphasis on fault injection, Focused Ion Beams and hardware Trojans. The very powerful passive and active combined attack (PACA) type is introduced through the practical example of RSA implementations. Discussion of logical attacks not only covers practical attacks against specific cryptographic algorithm implementations, but also the relevant programming bugs and mitigation techniques like buffer overflow or integer problems are introduced.

Finally, a set of guidelines is assembled to follow by engineers working in this field, and the testing methods are presented that can help to find and avoid the discussed security flaws and vulnerabilities.

Short description

Today, cryptography protects the confidentiality and integrity of data in all states. Modern cryptographic functions are provided by well-established libraries, one of which is OpenSSL. It is imperative to understand how the pieces fit together, as misusing them can completely nullify the protections applied.

This course explores practical cryptography from the ground up, combining theory, practice using OpenSSL, and real-life case studies. First, we define secure-communication requirements (e.g. confidentiality, integrity) and transition into cryptographic primitives and their properties. Participants learn about symmetric encryption modes, hashing, message authentication codes (MACs), and correct usage. Next, asymmetric encryption is introduced, exploring RSA, DSA, and ECC. We then see how these building blocks construct the Public Key Infrastructure (PKI), certificates, and root of trust. At last, we build the TLS protocol and examine some of its vulnerabilities.

The course is invaluable for anyone working directly or indirectly with cryptographic functions. Following the practices and recommendations in this course ensures that cryptography applied will genuinely serve its function and protect data as intended.

Short description

Migrating to the cloud introduces immense benefits for companies and individuals in terms of efficiency and costs. With respect to security, the effects are quite diverse, but it is a common perception that using cloud services impacts security in a positive manner. Opinions, however, diverge many times even on defining who is responsible for ensuring the security of cloud resources.

Covering IaaS, PaaS and SaaS, first the security of the infrastructure is discussed: hardening and configuration issues as well as various solutions for authentication and authorization alongside identity management that should be at the core of all security architecture. This is followed by some basics regarding legal and contractual issues, namely how trust is established and governed in the cloud.

The journey through cloud security continues with understanding cloud-specific threats and the attackers’ goals and motivations as well as typical attack steps taken against cloud solutions. Special focus is also given to auditing the cloud and providing security evaluation of cloud solutions on all levels, including penetration testing and vulnerability analysis.

The focus of the course is on application security issues, dealing both with data security and the security of the applications themselves. From the standpoint of application security, cloud computing security is not substantially different than general software security, and therefore basically all OWASP-enlisted vulnerabilities are relevant in this domain as well. It is the set of threats and risks that makes the difference, and thus the training is concluded with the enumeration of various cloud-specific attack vectors connected to the weaknesses discussed beforehand.

Short description

To put it bluntly, writing C/C++ code can be a minefield for reasons ranging from memory management or dealing with legacy code to sharp deadlines and code maintainability. Yet, beyond all that, what if we told you that attackers were trying to break into your applications right now? How likely would they be to succeed?

After getting familiar with the common weaknesses and their consequences that can allow hackers to attack your system, participants learn about the general approach and the methodology for security testing, and the techniques that can be applied to reveal specific vulnerabilities. Security testing should start with information gathering about the system (ToC, i.e. Target of Evaluation), then a thorough threat modeling should reveal and rate all threats, arriving to the most appropriate risk analysis-driven test plan.

Security evaluations can happen at various steps of the SDLC, and so we discuss design review, code review, reconnaissance and information gathering about the system, testing the implementation and the testing and hardening the environment for secure deployment. Many different security testing techniques are introduced in details, like taint analysis and heuristics-based code review, static code analysis or fuzzing. Various types of tools are introduced that can be applied in order to automate security evaluation of software products, which is also supported by a number of exercises, where we execute these tools to analyze the already discussed vulnerable code.

This course prepares testers and QA staff to adequately plan and precisely execute security tests for applications written in C or C++, select and use the most appropriate tools and techniques to find even hidden security flaws, and thus gives essential practical skills that can be applied on the next day working day.

Having secure applications will give you a distinct edge over your competitors. It is your choice to be ahead of the pack – take a step and be a game-changer in the fight against cybercrime.

Short description

As a developer, your duty is to write bulletproof code. However...

What if we told you that despite all of your efforts, the code you have been writing your entire career is full of weaknesses you never knew existed? What if, as you are reading this, hackers were trying to break into your code? How likely would they be to succeed? What if they could steal away your database and sell it on the black market?

This Web application security course will change the way you look at code. A hands-on training during which we will teach you all of the attackers’ tricks and how to mitigate them, leaving you with no other feeling than the desire to know more.

It is your choice to be ahead of the pack, and be seen as a game changer in the fight against cybercrime.

Short description

The course introduces some common security concepts, gives an overview about the nature of the vulnerabilities regardless of the used programming languages and platforms, and explains how to handle the risks that apply regarding software security in the various phases of the software development lifecycle. Without going deeply into technical details, it highlights some of the most interesting and most aching vulnerabilities in various software development technologies, and presents the challenges of security testing, along with some techniques and tools that one can apply to find any existing problems in their code.

Short description

PLCs play a significant role in the world today. They are used in office buildings, factories, and even power plants to automate tasks previously done by relays. While a compromised PLC in an office building usually does not mean a serious threat to the employees, a PLC in a nuclear power plant that has been overtaken by an attacker can cause a blackout in a city or even human deaths.

Embedded PLCs are often used for decades. Therefore, their security is a crucial question. But even when a PLC is manufactured perfectly, human programming and implementation errors are still present.

This course gives an overview of PLC security based on the Top 20 PLC Secure Coding Practices List, explained with examples that can occur anytime in real life.

Short description

The course provides essential skills for PHP developers necessary to make their applications resistant to contemporary attacks through the Internet. Web vulnerabilities are discussed through PHP-based examples going beyond the OWASP top ten, tackling various injection attacks, script injections, attacks against session handling of PHP, insecure direct object references, issues with file upload, and many others. PHP-related vulnerabilities are introduced grouped into the standard vulnerability types of missing or improper input validation, incorrect error and exception handling, improper use of security features and time- and state-related problems. For this latter we discuss attacks like the open_basedir circumvention, denial-of-service through magic float or the hash table collision attack. In all cases participants will get familiar with the most important techniques and functions to be used to mitigate the enlisted risks.

A special focus is given to client-side security tackling security issues of JavaScript, Ajax and HTML5. A number of security-related extensions to PHP are introduced like hash, mcrypt and OpenSSL for cryptography, or Ctype, ext/filter and HTML Purifier for input validation. Hardening best practices are given in connection with PHP configuration (setting php.ini), Apache and the server in general. Finally, an overview is given to various security testing tools and techniques which developers and testers can use, including security scanners, penetration testing and exploit packs, sniffers, proxy servers, fuzzing tools and static source code analyzers.

Both the introduction of vulnerabilities and the configuration practices are supported by a number of hands-on exercises demonstrating the consequences of successful attacks, showing how to apply mitigation techniques and introducing the use of various extensions and tools.

Short description

As the field of quantum computing continues to evolve and advance, there is a growing need for professionals with the knowledge and skills to tackle the complex challenges and opportunities it presents.

This comprehensive course is designed to provide participants with a thorough understanding of the fundamental principles and practical applications of quantum computing. Through a blend of theoretical and hands-on learning, participants will gain a deep appreciation for the potential of this cutting-edge technology and be equipped with the skills needed to make a real impact in the field.

Whether you are a researcher, engineer, or simply interested in this exciting and rapidly evolving field, this course offers a unique and valuable opportunity to gain the knowledge and skills needed to succeed in the quantum era.

Short description

As the field of quantum communication continues to evolve and advance, there is a growing need for professionals with the knowledge and skills to tackle the complex challenges and opportunities it presents.

The course covers the fundamental concepts of quantum communication, including the properties of qubits and quantum registers, the manipulation of quantum states through quantum gates, and the principles and implementations of quantum key distribution.

Additionally, the course delves into various quantum communication protocols and their respective approaches, and the security challenges in quantum communication, such as attacks against quantum key distribution protocols, and the potential applications and future developments of a quantum internet.

Short description

After getting familiar with the vulnerabilities and the attack methods, participants learn about the general approach and the methodology for security testing, and the techniques that can be applied to reveal specific vulnerabilities. Security testing should start with information gathering about the system (ToC, i.e. Target of Evaluation), then a thorough threat modeling should reveal and rate all threats, arriving to the most appropriate risk analysis-driven test plan.

Security evaluations can happen at various steps of the SDLC, and so we discuss design review, code review, reconnaissance and information gathering about the system, testing the implementation and the testing and hardening the environment for secure deployment. Many different security testing techniques are introduced in details, like taint analysis and heuristics-based code review, static code analysis, dynamic web vulnerability testing or fuzzing. Various types of tools are introduced that can be applied in order to automate security evaluation of software products, which is also supported by a number of exercises, where we execute these tools to analyze the already discussed vulnerable code. Many real life case studies support better understanding of various vulnerabilities.

This course prepares testers and QA staff to adequately plan and precisely execute security tests, select and use the most appropriate tools and techniques to find even hidden security flaws, and thus gives essential practical skills that can be applied on the next day working day.

Short description

Testing plays a very important role in ensuring security and robustness of web applications. Various approaches – from high level auditing through penetration testing to ethical hacking – can be applied to find vulnerabilities of different types. However if you want to go beyond the easy-to-find low-hanging fruits, security testing should be well planned and properly executed. Remember: security testers should ideally find all bugs to protect a system, while for adversaries it is enough to find one exploitable vulnerability to penetrate into it.

Attending this course will prepare software testers to adequately plan and precisely execute security tests, select and use the most appropriate tools and techniques to find even hidden security flaws. Practical exercises will help understanding web application vulnerabilities and mitigation techniques, together with hands-on trials of various testing tools from security scanners, through sniffers, proxy servers, fuzzing tools to static source code analyzers, this course gives the essential practical skills that can be applied on the next day at the workplace.