Cyber Security Training Courses in the United Arab Emirates

(50 feedbacks)

If you're looking to learn the fundamentals of cybersecurity, advance tactics, or prepare for industry-recognized certifications, we've got you covered.

At an alarming rate, data breaches are occurring. We no longer have to wonder what will happen next, but rather when. It is now necessary for the C-suite to cooperate with IT experts to develop a resilient workforce and implement new security policies and procedures to address the fact that cybersecurity is no longer only an IT problem.

Prepare for system breaches with our wide choice of product-specific cybersecurity training and industry-recognized certification preparatory classes. Become an expert in critical infrastructure risk management, secure coding, web security, and security awareness. We can provide you with the security training you need to manage critical infrastructure threats and comply with Department of Defense security standards, no matter what level of position you hold.

Cybersecurity training is available as "online live training" or "onsite live training". Online live training (aka "remote live training") is carried out by way of an interactive, remote desktop. Onsite live training can be carried out locally on customer premises in AE or in NobleProg corporate training centers in AE.

Cyber Security Subcategories

Total 9

Cyber Security Course Outlines in the UAE

Total Courses 145

Corporate Compliance

What is Corporate Compliance?

Governance, Risk Management & Compliance (GRC) Fundamentals

21 hours

COBIT 2019 Foundation

21 hours

Compliance and the Management of Compliance Risk

21 hours

AML OFFICER MASTERCLASS

21 hours

HiTrust Common Security Framework Compliance

14 hours

Basel III – Certified Basel Professional

21 hours

CGEIT – Certified in the Governance of Enterprise IT

28 hours

Compliance for Payment Services in Japan

7 hours

Information System Security

What is Information System Security?

Certified Information System Security Professional (CISSP) CBK Review

35 hours

CISSP - Certified Information Systems Security Professional

35 hours

Information Systems Auditor

35 hours

Fundamentals of Information Systems Security

21 hours

CISA - Certified Information Systems Auditor - Exam Preparation

28 hours

Security Management

What is Security Management?

CISMP - Certificate in Information Security Management Principles

21 hours

Public Key Infrastructure

21 hours

Network Penetration Testing

35 hours

CISM - Certified Information Security Manager

28 hours

Description:

Disclaimer: Please be advised that this updated CISM exam content outline is applicable to exams starting 1 June 2022.

CISM® is the most prestigious and demanding qualification for Information Security Managers around the globe today. This qualification provides you with a platform to become part of an elite peer network who have the ability to constantly learn and relearn the growing opportunities/ challenges in Information Security Management.

Our CISM training methodology provides an in-depth coverage of contents across the Four CISM domains with a clear focus on building concepts and solving ISACA released CISM exam questions. The course is an intense training and hard-core exam preparation for ISACA’s Certified Information Security Manager (CISM®) Examination.

Our instructors encourage all attending delegates to go through the ISACA released CISM QA&E (Questions, Answers and Explanations) as exam preparation - you get this FREE as part of our course. The QA&E is exceptional in helping delegates understand the ISACA style of questions, approach to solving these questions and it helps rapid memory assimilation of the CISM concepts during live classroom sessions.
All our trainers have extensive experience in delivering CISM training. We will thoroughly prepare you for the CISM examination.

Goal:

The ultimate goal is to pass your CISM examination first time.

Objectives:

Use the knowledge gained in a practical manner beneficial to your organisation
Establish and maintain an Information security governance framework to achieve your organization goals and objectives
Manage Information risk to an acceptable level to meet the business and compliance requirements
Establish and maintain information security architectures (people, process, technology)
Integrate information security requirements into contracts and activities of third parties/ suppliers
Plan, establish and manage the capability to detect, investigate, respond to and recover from information security incidents to minimize business impact

Target Audience:

Security professionals with 3-5 years of front-line experience
Information security managers or those with management responsibilities
Information security staff, information security assurance providers who require an in-depth understanding of information security management including: CISO’s, CIO’s, CSO’s, privacy officers, risk managers, security auditors and compliance personnel, BCP / DR personnel, executive and operational managers responsible for assurance functions

Cybersecurity Fundamentals

21 hours

Computer Room Security and Maintenance

14 hours

Security Policy Management

35 hours

Information Security Risk

What is Information Security Risk?

CISA - Certified Information Systems Auditor

28 hours

Description:

CISA® is the world-renowned and most popular certification for professionals working in the field of IS audit and IT risk consulting.

Our CISA course is an intense, very competitive and exam focused training course. With experience of delivering more than 150+ CISA trainings in Europe and around the world and training more than 1200+ CISA delegates, the Net Security CISA training material has been developed in house with the top priority of ensuring CISA delegates pass the ISACA CISA® Exam. The training methodology focuses on understanding the CISA IS auditing concepts and practicing large number of ISACA released question banks from the last three years. Over a period, CISA holders have been in huge demand with renowned accountings firms, global banks, advisory, assurance, and internal audit departments.

Delegates may have years of experience in IT auditing but perspective towards solving CISA questionnaires will solely depend on their understanding to globally accepted IT assurance practices. CISA exam is very challenging because the chance of a very tight clash between two possible answers exists and that is where ISACA tests you on your understanding in global IT auditing practices. To address these exam challenges, we always provide the best trainers who have extensive experience in delivering CISA training around the world.

The Net Security CISA manual covers all exam-relevant concepts, case studies, Q&A's across CISA five domains. Further, the Trainer shares the key CISA supporting material like relevant CISA notes, question banks, CISA glossary, videos, revision documents, exam tips, and CISA mind maps during the course.

Goal:

The ultimate goal is to pass your CISA examination first time.

Objectives:

Use the knowledge gained in a practical manner beneficial to your organisation
Provide audit services in accordance with IT audit standards
Provide assurance on leadership and organizational structure and processes
Provide assurance on acquisition/ development, testing and implementation of IT assets
Provide assurance on IT operations including service operations and third party
Provide assurance on organization’s security policies, standards, procedures, and controls to ensure confidentiality, integrity, and availability of information assets.

Target Audience:

Finance/CPA professionals, I.T. professionals, Internal & External auditors, Information security, and risk consulting professionals.

Building up information security according to ISO 27005

21 hours

Open Data Risk Analysis and Management

21 hours

Business Continuity Management

35 hours

ISO Standards

What is ISO Standards?

Introduction to ISO27001

7 hours

ISO27001: 2013 Lead Auditor (certification course)

35 hours

ISO/IEC 27005 Introduction

7 hours

ISO/IEC 27005 Foundation

14 hours

ISO/IEC 27005 Risk Manager

21 hours

ISO/IEC 27005 Risk Manager training enables you to develop the competence to master the risk management process related to all assets of relevance for Information Security using the ISO/IEC 27005 standard as a reference framework.

During this training course, you will also gain a thorough understanding of best practices of risk assessment methods such as OCTAVE, EBIOS, MEHARI and harmonized TRA. This training course corresponds with the implementation process of the ISMS framework presented in the ISO/IEC 27001 standard.

After understanding all the necessary concepts of Information Security Risk Management based on ISO/IEC 27005, you can sit for the exam and apply for a “PECB Certified ISO/IEC 27005 Risk Manager” credential. By holding a PECB Risk Manager Certificate, you will be able to demonstrate that you have the necessary skills and knowledge to perform an optimal Information Security Risk Assessment and timely manage Information Security risks.

Who should attend?

Information Security risk managers
Information Security team members
Individuals responsible for Information Security, compliance, and risk within an organization
Individuals implementing ISO/IEC 27001, seeking to comply with ISO/IEC 27001 or involved in a risk management program
IT consultants
IT professionals
Information Security officers
Privacy officers

Examination - Duration: 2 hours

The “PECB Certified ISO/IEC 27005 Risk Manager” exam fully meets the requirements of the PECB Examination and Certification Programme (ECP). The exam covers the following competency domains:

Domain 1 Fundamental principles and concepts of Information Security Risk Management
Domain 2 Implementation of an Information Security Risk Management program
Domain 3 Information Security risk management framework and process based on ISO/IEC 27005
Domain 4 Other Information Security risk assessment methods

General information

Certification fees are included on the exam price
Training material containing over 350 pages of information and practical examples will be distributed
A participation certificate of 21 CPD (Continuing Professional Development) credits will be issued
In case of exam failure, you can retake the exam within 12 months for free

ISO/IEC 27005 Lead Risk Manager

35 hours

ISO/IEC 27005 Lead Risk Manager training enables you to acquire the necessary expertise to support an organization in the risk management process related to all assets of relevance for Information Security using the ISO/IEC 27005 standard as a reference framework. During this training course, you will gain a comprehensive knowledge of a process model for designing and developing an Information Security Risk Management program. The training will also contain a thorough understanding of best practices of risk assessment methods such as OCTAVE, EBIOS, MEHARI and harmonized TRA. This training course supports the implementation process of the ISMS framework presented in the ISO/IEC 27001 standard.

After mastering all the necessary concepts of Information Security Risk Management based on ISO/IEC 27005, you can sit for the exam and apply for a “PECB Certified ISO/IEC 27005 Lead Risk Manager” credential. By holding a PECB Lead Risk Manager Certificate, you will be able to demonstrate that you have the practical knowledge and professional capabilities to support and lead a team in managing Information Security Risks.

Who should attend?

Information Security risk managers
Information Security team members
Individuals responsible for Information Security, compliance, and risk within an organization
Individuals implementing ISO/IEC 27001, seeking to comply with ISO/IEC 27001 or individuals who are involved in a risk management program
IT consultants
IT professionals
Information Security officers
Privacy officers

Examination - Duration: 3 hours

The “PECB Certified ISO/IEC 27005 Lead Risk Manager” exam fully meets the requirements of the PECB Examination and Certification Programme (ECP). The exam covers the following competency domains:

Domain 1 Fundamental principles and concepts of Information Security Risk Management
Domain 2 Implementation of an Information Security Risk Management program
Domain 3 Information security risk assessment
Domain 4 Information security risk treatment
Domain 5 Information security risk communication, monitoring and improvement
Domain 6 Information security risk assessment methodologies

General Information

Certification fees are included on the exam price
Training material containing over 350 pages of information and practical examples will be distributed
A participation certificate of 21 CPD (Continuing Professional Development) credits will be issued
In case of exam failure, you can retake the exam within 12 months for free

ISO/IEC 27035 Introduction

7 hours

ISO/IEC 27035 Foundation

14 hours

ISO/IEC 27035 Lead Incident Manager

35 hours

ISO/IEC 27035 Lead Incident Manager training enables you to acquire the necessary expertise to support an organization in implementing an Information Security Incident Management plan based on ISO/IEC 27035. During this training course, you will gain a comprehensive knowledge of a process model for designing and developing an organizational incident management plan. The compatibility of this training course with ISO/IEC 27035 also supports the ISO/IEC 27001 by providing guidance for Information Security Incident Management.

After mastering all the necessary concepts of Information Security Incident Management, you can sit for the exam and apply for a “PECB Certified ISO/IEC 27035 Lead Incident Manager” credential. By holding a PECB Lead Incident Manager Certificate, you will be able to demonstrate that you have the practical knowledge and professional capabilities to support and lead a team in managing Information Security Incidents.

Who should attend?

Information Security Incident managers
IT Managers
IT Auditors
Managers seeking to establish an Incident Response Team (IRT)
Managers seeking to learn more about operating effective IRTs
Information Security risk managers
IT system administration professionals
IT network administration professionals
Members of Incident Response Teams
Individuals responsible for Information Security within an organization

Learning objectives

Master the concepts, approaches, methods, tools and techniques that enable an effective Information Security Incident Management according to ISO/IEC 27035
Acknowledge the correlation between ISO/IEC 27035 and other standards and regulatory frameworks
Acquire the expertise to support an organization to effectively implement, manage and maintain an Information Security Incident Response plan
Acquire the competence to effectively advise organizations on the best practices of Information Security Incident Management
Understand the importance of establishing well-structured procedures and policies for Incident Management processes
Develop the expertise to manage an effective Incident Response Team

Educational approach

This training is based on both theory and best practices used in the implementation of an Information Security Incident Management plan
Lecture sessions are illustrated with examples based on case studies
Practical exercises are based on a case study which includes role playing and discussions
Practice tests are similar to the Certification Exam

General Information

Certification fees are included on the exam price
Training material containing over 450 pages of information and practical examples will be distributed
A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued
In case of exam failure, you can retake the exam within 12 months for free

ISO/IEC 27701 Foundation

14 hours

The ISO/IEC 27701 Foundation training course is designed to help participants understand the basic concepts and principles of a Privacy Information Management System (PIMS) based on ISO/IEC 27701. Moreover, during this training course, students will learn more on the structure of the standard including its requirements, guidance and controls on the protection of the privacy of Personally Identifiable Information (PII) principals and the relationship of the standard with ISO/IEC 27001 and ISO/IEC 27002.

After completing this training course, you can sit for the exam and, if you successfully pass it, you can apply for the “PECB Certified ISO/IEC 27701 Foundation” credential. A PECB Foundation certificate proves that you have comprehended the fundamental methodologies, requirements, guidelines, framework and managerial approach.

Who should attend?

Individuals involved in information security and privacy management
Individuals seeking to gain knowledge on the main processes of a privacy information management system
Individuals interested in pursuing a career in privacy information management
Individuals responsible for personally identifiable information (PII) within organizations
Information security team members

Learning objectives

Understand the fundamental concepts and principles of a privacy information management system (PIMS) based on ISO/IEC 27701
Identify the relationship between ISO/IEC 27701, ISO/IEC 27001, ISO/IEC 27002, and other standards and regulatory frameworks
Understand the approaches, standards, methods, and techniques used for the implementation and management of a PIMS

Educational approach

Lecture sessions are complemented by discussions questions and examples
The exercises include multiple-choice quizzes and essay-type exercises
Exercise questions and quizzes are similar to the certification exam

General Information

Participants will be provided with the training material containing over 200 pages of explanatory information, discussion topics, examples and exercises.
An attendance record certificate of 14 CPD (Continuing Professional Development) credits will be issued to the participants who have attended the training course.

ISO/IEC 27701 Lead Implementer

35 hours

The ISO/IEC 27701 Lead Implementer training course enables you to develop the necessary expertise to assist an organization to establish, implement, maintain and continually improve a Privacy Information Management System (PIMS) based on ISO/IEC 27701 by enhancing an existing ISMS based on ISO/IEC 27001 and the guidance of ISO/IEC 27002.

Why should you attend?

This training course is designed to prepare its participants implement a Privacy Information Management System (PIMS) in compliance with the requirements and guidance of the ISO/IEC 27701. Moreover, you will gain a comprehensive understanding of the best practices of privacy information management and learn how to manage and process data while complying with various data privacy regimes.

After mastering the implementation and management of a Privacy Information Management System (PIMS), you can sit for the exam and apply for a “PECB Certified ISO/IEC 27701 Lead Implementer” credential. The internationally recognized PECB Lead Implementer Certificate proves that you have the practical knowledge and professional capabilities to implement the ISO/IEC 27701 requirements in an organization.

Who should attend?

Managers and consultants involved in privacy and data management
Expert advisors seeking to master the implementation of a Privacy Information Management System
Individuals responsible and accountable for Personally Identifiable Information (PII) within organizations
Individuals responsible for maintaining conformance with data privacy regimes requirements
PIMS team members

Learning objectives

Master the concepts, approaches, methods and techniques used for the implementation and effective management of a PIMS.
Learn about the correlation between ISO/IEC 27701, ISO/IEC 27001, ISO/IEC 27002 and other standards and regulatory frameworks.
Understand the operation of a PIMS based on ISO/IEC 27701 and its principal processes.
Learn how to interpret the requirements of ISO/IEC 27701 in the specific context of an organization.
Develop the expertise to support an organization in effectively planning, implementing, managing, monitoring and maintaining a PIMS.

Education approach

This training course is based on both theory and best practices used in the implementation of PIMS.
Lecture sessions are illustrated with examples based on case studies.
Practical exercises are based on a case study which includes role playing and discussions.
Practice tests are similar to the Certification Exam

General information

Certification fees are included on the exam price.
Training materials and practical examples will be distributed.
A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued.
In case of exam failure, you can retake the exam within 12 months for free.

ISO/IEC 27701 Lead Auditor

35 hours

The ISO/IEC 27701 Lead Auditor training course enables you to develop the necessary skills to perform a Privacy Information Management System (PIMS) audit by applying widely recognized audit principles, procedures and techniques.

Why should you attend?

During this training course, you will obtain the knowledge and skills to plan and carry out audits in compliance with ISO 19011 and ISO/IEC 17021-1 certification process.

Based on practical exercises, you will be able to acquire knowledge on the protection of privacy in the context of processing personally identifiable information (PII), as well as master audit techniques and become competent to manage an audit program, audit team, establish communication with customers and resolve potential conflicts.

After completing this training course, you can sit for the exam and, if you successfully pass the exam, you can apply for the “PECB Certified ISO/IEC 27701 Lead Auditor” credential. The internationally recognized PECB Lead Auditor certificate proves that you have the capabilities and competences to audit organizations based on best practices.

Who should attend?

Auditors seeking to perform and lead Privacy Information Management System (PIMS) certification audits
Managers or consultants seeking to master a PIMS audit process
Individuals responsible for maintaining conformance with PIMS requirements
Technical experts seeking to prepare for a PIMS audit
Expert advisors in the protection of Personally Identifiable Information (PII)

Learning objectives

Understand a Privacy Information Management System (PIMS) and its processes based on ISO/IEC 27701
Identify the relationship between ISO/IEC 27701, ISO/IEC 27001, ISO/IEC 27002, and other standards and regulatory frameworks
Acquire the competences of the auditor’s role in planning, leading, and following up on a management system audit in accordance with ISO 19011.
Learn how to interpret the requirements of ISO/IEC 27701 in the context of a PIMS audit

Education approach

This training is based on both theory and best practices used in PIMS audits
Lecture sessions are illustrated with examples based on case studies
Practical exercises are based on a case study which includes role-playing and discussions
Practice tests are similar to the Certification Exam

General information

Participants will be provided with the training material containing over 400 pages of explanatory information, discussion topics, examples and exercises.
An attendance record certificate of 31 CPD (Continuing Professional Development) credits will be issued to the participants who have attended the training course.

ISO/IEC 27001 Foundation

14 hours

ISO/IEC 27002 Introduction

7 hours

ISO/IEC 27001 Lead Auditor

35 hours

ISO/IEC 27001 Lead Auditor

ISO/IEC 27001 Lead Auditor training enables you to develop the necessary expertise to perform an Information Security Management System (ISMS) audit by applying widely recognized audit principles, procedures and techniques.

Why should you attend?

During this training course, you will acquire the knowledge and skills to plan and carry out internal and external audits in compliance with ISO 19011 and ISO/IEC 17021-1 certification process.

Based on practical exercises, you will be able to master audit techniques and become competent to manage an audit program, audit team, communication with customers, and conflict resolution.

After acquiring the necessary expertise to perform this audit, you can sit for the exam and apply for a “PECB Certified ISO/IEC 27001 Lead Auditor” credential. By holding a PECB Lead Auditor Certificate, you will demonstrate that you have the capabilities and competencies to audit organizations based on best practices.

Who should attend?

Auditors seeking to perform and lead Information Security Management System (ISMS) certification audits
Managers or consultants seeking to master an Information Security Management System audit process
Individuals responsible for maintaining conformance with Information Security Management System requirements
Technical experts seeking to prepare for an Information Security Management System audit
Expert advisors in Information Security Management

Learning objectives

Understand the operations of an Information Security Management System based on ISO/IEC 27001
Acknowledge the correlation between ISO/IEC 27001, ISO/IEC 27002 and other standards and regulatory frameworks
Understand an auditor’s role to: plan, lead and follow-up on a management system audit in accordance with ISO 19011
Learn how to lead an audit and audit team
Learn how to interpret the requirements of ISO/IEC 27001 in the context of an ISMS audit
Acquire the competencies of an auditor to: plan an audit, lead an audit, draft reports, and follow-up on an audit in compliance with ISO 19011

Educational approach

This training is based on both theory and best practices used in ISMS audits
Lecture sessions are illustrated with examples based on case studies
Practical exercises are based on a case study which includes role playing and discussions
Practice tests are similar to the Certification Exam

ISO 27002 Lead Manager

35 hours

ISO/IEC 27002 Lead Manager training enables you to develop the necessary expertise and knowledge to support an organization in implementing and managing Information Security controls as specified in ISO/IEC 27002.

After completing this course, you can sit for the exam and apply for the “PECB Certified ISO/IEC 27002 Lead Manager” credential. A PECB Lead Manager Certification, proves that you have mastered the principles and techniques for the implementation and management of Information Security Controls based on ISO/IEC 27002.

Who should attend?

Managers or consultants seeking to implement an Information Security Management System (ISMS) based on ISO/IEC 27001 and ISO/IEC 27002
Project managers or consultants seeking to master the Information Security Management System implementation process
Individuals responsible for the information security, compliance, risk, and governance, in an organization
Members of information security teams
Expert advisors in information technology
Information Security officers
Privacy officers
IT professionals
CTOs, CIOs and CISOs

Learning objectives

Master the implementation of Information Security controls by adhering to the framework and principles of ISO/IEC 27002
Gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective implementation and management of Information Security controls
Comprehend the relationship between the components of Information Security controls, including responsibility, strategy, acquisition, performance, conformance, and human behavior
Understand the importance of information security for the strategy of the organization
Master the implementation of information security management processes
Master the formulation and implementation of security requirements and objectives

Educational approach

This training is based on both theory and practice
Sessions of lectures illustrated with examples based on real cases
Practical exercises based on case studies
Review exercises to assist the exam preparation
Practice test similar to the certification exam

General Information

Certification fees are included on the exam price
Training material containing over 500 pages of information and practical examples will be distributed to the participants
A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to the participants
In case of exam failure, you can retake the exam within 12 months for free

ISO 27799 Foundation

14 hours

ISO 27799 Lead Manager

35 hours

ISO 27799 Lead Manager training enables you to acquire the necessary expertise to support an organization in implementing and managing Information Security controls based on ISO 27799 and ISO/IEC 27002. During this training course, you will also gain a comprehensive knowledge of the best practices of Information Security Controls and how to improve Information Security within a healthcare organization. Additionally, this training enables you to develop the necessary expertise to support healthcare organizations in establishing, implementing, managing and maintaining an Information Security Management System (ISMS). Furthermore, during this training you will learn the complex and different factors that should be taken into account when dealing with information security issues within a healthcare organization.

After mastering all the necessary concepts of Information Security Controls, you can sit for the exam and apply for a “PECB Certified ISO 27799 Lead Manager” credential. By holding a PECB Lead Manager Certificate, you will be able to demonstrate that you have the practical knowledge and professional capabilities to support and lead a team in implementing and managing Information Security Controls in healthcare organizations based on ISO 27799 and ISO/IEC 27002.

Who should attend?

Managers or consultants seeking to implement an Information Security Management System (ISMS) based on ISO/IEC 27001, ISO/IEC 27002 and ISO 27799
Project managers or consultants seeking to master the Information Security Management System implementation process in healthcare organizations
Individuals responsible for Information Security, compliance, risk, and governance in a healthcare organization
Information Security team members
Expert advisors in information technology
Information Security officers
Information Security managers
Privacy officers
IT professionals
CTOs, CIOs and CISOs

Learning objectives

Master the implementation of Information Security controls in healthcare organizations by adhering to the framework and principles of ISO 27799 and ISO/IEC 27002
Master the concepts, approaches, standards, methods and techniques required for the implementation and effective management of Information Security controls in healthcare organizations
Comprehend the relationship between the components of Information Security controls, including responsibility, strategy, acquisition, performance, conformance, and human behavior
Understand the importance of Information Security for the strategy of a healthcare organization
Master the implementation of Information Security management processes
Master the expertise to support a healthcare organization to effectively implement, manage and maintain Information Security Controls
Master the formulation and implementation of Information Security requirements and objectives
Master the development and administration of a health information security program, including: policies, procedures, risk assessment, security architectures etc.

ISO/IEC 27001 Lead Implementer

35 hours

Information security threats and attacks increase and improve constantly. The best form of defense against them is the proper implementation and management of information security controls and best practices. Information security is also a key expectation and requirement of customers, legislators, and other interested parties.

This training course is designed to prepare participants in implementing an information security management system (ISMS) based on ISO/IEC 27001. It aims to provide a comprehensive understanding of the best practices of an ISMS and a framework for its continual management and improvement.

After attending the training course, you can take the exam. If you successfully pass it, you can apply for a “PECB Certified ISO/IEC 27001 Lead Implementer” credential, which demonstrates your ability and practical knowledge to implement an ISMS based on the requirements of ISO/IEC 27001.

Who Can Attend?

Project managers and consultants involved in and concerned with the implementation of an ISMS
Expert advisors seeking to master the implementation of an ISMS
Individuals responsible for ensuring conformity to information security requirements within an organization
Members of an ISMS implementation team

General information

Certification fees are included in the exam price
Training material containing over 450 pages of information and practical examples will be distributed
A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued
In case of exam failure, you can retake the exam within 12 months free of charge

Educational approach

This training course contains essay-type exercises, multiple-choice quizzes, examples, and best practices used in the implementation of an ISMS.
The participants are encouraged to communicate with each other and engage in discussions when completing quizzes and exercises.
The exercises are based on a case study.
The structure of the quizzes is similar to that of the certification exam.

Learning objectives

This training course will help you:

Gain a comprehensive understanding of the concepts, approaches, methods, and techniques used for the implementation and effective management of an ISMS
Acknowledge the correlation between ISO/IEC 27001, ISO/IEC 27002, and other standards and regulatory frameworks
Understand the operation of an information security management system and its processes based on ISO/IEC 27001
Learn how to interpret and implement the requirements of ISO/IEC 27001 in the specific context of an organization
Acquire the necessary knowledge to support an organization in effectively planning, implementing, managing, monitoring, and maintaining an ISMS

Telecom

What is Telecom?

Digital Identity for Telecom

21 hours

BCS

What is BCS?

BCS Foundation Certificate in Information Security Management Principles (CISMP) 4 day

28 hours

BCS Foundation Certificate in Information Security Management Principles (CISMP)

21 hours

BCS Practitioner Certificate in Information Assurance Architecture (CIAA)

35 hours

BCS Practitioner Certificate in Business Continuity Management

21 hours

BCS Practitioner Certificate in Information Risk Management (CIRM)

35 hours

Authorized Microsoft

What is Authorized Microsoft?

SC-200T00: Microsoft Security Operations Analyst

28 hours

Learn how to investigate, respond to, and hunt for threats using Microsoft Azure Sentinel, Azure Defender, and Microsoft 365 Defender. In this course you will learn how to mitigate cyberthreats using these technologies. Specifically, you will configure and use Azure Sentinel as well as utilize Kusto Query Language (KQL) to perform detection, analysis, and reporting. The course was designed for people who work in a Security Operations job role and helps learners prepare for the exam SC-200: Microsoft Security Operations Analyst.

Audience Profile

The Microsoft Security Operations Analyst collaborates with organizational stakeholders to secure information technology systems for the organization. Their goal is to reduce organizational risk by rapidly remediating active attacks in the environment, advising on improvements to threat protection practices, and referring violations of organizational policies to appropriate stakeholders. Responsibilities include threat management, monitoring, and response by using a variety of security solutions across their environment. The role primarily investigates, responds to, and hunts for threats using Microsoft Azure Sentinel, Azure Defender, Microsoft 365 Defender, and third-party security products. Since the Security Operations Analyst consumes the operational output of these tools, they are also a critical stakeholder in the configuration and deployment of these technologies.

Job role: Security Engineer

Preparation for exam: SC-200

Features: none

Skills gained

Explain how Microsoft Defender for Endpoint can remediate risks in your environment
Create a Microsoft Defender for Endpoint environment
Configure Attack Surface Reduction rules on Windows 10 devices
Perform actions on a device using Microsoft Defender for Endpoint
Investigate domains and IP addresses in Microsoft Defender for Endpoint
Investigate user accounts in Microsoft Defender for Endpoint
Configure alert settings in Microsoft Defender for Endpoint
Explain how the threat landscape is evolving
Conduct advanced hunting in Microsoft 365 Defender
Manage incidents in Microsoft 365 Defender
Explain how Microsoft Defender for Identity can remediate risks in your environment
Investigate DLP alerts in Microsoft Cloud App Security
Explain the types of actions you can take on an insider risk management case
Configure auto-provisioning in Azure Defender
Remediate alerts in Azure Defender
Construct KQL statements
Filter searches based on event time, severity, domain, and other relevant data using KQL
Extract data from unstructured string fields using KQL
Manage an Azure Sentinel workspace
Use KQL to access the watchlist in Azure Sentinel
Manage threat indicators in Azure Sentinel
Explain the Common Event Format and Syslog connector differences in Azure Sentinel
Connect Azure Windows Virtual Machines to Azure Sentinel
Configure Log Analytics agent to collect Sysmon events
Create new analytics rules and queries using the analytics rule wizard
Create a playbook to automate an incident response
Use queries to hunt for threats
Observe threats over time with livestream

Network Administration

What is Network Administration?

Network Security Administrator

35 hours

NetNORAD

7 hours

Cyber Security

What is Cyber Security?

BeyondCorp: Implementing Zero Trust Security

14 hours

Certified Lead Ethical Hacker

35 hours

Why should you attend?

The Certified Lead Ethical Hacker training course enables you to develop the necessary expertise to perform information system penetration tests by applying recognized principles, procedures and penetration testing techniques, in order to identify potential threats on a computer network. During this training course, you will gain the knowledge and skills to manage a penetration testing project or team, as well as plan and perform internal and external pentests, in accordance with various standards such as the Penetration Testing Execution Standard (PTES) and the Open Source Security Testing Methodology Manual (OSSTMM). Moreover, you will also gain a thorough understanding on how to draft reports and countermeasure proposals. Additionally, through practical exercises, you will be able to master penetration testing techniques and acquire the skills needed to manage a pentest team, as well as customer communication and conflict resolution.

The Certified Lead Ethical Hacking training course provides a technical vision of information security through ethical hacking, using common techniques such as information gathering and vulnerability detection, both inside and outside of a business network.

The training is also compatible with the NICE (The National Initiative for Cybersecurity Education) Protect and Defend framework.

After mastering the necessary knowledge and skills in ethical hacking, you can take the exam and apply for the "PECB Certified Lead Ethical Hacker" credential. By holding a PECB Lead Ethical Hacker certificate, you will be able to demonstrate that you have acquired the practical skills for performing and managing penetration tests according to best practices.

Who should attend?

Individuals interested in IT Security, and particularly in Ethical Hacking, to either learn more about the topic or to start a process of professional reorientation.
Information security officers and professionals seeking to master ethical hacking and penetration testing techniques.
Managers or consultants wishing to learn how to control the penetration testing process.
Auditors wishing to perform and conduct professional penetration tests.
Persons responsible for maintaining the security of information systems in an organization.
Technical experts who want to learn how to prepare a pentest.
Cybersecurity professionals and information security team members.

Advanced PHP and Secure Coding Course

35 hours

Ubuntu Security

14 hours

OpenStack Security

14 hours

Ethical Hacker

35 hours

Understanding Modern Information Communication Technology

7 hours

Cyber Crisis & Communications Planning

7 hours

Certified Ethical Hacker

35 hours

Operational Cloud Security

14 hours

Cloud Security Seminar

7 hours

Cyber Defence (SOC) Analyst Foundation

7 hours

Cyber Resilience RESILIA Foundation

14 hours

Systems Security Certified Practitioner

35 hours

Executive Cyber Security Awareness

7 hours

PKI & TLS Security Implementation

7 hours

Secure by Design

7 hours

Data Protection Practitioner

14 hours

PCI-DSS Practitioner

14 hours

Cyber Emergency Response Team (CERT)

7 hours

The Dark Web

7 hours

Crypto Currencies and the Blockchain

7 hours

End User Security: Protecting Your Online Footprint

14 hours

Cyber Crime in Business

7 hours

Mobile Forensic Security

7 hours

Biometric Forensic Foundation

7 hours

Digital Investigations - Introduction

14 hours

Digital Investigations - Advanced

21 hours

Capture the Flag (CTF)

14 hours

MITRE ATT&CK

7 hours

Social Engineering

14 hours

Lead SCADA Security Manager

35 hours

Lead SCADA Security Manager training enables you to develop the necessary expertise to plan, design, and implement an effective program to protect SCADA systems. In addition, you will be able to understand common Industrial Control System (ICS) threats, vulnerabilities, risks related to the Industrial Control Systems (ICS) and techniques used to manage these risks. This training focuses on several aspects of security management and skills related to SCADA/ICS security.

Lead SCADA Security Manager training course is designed by industry experts with in-depth experience in SCADA and Industrial Control Systems Security. Unlike other trainings, this training course concentrates specifically on the knowledge and skills needed by a professional seeking to advice on, or manage risks related to SCADA environments and systems. Given the high profile nature and the significant impacts associated with such environments, a holistic professional approach to security is needed and that is exactly what this course is designed to provide.

In addition, to acquire the theoretical knowledge needed by a SCADA Security Manager, a comprehensive methodology for the implementation of a SCADA Security program is presented. Thus, at the end of this course, you will gain knowledge on how to effectively implement a security program for SCADA/ICS systems.

After mastering all the necessary concepts of SCADA Security, you can sit for the exam and apply for a “PECB Certified Lead SCADA Security Manager” credential. By holding a PECB Lead SCADA Security Manager Certificate, you will be able to demonstrate that you have the practical knowledge and professional capabilities to support and lead a team in managing SCADA Security.

Who should attend?

Security professionals interested in acquiring SCADA security professional skills
IT professionals looking to enhance their technical skills and knowledge
IT and Risk Managers seeking a more detailed understanding of ICS and SCADA systems
SCADA system developers
SCADA engineers and operators
SCADA IT professionals

Learning objectives

Understand and explain the purpose and risks to SCADA systems, Distributed Control Systems and Programmable Logic Controllers
Understand the risks faced by these environments and the appropriate approaches to manage such risks
Develop the expertise to support a pro-active SCADA Security program, including policies and vulnerability management
Define and design network architecture incorporating defense in advanced security controls for SCADA
Explain the relationship between management, operational and technical controls in a SCADA Security program
Improve the ability to design resilient and high availability SCADA systems
Learn how to manage a program of effective security testing activities

Educational approach

This training is based on both theory and best practices used in SCADA Security
Lecture sessions are illustrated with examples based on case studies
Practical exercises are based on a case study which includes role playing and discussions
Practical tests are similar to the Certification Exam

General Information

Certification fees are included on the exam price
Training material containing over 450 pages of information and practical examples will be distributed
A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued
In case of exam failure , you can retake the exam within 12 months for free

MasterClass Certified Ethical Hacker Program

28 hours

The Certified Ethical Hacker certification is a sought-after cybersecurity certification around the world.

This program incorporates instruction and practice to get students ready to take the CEH certification exam as well as the CEH Practical Exam. Candidates who successfully pass both exams earn the CEH Master credential as well as their CEH certification.

Students are given the choice to add either the CPENT or the CHFI course to their package.

Training for either the Certified Penetration Testing Professional (CPENT) course or the Computer Hacking Forensic Investigator (CHFI) course will be given to each student via EC-Council’s online, self-paced, streaming video program.

CPENT (Pen-test):
Teaches students how to apply the concepts and tools taught in the CEH program to a pen-test methodology in a live cyber range.

CHFI (Computer Forensics):
Teaches students a methodological approach to computer forensics including searching and seizing, chain-of-custody, acquisition, preservation, analysis and reporting of digital evidence.

Course Description

CEH provides an in-depth understanding of ethical hacking phases, various attack vectors, and preventative countermeasures. It will teach you how hackers think and act maliciously so you will be better positioned to setup your security infrastructure and defend against future attacks. An understanding of system weaknesses and vulnerabilities helps organizations strengthen their system security controls to minimize the risk of an incident.

CEH was built to incorporate a hands-on environment and systematic process across each ethical hacking domain and methodology, giving you the opportunity to work towards proving the required knowledge and skills needed to achieve the CEH credential. You will be exposed to an entirely different posture toward the responsibilities and measures required to be secure.

Who Should Attend

Law enforcement personnel
System administrators
Security officers
Defense and military personnel
Legal professionals
Bankers
Security professionals

About the Certified Ethical Hacker Master

To earn the CEH Master certification, you must pass the CEH Practical exam. The CEH Practical Exam was designed to give students a chance to prove they can execute the principals taught in the CEH course. The practical exam requires you to demonstrate the application of ethical hacking techniques such as threat vector identification, network scanning, OS detection, vulnerability analysis, system hacking, and more.

The CEH Practical does not contain simulations. Rather, you will be challenging a live range which was designed to mimic a corporate network through the use of live virtual machines, networks, and applications.

Successfully completing the challenges found in the CEH Practical Exam is the next step after attaining the Certified Ethical Hacker (CEH) certification. Successfully passing both the CEH exam and the CEH Practical will earn you the additional certification of CEH Master.

About the Certified Ethical Hacker Practical

To prove that you are skilled in ethical hacking, we test your abilities with real-world challenges in a real-world environment, using labs and tools requiring you to complete specific ethical hacking challenges within a time limit, just as you would face in the real world.

The EC-Council CEH (Practical) exam is comprised of a complex network that replicates a large organization’s real-life network and consists of various network systems (including DMZ, Firewalls, etc.). You must apply your ethical hacking skills to discover and exploit real-time vulnerabilities while also auditing the systems.

About CPENT

EC-Council’s Certified Penetration Tester (CPENT) program is all about the pen test and will teach you to perform in an enterprise network environment that must be attacked, exploited, evaded, and defended. If you have only been working in flat networks, CPENT’s live practice range will teach you to take your skills to the next level by teaching you to pen test IoT systems, OT systems, as well as how to write your own exploits, build your own tools, conduct advanced binaries exploitation, double pivot to access hidden networks, and customization of scripts and exploits to get into the innermost segments of the network.

About CHFI

The Computer Hacking Forensic Investigator (CHFI) course delivers the security discipline of digital forensics from a vendor-neutral perspective. CHFI is a comprehensive course covering major forensic investigation scenarios and enabling students to acquire necessary hands-on experience with various forensic investigation techniques and standard forensic tools necessary to successfully carry out a computer forensic investigation.

Understanding and Managing the Threat of Malware

7 hours

ABAP Secure code

14 hours

Cybersecurity Fundamentals - A Practical Course

14 hours

Cyber Security Body of Knowledge (CyBOK)

35 hours

Secure Code

What is Secure Code?

Standard Java Security

14 hours

Java and Web Application Security

21 hours

Description

Beyond solid knowledge in using Java components, even for experienced Java programmers it is essential to have a deep knowledge in web-related vulnerabilities both on server and client side, the different vulnerabilities that are relevant for web applications written in Java, and the consequences of the various risks.

General web-based vulnerabilities are demonstrated through presenting the relevant attacks, while the recommended coding techniques and mitigation methods are explained in the context of Java with the most important aim to avoid the associated problems. In addition, a special focus is given to client-side security tackling security issues of JavaScript, Ajax and HTML5.

The course introduces security components of Standard Java Edition, which is preceded with the foundations of cryptography, providing a common baseline for understanding the purpose and the operation of the applicable components. The use of all components is presented through practical exercises, where participants can try out the discussed APIs and tools for themselves.

Finally, the course explains the most frequent and severe programming flaws of the Java language and platform. Besides the typical bugs committed by Java programmers, the introduced security vulnerabilities cover both language-specific issues and problems stemming from the runtime environment. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques.

Participants attending this course will

Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn client-side vulnerabilities and secure coding practices
Learn to use various security features of the Java development environment
Have a practical understanding of cryptography
Learn about typical coding mistakes and how to avoid them
Get information about some recent vulnerabilities in the Java framework
Get practical knowledge in using security testing tools
Get sources and further readings on secure coding practices

Audience

Developers

Advanced Java Security

21 hours

Advanced Java, JEE and Web Application Security

28 hours

The course introduces security components of Standard Java Edition, which is preceded with the foundations of cryptography, providing a common baseline for understanding the purpose and the operation of the applicable components. Security issues of Java Enterprise Edition are presented through various exercises explaining both declarative and programmatic security techniques in JEE.

Participants attending this course will

Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn client-side vulnerabilities and secure coding practices
Learn to use various security features of the Java development environment
Have a practical understanding of cryptography
Understand security concepts of Web services
Understand security solutions of Java EE
Learn about typical coding mistakes and how to avoid them
Get information about some recent vulnerabilities in the Java framework
Get practical knowledge in using security testing tools
Get sources and further readings on secure coding practices

Audience

Developers

Combined C/C++, JAVA and Web Application Security

28 hours

To serve in the best way heterogeneous development groups that are using various platforms simultaneously during their everyday work, we have merged various topics into a combined course that presents diverse secure coding subjects in didactic manner on a single training event. This course combines C/C++ and Java platform security to provide an extensive, cross-platform secure coding expertise.

Concerning C/C++, common security vulnerabilities are discussed, backed by practical exercises about the attacking methods that exploit these vulnerabilities, with the focus on the mitigation techniques that can be applied to prevent the occurrences of these dangerous bugs, detect them before market launch or prevent their exploitation.

Security components and service of Java are discussed by presenting the different APIs and tools through a number of practical exercises where participants can gain hands-on experience in using them. The course also covers security issues of web services and the related Java services that can be applied to prevent the most aching threats of the Internet based services. Finally, web- and Java-related security vulnerabilities are demonstrated by easy-to-understand exercises, which not only show the root cause of the problems, but also demonstrate the attack methods along with the recommended mitigation and coding techniques in order to avoid the associated security problems.

Participants attending this course will

Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn client-side vulnerabilities and secure coding practices
Learn to use various security features of the Java development environment
Have a practical understanding of cryptography
Realize the severe consequences of unsecure buffer handling
Understand the architectural protection techniques and their weaknesses
Learn about typical coding mistakes and how to avoid them
Be informed about recent vulnerabilities in various platforms, frameworks and libraries
Get sources and further readings on secure coding practices

Audience

Developers

Combined JAVA, PHP and Web Application Security

28 hours

Even experienced programmers do not master by all means the various security services offered by their development platforms, and are likewise not aware of the different vulnerabilities that are relevant for their developments. This course targets developers using both Java and PHP, providing them essential skills necessary to make their applications resistant to contemporary attacks through the Internet.

Levels of Java security architecture are walked through by tackling access control, authentication and authorization, secure communication and various cryptographic functions. Various APIs are also introduced that can be used to secure your code in PHP, like OpenSSL for cryptography or HTML Purifier for input validation. On server side, the best practices are given for hardening and configuring the operating system, the web container, the file system, the SQL server and the PHP itself, while a special focus is given to client-side security through security issues of JavaScript, Ajax and HTML5.

General web vulnerabilities are discussed by examples aligned to the OWASP Top Ten, showing various injection attacks, script injections, attacks against session handling, insecure direct object references, issues with file uploads, and many others. The various Java- and PHP-specific language problems and issues stemming from the runtime environment are introduced grouped into the standard vulnerability types of missing or improper input validation, improper use of security features, incorrect error and exception handling, time- and state-related problems, code quality issues and mobile code-related vulnerabilities.

Participants can try out the discussed APIs, tools and the effects of configurations for themselves, while the introduction of vulnerabilities are all supported by a number of hands-on exercises demonstrating the consequences of successful attacks, showing how to correct the bugs and apply mitigation techniques, and introducing the use of various extensions and tools.

Participants attending this course will

Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn client-side vulnerabilities and secure coding practices
Learn to use various security features of the Java development environment
Have a practical understanding of cryptography
Learn to use various security features of PHP
Understand security concepts of Web services
Get practical knowledge in using security testing tools
Learn about typical coding mistakes and how to avoid them
Be informed about recent vulnerabilities in Java and PHP frameworks and libraries
Get sources and further readings on secure coding practices

Audience

Developers

Apache Shiro: Securing Your Java Application

7 hours

Secure Developer Java (Inc OWASP)

21 hours

Secure coding in PHP

21 hours

The course provides essential skills for PHP developers necessary to make their applications resistant to contemporary attacks through the Internet. Web vulnerabilities are discussed through PHP-based examples going beyond the OWASP top ten, tackling various injection attacks, script injections, attacks against session handling of PHP, insecure direct object references, issues with file upload, and many others. PHP-related vulnerabilities are introduced grouped into the standard vulnerability types of missing or improper input validation, incorrect error and exception handling, improper use of security features and time- and state-related problems. For this latter we discuss attacks like the open_basedir circumvention, denial-of-service through magic float or the hash table collision attack. In all cases participants will get familiar with the most important techniques and functions to be used to mitigate the enlisted risks.

A special focus is given to client-side security tackling security issues of JavaScript, Ajax and HTML5. A number of security-related extensions to PHP are introduced like hash, mcrypt and OpenSSL for cryptography, or Ctype, ext/filter and HTML Purifier for input validation. The best hardening practices are given in connection with PHP configuration (setting php.ini), Apache and the server in general. Finally, an overview is given to various security testing tools and techniques which developers and testers can use, including security scanners, penetration testing and exploit packs, sniffers, proxy servers, fuzzing tools and static source code analyzers.

Both the introduction of vulnerabilities and the configuration practices are supported by a number of hands-on exercises demonstrating the consequences of successful attacks, showing how to apply mitigation techniques and introducing the use of various extensions and tools.

Participants attending this course will

Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn client-side vulnerabilities and secure coding practices
Have a practical understanding of cryptography
Learn to use various security features of PHP
Learn about typical coding mistakes and how to avoid them
Be informed about recent vulnerabilities of the PHP framework
Get practical knowledge in using security testing tools
Get sources and further readings on secure coding practices

Audience

Developers

C/C++ Secure Coding

21 hours

DevOps Security: Creating a DevOps Security Strategy

7 hours

Node.JS and Web Application Security

21 hours

Embedded Systems Security

21 hours

Interactive Application Security Testing (IAST)

14 hours

Secure Developer .NET (Inc OWASP)

21 hours

Microsoft SDL Core

14 hours

.NET, C# and ASP.NET Security Development

14 hours

Comprehensive C# and .NET Application Security

21 hours

A number of programming languages are available today to compile code to .NET and ASP.NET frameworks. The environment provides powerful means for security development, but developers should know how to apply the architecture- and coding-level programming techniques in order to implement the desired security functionality and avoid vulnerabilities or limit their exploitation.

The aim of this course is to teach developers through numerous hands-on exercises how to prevent untrusted code from performing privileged actions, protect resources through strong authentication and authorization, provide remote procedure calls, handle sessions, introduce different implementations for certain functionality, and many more. A special section is devoted to configuration and hardening of the .NET and ASP.NET environment for security.

A brief introduction to the foundations of cryptography provides a common practical baseline for understanding the purpose and the operation of various algorithms, based on which the course presents the cryptographic features that can be used in .NET. This is followed by the introduction of some recent crypto vulnerabilities both related to certain crypto algorithms and cryptographic protocols, as well as side-channel attacks.

Introduction of different vulnerabilities starts with presenting some typical programming problems committed when using .NET, including bug categories of input validation, error handling or race conditions. A special focus is given to XML security, while the topic of ASP.NET-specific vulnerabilities tackles some special issues and attack methods: like attacking the ViewState, or the string termination attacks.

Participants attending this course will

Understand basic concepts of security, IT security and secure coding
Learn to use various security features of the .NET development environment
Have a practical understanding of cryptography
Understand some recent attacks against cryptosystems
Get information about some recent vulnerabilities in .NET and ASP.NET
Learn about typical coding mistakes and how to avoid them
Get practical knowledge in using security testing tools
Get sources and further readings on secure coding practices

Audience

Developers

Advanced C#, ASP.NET and Web Application Security

21 hours

Beyond solid knowledge in using various security features of .NET and ASP.NET, even for experienced programmers it is essential to have a deep knowledge in web-related vulnerabilities both on server and client side along with the consequences of the various risks.

In this course the general web-based vulnerabilities are demonstrated through presenting the relevant attacks, while the recommended coding techniques and mitigation methods are explained in the context of ASP.NET. A special focus is given to client-side security tackling security issues of JavaScript, Ajax and HTML5.

The course also deals with the security architecture and components of the .NET framework, including code- and role based access control, permission declaration and checking mechanisms and the transparency model. A brief introduction to the foundations of cryptography provides a common practical baseline for understanding the purpose and the operation of various algorithms, based on which the course presents the cryptographic features that can be used in .NET.

Introduction of different security bugs follows the well-established vulnerability categories, tackling input validation, security features, error handling, time- and state-related problems, the group of general code quality issues, and a special section on ASP.NET-specific vulnerabilities. These topics are concluded with an overview on testing tools that can be used to automatically reveal some of the learnt bugs.

Topics are presented through practical exercises where participants can try out the consequences of certain vulnerabilities, the mitigations, as well as the discussed APIs and tools for themselves.

Participants attending this course will

Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn client-side vulnerabilities and secure coding practices
Learn to use various security features of the .NET development environment
Have a practical understanding of cryptography
Get information about some recent vulnerabilities in .NET and ASP.NET
Get practical knowledge in using security testing tools
Learn about typical coding mistakes and how to avoid them
Get sources and further readings on secure coding practices

Audience

Developers

Web Application Security

14 hours

Security Testing

14 hours

Secure Web Application Development and Testing

21 hours

Protecting applications that are accessible via the web requires well-prepared security professional who are at all time aware of current attack methods and trends. Plethora of technologies and environments exist that allow comfortable development of web applications. One should not only be aware of the security issues relevant to these platforms, but also of all general vulnerabilities that apply regardless of the used development tools.

The course gives an overview of the applicable security solutions in web applications, with a special focus on understanding the most important cryptographic solutions to be applied. The various web application vulnerabilities are presented both on the server side (following the OWASP Top Ten) and the client side, demonstrated through the relevant attacks, and followed by the recommended coding techniques and mitigation methods to avoid the associated problems. The subject of secure coding is wrapped up by discussing some typical security-relevant programming mistakes in the domain of input validation, improper use of security features and code quality.

Testing plays a very important role in ensuring security and robustness of web applications. Various approaches – from high level auditing through penetration testing to ethical hacking – can be applied to find vulnerabilities of different types. However, if you want to go beyond the easy-to-find low-hanging fruits, security testing should be well planned and properly executed. Remember: security testers should ideally find all bugs to protect a system, while for adversaries it is enough to find one exploitable vulnerability to penetrate into it.

Practical exercises will help understanding web application vulnerabilities, programming mistakes and most importantly the mitigation techniques, together with hands-on trials of various testing tools from security scanners, through sniffers, proxy servers, fuzzing tools to static source code analyzers, this course gives the essential practical skills that can be applied on the next day at the workplace.

Participants attending this course will

Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn client-side vulnerabilities and secure coding practices
Have a practical understanding of cryptography
Understand security testing approaches and methodologies
Get practical knowledge in using security testing techniques and tools
Be informed about recent vulnerabilities in various platforms, frameworks and libraries
Get sources and further readings on secure coding practices

Audience

Developers, Testers

Combined C/C++/C#, ASP.NET and Web Application Security

28 hours

Beyond Ethical Hacking - Advanced Software Security

35 hours

Beyond solid knowledge in using security solutions of the applied technologies, even for experienced programmers it is essential to have a deep understanding of the typical attack techniques that are possible due the various vulnerabilities, i.e. security-relevant programming mistakes. This course approaches secure coding from the stand point of the attack techniques, but with the same purpose as any other course of SCADEMY Secure Coding Academy: to learn software security best practices.

General web-based vulnerabilities are demonstrated through presenting the relevant attacks, while the recommended coding techniques and mitigation methods are explained with the most important aim to avoid the associated problems. Besides server side issues (basically following the OWASP Top Ten), a special focus is given to client-side security tackling security issues of JavaScript, Ajax and HTML5, which is followed by discussing web services and XML security. A brief introduction to the foundations of cryptography provides a common practical baseline for understanding the purpose and the operation of various algorithms.

Specifically for C and C++, we go into more details regarding the exploitation of buffer overflows on the stack and on the heap. After showing the attack techniques, we give an overview of practical protection methods that can be applied at different levels (hardware components, the operating system, programming languages, the compiler, the source code or in production) to prevent the occurrence of the various bugs, to detect them during development and before market launch, or to prevent their exploitation during system operation. Finally, we discuss counter attacks, and then counter-protection measures, highlighting the cat-and-mouse nature of hacking and protection.

Finally, the course explains the most frequent and severe programming flaws in general, by bringing examples in Java, .NET, C and C++ languages and platforms. Besides the typical bugs committed by the programmers, the introduced security vulnerabilities cover both language-specific issues and problems stemming from the runtime environment or the used libraries. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques.

Finally, we present security testing techniques and tools that can be applied to reveal the discussed vulnerabilities, along with the various techniques for reconnaissance, configuration and hardening of the environment.

Participants attending this course will

Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn client-side vulnerabilities and secure coding practices
Understand security concepts of Web services
Have a practical understanding of cryptography
Realize the severe consequences of unsecure buffer handling
Understand the architectural protection techniques and their weaknesses
Learn about typical coding mistakes and how to exploit them
Be informed about recent vulnerabilities in various platforms, frameworks and libraries
Learn essential vulnerability analysis and testing techniques and tools
Get sources and further readings on secure coding practices

Audience

Developers

Android Security

14 hours

Application Security in the Cloud

21 hours

Migrating to the cloud introduces immense benefits for companies and individuals in terms of efficiency and costs. With respect to security, the effects are quite diverse, but it is a common perception that using cloud services impacts security in a positive manner. Opinions, however, diverge many times even on defining who is responsible for ensuring the security of cloud resources.

Covering IaaS, PaaS and SaaS, first the security of the infrastructure is discussed: hardening and configuration issues as well as various solutions for authentication and authorization alongside identity management that should be at the core of all security architecture. This is followed by some basics regarding legal and contractual issues, namely how trust is established and governed in the cloud.

The journey through cloud security continues with understanding cloud-specific threats and the attackers’ goals and motivations as well as typical attack steps taken against cloud solutions. Special focus is also given to auditing the cloud and providing security evaluation of cloud solutions on all levels, including penetration testing and vulnerability analysis.

The focus of the course is on application security issues, dealing both with data security and the security of the applications themselves. From the standpoint of application security, cloud computing security is not substantially different from general software security, and therefore basically all OWASP-enlisted vulnerabilities are relevant in this domain as well. It is the set of threats and risks that makes the difference, and thus the training is concluded with the enumeration of various cloud-specific attack vectors connected to the weaknesses discussed beforehand.

Participants attending this course will

Understand basic concepts of security, IT security and secure coding
Understand major threats and risks in the cloud domain
Learn about elementary cloud security solutions
Get information about the trust and the governance regarding the cloud
Have a practical understanding of cryptography
Get extensive knowledge in application security in the cloud
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Understand the challenges of auditing and evaluating cloud systems for security
Learn how to secure the cloud environment and infrastructure
Get sources and further readings on secure coding practices

Audience

Developers, Managers, Professionals

Network Security and Secure Communication

21 hours

Implementing a secure networked application can be difficult, even for developers who may have used various cryptographic building blocks (such as encryption and digital signatures) beforehand. In order to make the participants understand the role and usage of these cryptographic primitives, first a solid foundation on the main requirements of secure communication – secure acknowledgement, integrity, confidentiality, remote identification and anonymity – is given, while also presenting the typical problems that may damage these requirements along with real-world solutions.

As a critical aspect of network security is cryptography, the most important cryptographic algorithms in symmetric cryptography, hashing, asymmetric cryptography, and key agreement are also discussed. Instead of presenting an in-depth mathematical background, these elements are discussed from a developer's perspective, showing typical use-case examples and practical considerations related to the use of crypto, such as public key infrastructures. Security protocols in many areas of secure communication are introduced, with an in-depth discussion on the most widely-used protocol families such as IPSEC and SSL/TLS.

Typical crypto vulnerabilities are discussed both related to certain crypto algorithms and cryptographic protocols, such as BEAST, CRIME, TIME, BREACH, FREAK, Logjam, Padding oracle, Lucky Thirteen, POODLE and similar, as well as the RSA timing attack. In each case, the practical considerations and potential consequences are described for each problem, again, without going into deep mathematical details.

Finally, as XML technology is central for data exchange by networked applications, the security aspects of XML are described. This includes the usage of XML within web services and SOAP messages alongside protection measures such as XML signature and XML encryption – as well as weaknesses in those protection measures and XML-specific security issues such as XML injection, XML external entity (XXE) attacks, XML bombs, and XPath injection.

Participants attending this course will

Understand basic concepts of security, IT security and secure coding
Understand the requirements of secure communication
Learn about network attacks and defenses at different OSI layers
Have a practical understanding of cryptography
Understand essential security protocols
Understand some recent attacks against cryptosystems
Get information about some recent related vulnerabilities
Understand security concepts of Web services
Get sources and further readings on secure coding practices

Audience

Developers, Professionals

The Secure Coding Landscape

14 hours

How to Write Secure Code

35 hours

Application Security for Developers

21 hours

OWASP

What is OWASP?

Web Security with the OWASP Testing Framework

28 hours

OpenWrt

What is OpenWrt?

Shadowsocks: Set Up a Proxy Server

7 hours

Mobile Development

What is Mobile Development?

HIPAA Compliance for Developers

7 hours

Central Authentication Service (CAS)

What is Central Authentication Service (CAS)?

CAS for Administrators

7 hours

Internet of Things (IoT)

What is Internet of Things (IoT)?

IoT Security Architecture

14 hours

Business Continuity Management

What is Business Continuity Management?

Business Continuity Practitioner

14 hours

Automotive

What is Automotive?

Automotive Cyber Security Fundamentals

21 hours

Supply Chain Management (SCM)

What is Supply Chain Management (SCM)?

Managing Cyber Risks in the Supply Chain

7 hours

Authorized Windows

What is Authorized Windows?

Securing Windows Server 2016 (authorized training course MS 20744)

35 hours

NB-IoT

What is NB-IoT?

NB-IoT for Developers

7 hours

Hands on Security

What is Hands on Security?

PKI: Implement and Manage

21 hours

Overview

This Public Key Infrastructure – Implement and Manage course helps any individual to gain knowledge in managing robust PKI and having better understanding of topics surrounding public key infrastructure. Moreover, the PKI course is a preparation for the increasingly critical component – which ensures confidentiality, integrity, and authentication in an enterprise. Our PKI course provides the knowledge and skills necessary to select, design and deploy PKI, to secure existing and future applications within your organization. It also gives a deeper look into the foundations of cryptography and the working principles of the algorithms being used.

Throughout the whole course, participants will gain in-depth knowledge on the following topics:

Legal aspects of a PKI
Elements of a PKI
PKI management
Trust in a digital world
Digital signature implementation
Trust models

After completing the PKI course, each individual will be able to successfully design, setup, deploy, and manage a public key infrastructure (PKI).

This is a 3-day course is considered essential for anyone who needs to understand Public Key Infrastructure (PKI) and the issues surrounding its implementation. It covers the issues and technologies involved in PKI in-depth and gives hands-on practical experience of setting up and maintaining a variety of PKI solutions. Detailed knowledge of issues surrounding PKI helps to put recent attacks which have appeared in the news headlines into context and enable valid decisions to be made about their relevance to your organisation.

Objectives

To introduce the student to the theoretical aspects of the foundations and benefits of Public Key Infrastructure (PKI), including different types of encryption, digital signatures, digital certificates and Certificate Authorities.

To give students hands on experience of implementing and using PKI solutions with a variety of applications.

To give students an understanding of the concepts of evaluating and selecting PKI technologies

Audience

Anyone involved in Public Key Infrastructure | PKI decision-making, implementing and securing e-commerce and other Internet applications, including CIOs, Chief Security Officers, MIS Directors, Security Managers and Internal Auditors.

CHFI - Certified Digital Forensics Examiner

35 hours

WEBAP - Web Application Security

28 hours

Security Analyst

35 hours

Ethical Hacking and Countermeasures

35 hours

Windows Server

What is Windows Server?

Securing Windows Using PowerShell Automation

42 hours

Corporate Leadership

What is Corporate Leadership?

Secrets of Boardroom Leadership

7 hours

CCSK

What is CCSK?

Certificate of Cloud Security Knowledge

14 hours

Cloud Computing Security Knowledge (CCSK) Preparation Course

21 hours

Certificate of Cloud Security Knowledge (CCSK) Foundation (CSA authorized)

14 hours

Certificate of Cloud Security Knowledge (CCSK) Plus (CSA authorized)

21 hours

CRISC

What is CRISC?

CRISC - Certified in Risk and Information Systems Control

21 hours

Cyber Warfare

What is Cyber Warfare?

Fundamentals of Corporate Cyber Warfare

14 hours

IBM QRadar

What is IBM QRadar?

IBM Qradar SIEM: Beginner to Advanced

14 hours

Open Source Intelligence (OSINT)

What is Open Source Intelligence (OSINT)?

Open Source Cyber Intelligence - Introduction

7 hours

Open Source Intelligence (OSINT) Advanced

21 hours

Cyber Security Courses Testimonials

Total Feedbacks 50

I liked the in-depth knowledge about the subject of the trainer, good explanation, highlighting important things!.

Andreas Rhein

Certified Information System Security Professional (CISSP) CBK Review

I really liked the Crypto part

Carlos Ibarra

Avanzado Java, JEE y Seguridad de Aplicaciones Web

I genuinely enjoyed the real examples of the trainer.

Joana Gomes

Compliance and the Management of Compliance Risk

I genuinely was benefit from the communication skills of the trainer.

Flavio Guerrieri

CISM - Certified Information Security Manager

I liked the trainer was passionate about the subject and very convincing too.

Diana Vladulescu

Secure Web Application Development and Testing

Really liked the trainer's deep knowledge, real examples, the fact that he is also a practitioner.

18 Wojskowy Oddział Gospodarczy

CRISC - Certified in Risk and Information Systems Control

I mostly liked the knowledge,.

18 Wojskowy Oddział Gospodarczy

CRISC - Certified in Risk and Information Systems Control

I mostly was benefit from the hands-on examples.

Trading Point of Financial Instruments (XM

Secure coding in PHP

The subject of the course was very interesting and gave us many ideas.

Anastasios Manios

Secure coding in PHP

I generally enjoyed the interaction.

Andreas Hadjidemetris

Secure coding in PHP

Most of the known subjects related with secure coding covered and explained well Nice presentations Easy to watch, not boring.

Trading Point of Financial Instruments (XM

Secure coding in PHP

The way and its approach on each different section.

Trading Point of Financial Instruments (XM

Secure coding in PHP

The trainer has very good communication skills and can easily get & hold audience's attention. He can explain the matter in a very easy and detailed way so that each person can understand it.

Trading Point of Financial Instruments (XM

Secure coding in PHP

All topics were well covered and presented with a lot of examples. Ahmed was very efficient and managed to keep us focused and attracted at all times.

Kostas Bastas

Secure coding in PHP

Everything! I didn't have any experience with Secure Coding and the whole training was interesting and helpful.

Trading Point of Financial Instruments (XM

Secure coding in PHP

I genuinely enjoyed the real life examples.

Marios Prokopiou

Secure coding in PHP

I loved the delivery from the trainer's side. Very enthusiastic and made the training really pleasant and interesting. Also, very clear about the content he was delivering.

Trading Point of Financial Instruments (XM

Secure coding in PHP

I genuinely liked the real world scenarios.

Michail Alvanos

Java and Web Application Security

I genuinely liked the organization.

Panagiotis Foutros

Java and Web Application Security

Very good knowledge and character.

Constantinos Michael

Java and Web Application Security

I was benefit from the exercises (SQL injection, XSS, CRSF. .).

David Lemoine - Statistical Solutions

.NET, C# and ASP.NET Security Development

I liked the blend of theory/fundamentals/principles and activity/interactive-web-apps. Excellent mix.

Statistical Solutions

.NET, C# and ASP.NET Security Development

Good pacing, by switching between lectures and activities the trainer was able to hold my attention, good variety of topics covered, trainer was very knowledgeable and able to adapt the subject matter to what was required.