| cissprev | Certified Information System Security Professional (CISSP) CBK Review | 35 hours | A CISSP is an information assurance professional who defines the architecture, design, management and/or controls that assure the security of business environments. The vast breadth of knowledge and the experience it takes to pass the exam is what sets a CISSP apart. The credential demonstrates a globally recognized level of competence provided by the (ISC)2® CBK®, which covers critical topics in security today, including cloud computing, mobile security, application development security, risk management and more.
This course helps you review the 10 domains of the information security practices. It also serves as a strong learning tool for mastering concepts and topics related to all aspects of information systems security.
Objectives:
- To review of the main topics of CISSP CBK (Common Body of Knowledge).
- To prepare for a CISSP examination
|
| cisa | CISA - Certified Information Systems Auditor | 28 hours | Description:
CISA® is the world-renowned and most popular certification for professionals working in the field of IS audit and IT risk consulting.
Our CISA course is an intense, very competitive and exam focused training course. With experience of delivering more than 150+ CISA trainings in Europe and around the world and training more than 1200+ CISA delegates, the Net Security CISA training material has been developed in house with the top priority of ensuring CISA delegates pass the ISACA CISA® Exam. The training methodology focuses on understanding the CISA IS auditing concepts and practicing large number of ISACA released question banks from the last three years. Over a period, CISA holders have been in huge demand with renowned accountings firms, global banks, advisory, assurance, and internal audit departments.
Delegates may have years of experience in IT auditing but perspective towards solving CISA questionnaires will solely depend on their understanding to globally accepted IT assurance practices. CISA exam is very challenging because the possibility of a very tight clash between two possible answers exists and that is where ISACA tests you on your understanding in global IT auditing practices. To address these exam challenges, we always provide the best trainers who have extensive experience in delivering CISA training around the world.
The Net Security CISA manual covers all exam-relevant concepts, case studies, Q&A's across CISA five domains. Further, the Trainer shares the key CISA supporting material like relevant CISA notes, question banks, CISA glossary, videos, revision documents, exam tips, and CISA mind maps during the course.
Goal:
The ultimate goal is to pass your CISA examination first time.
Objectives:
- Use the knowledge gained in a practical manner beneficial to your organisation
- Provide audit services in accordance with IT audit standards
- Provide assurance on leadership and organizational structure and processes
- Provide assurance on acquisition/ development, testing and implementation of IT assets
- Provide assurance on IT operations including service operations and third party
- Provide assurance on organization’s security policies, standards, procedures, and controls to ensure confidentiality, integrity, and availability of information assets.
Target Audience:
Finance/CPA professionals, I.T. professionals, Internal & External auditors, Information security, and risk consulting professionals.
|
| cyberwarfare | Fundamentals of corporate cyberwarfare | 14 hours | Audience
- Cyber security specialists
- System administrators
- Cyber security managers
- Cyber security auditors
- CIOs
Format of the course
- Heavy emphasis on hands-on practice. Most of the concepts are learned through samples, exercises and hands-on development.
|
| cgeit | CGEIT – Certified in the Governance of Enterprise IT | 28 hours | Description:
This four day event (CGEIT training) is the ultimate preparation for exam time and is designed to ensure that you pass the challenging CGEIT exam on your first attempt.
The CGEIT qualification is an internationally recognised symbol of excellence in IT governance awarded by ISACA. It is designed for professionals responsible for managing IT governance or with significant advisory or assurance responsibility for IT governance.
Achieving CGEIT status will provide you with wider recognition in the marketplace, as well as increased influence at executive level.
Objectives:
This seminar has been designed to prepare Delegates for the CGEIT examination by enabling them to supplement their existing knowledge and understanding so as to be better prepared to pass the exam, as defined by ISACA.
Target Audience:
Our training course is for IT and business professionals, with significant IT governance experience who are undertaking the CGEIT exam.
|
| grmcfun | Governance, Risk Management & Compliance (GRC) Fundamentals | 21 hours | Course goal:
To ensure that an individual has the core understanding of GRC processes and capabilities, and the skills to integrate governance, performance management, risk management, internal control, and compliance activities.
Overview:
- GRC Basic terms and definitions
- Principles of GRC
- Core components, practices and activities
- Relationship of GRC to other disciplines
|
| owasp | Web Security with the OWASP Testing Framework | 28 hours | The Open Web Application Security Project is an online community which creates freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security.
OWASP offers testing frameworks and tools for identifying vulnerabilities in web applications and services
Audience
This course is directed at Developers, Engineers and Architects seeking to secure their web apps and services
|
| cl-osc | The Secure Coding Landscape | 14 hours | The course introduces some common security concepts, gives an overview about the nature of the vulnerabilities regardless of the used programming languages and platforms, and explains how to handle the risks that apply regarding software security in the various phases of the software development lifecycle. Without going deeply into technical details, it highlights some of the most interesting and most aching vulnerabilities in various software development technologies, and presents the challenges of security testing, along with some techniques and tools that one can apply to find any existing problems in their code.
Participants attending this course will
- Understand basic concepts of security, IT security and secure coding
- Understand Web vulnerabilities both on server and client side
- Realize the severe consequences of unsecure buffer handling
- Be informated about some recent vulnerabilities in development environments and frameworks
- Learn about typical coding mistakes and how to avoid them
- Understand security testing approaches and methodologies
Audience
Managers
|
| GDPR1 | GDPR Workshop | 7 hours | This one-day course is for people looking for a brief outline of the GDPR – General Data Protection Regulations coming out May 25, 2018. This is ideal for managers, department heads, and employees who need to understand the basics of the GDPR.
|
| GDRPAd | GDPR Advanced | 21 hours | This is more in-depth and would be for those working a great deal with the GDPR and who may be appointed to the GDPR team. This would be ideal for IT, human resources and marketing employees and they will deal extensively with the GDPR.
|
| cl-jwe | Advanced Java, JEE and Web Application Security | 28 hours | Beyond a solid knowledge in using Java components, even for experienced Java programmers it is essential to have a deep knowledge in web-related vulnerabilities both on server and client side, the different vulnerabilities that are relevant for web applications written in Java, and the consequences of the various risks.
General web-based vulnerabilities are demonstrated through presenting the relevant attacks, while the recommended coding techniques and mitigation methods are explained in the context of Java with the most important aim to avoid the associated problems. In addition, a special focus is given to client-side security tackling security issues of JavaScript, Ajax and HTML5.
The course introduces security components of Standard Java Edition, which is preceded with the foundations of cryptography, providing a common baseline for understanding the purpose and the operation of the applicable components. Security issues of Java Enterprise Edition are presented through various exercises explaining both declarative and programmatic security techniques in JEE.
Finally, the course explains the most frequent and severe programming flaws of the Java language and platform. Besides the typical bugs committed by Java programmers, the introduced security vulnerabilities cover both language-specific issues and problems stemming from the runtime environment. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques.
Participants attending this course will
- Understand basic concepts of security, IT security and secure coding
- Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
- Learn client-side vulnerabilities and secure coding practices
- Learn to use various security features of the Java development environment
- Have a practical understanding of cryptography
- Understand security concepts of Web services
- Understand security solutions of Java EE
- Learn about typical coding mistakes and how to avoid them
- Get information about some recent vulnerabilities in the Java framework
- Get practical knowledge in using security testing tools
- Get sources and further readings on secure coding practices
Audience
Developers
|
| ethhack | Ethical Hacker | 35 hours | This class will immerse the students into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Students will begin by understanding how perimeter defenses work and then be lead into scanning and attacking their own networks, no real network is harmed. Students then learn how intruders escalate privileges and what steps can be taken to secure a system. Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation. When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.
The purpose of the Ethical Hacking Training is to:
- Establish and govern minimum standards for credentialing professional information security specialists in ethical hacking measures.
- Inform the public that credentialed individuals meet or exceed the minimum standards.
- Reinforce ethical hacking as a unique and self-regulating profession.
Audience:
The Course is ideal for those working in positions such as, but not limited to:
- Security Engineers
- Security Consultants
- Security Managers
- IT Director/Managers
- Security Auditors
- IT Systems Administrators
- IT Network Administrators
- Network Architects
- Developers
|
| cas | CAS: Setting Up a Single-Sign-On Authentication Server | 7 hours | CAS, or Central Authentication Service, is an open-source, enterprise-level, single-sign-on protocol for the web. CAS gives users access to multiple applications using a single sign-on and allows web applications to authenticate users without giving them access to user passwords. CAS has a Java server component and various client libraries written in PHP, PL/SQL, Java, and more.
In this course, we discuss CAS's architecture and features and practice installing and configuring a CAS server. By the end of the course, participants will have an understanding of CAS's implementation of SSO (Single-Sign-On Authentication) as well as the necessary practice to deploy and manage their own authentication server.
Audience
Format of the course
- Part lecture, part discussion, heavy hands-on practice
|
| seccode | How to Write Secure Code | 35 hours | After the major attacks against national infrastructures, Security Professionals found that the majority of the vulnerabilities that caused the attacks came from poor and vulnerable code that the developers write.
Developers now need to master the techniques of how to write Secure Code, because we are in a situation where anyone can use availble tools to write a script that can effectivly disable a large organization's systems because the developers have written poor code.
This Course aims to help in the following:
- Help Developers to master the techniques of writing Secure Code
- Help Software Testers to test the security of the application before publishing to the production environment
- Help Software Architects to understand the risks surrounding the applications
- Help Team Leaders to set the security base lines for the developers
- Help Web Masters to configure the Servers to avoid miss-configurations
In this course you will also see details of the latest cyber attacks that have been used and the countermeasures used to stop and prevent these attacks.
You will see for yourself how developers mistakes led to catastrophic attacks, and by participatig in the labs during the course you will be able to put into practise the security controls and gain the experience and knowledge to produce secure coding.
Who should Attend this Course?
This Secure Code Training is ideal for those working in positions such as, but not limited to:
- Web Developers
- Mobile Developers
- Java Developers
- Dot Net Developers
- Software Architects
- Software Tester
- Security Professionals
- Web Masters
|
| secana | Security Analyst | 35 hours |
Target Audience would be - Network server administrators, firewall administrators, information security analysts, system administrators, and risk assessment professionals
|
| devopssecurity | DevOps Security: Creating a DevOps security strategy | 7 hours | DevOps is a software development approach that aligns application development with IT operations. Some of the tools that have emerged to support DevOps include: automation tools, containerization and orchestration platforms. Security has not kept up with these developments.
In this course, participants will learn how to formulate the proper security strategy to face the DevOps security challenge.
Audience
Devops engineers
Security engineers
Format of the course
Part lecture, part discussion, some hands-on practice
|
| embeddedsecurity | Embedded systems security | 21 hours | This training introduces the system architectures, operating systems, networking, storage, and cryptographic issues that should be considered when designing secure embedded systems.
By the end of this course, participants will have a solid understanding of security principles, concerns, and technologies. More importantly, participants will be equipped with the techniques needed for developing safe and secure embedded software.
Audience
Embedded systems professionals
Security professionals
Format of the course
Part lecture, part discussion, hands-on practice
|
| iast | Interactive Application Security Testing (IAST) | 14 hours | Interactive Application Security Testing (IAST) is a form of application security testing that combines Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) or Runtime Application Self-protection (RASP) techniques. IAST is able to report the specific lines of code responsible for a security exploit and replay the behaviors leading to and following such an exploit.
In this instructor-led, live training, participants will learn how to secure an application by instrumenting runtime agents and attack inducers to simulate application behavior during an attack.
By the end of this training, participants will be able to:
- Simulate attacks against applications and validate their detection and protection capabilities
- Use RASP and DAST to gain code-level visibility into the data path taken by an application under different runtime scenarios
- Quickly and accurately fix the application code responsible for detected vulnerabilities
- Prioritize the vulnerability findings from dynamic scans
- Use RASP real-time alerts to protect applications in production against attacks.
- Reduce application vulnerability risks while maintaining production schedule targets
- Devise an integrated strategy for overall vulnerability detection and protection
Audience
- DevOps engineers
- Security engineers
- Developers
Format of the course
- Part lecture, part discussion, exercises and heavy hands-on practice
|
| shadowsocks | Shadowsocks: Set up a proxy server | 7 hours | Shadowsocks is an open-source, secure socks5 proxy.
In this instructor-led, live training, participants will learn how to secure an internet connection through a Shadowsocks proxy.
By the end of this training, participants will be able to:
- Install and configure Shadowsocks on any of a number of supported platforms, including Windows, Linux, Mac, Android, iOS, and OpenWRT.
- Deploy Shadosocks with package manager systems, such as pip, aur, freshports and others.
- Run Shadowsocks on mobile devices and wireless networks.
- Understand how Shadowsocks encrypts messages and ensures integrity and authenticity.
- Optimize a Shadowsocks server
Audience
- Network engineers
- System Administrators
- Computer technicians
Format of the course
- Part lecture, part discussion, exercises and heavy hands-on practice
|
| shiro | Apache Shiro: Securing your Java application | 7 hours | Apache Shiro is a powerful Java security framework that performs authentication, authorization, cryptography, and session management.
In this instructor-led, live training, participants will learn how to secure a web application with Apache Shiro.
By the end of this training, participants will be able to:
- Use Shiro's API to secure various types of applications, including mobile, web and enterprise
- Enable logins from various data sources, including LDAP, JDBC, Active Directory, etc.
Audience
- Developers
- Security engineers
Format of the course
- Part lecture, part discussion, exercises and heavy hands-on practice
|
| indy | Blockchain: Hyperledger Indy for Identity Management | 14 hours | Indy is a Hyperledger project for creating decentralized identity systems. It includes tools, libraries and reusable components for creating digital identities rooted in blockchains or other distributed ledgers.
In this instructor-led, live training, participants will learn how to create an Indy-based decentralized identity system.
By the end of this training, participants will be able to:
- Create and manage decentralized, self-sovereign identities using distributed ledgers.
- Enable interoperability of digital identities across domains, applications, and silos.
- Understand key concepts such as user-controlled exchange, revocation, Decentralized Identifiers (DIDs), off-ledger agents, data minimization, etc.
- Use Indy to enable identity owners to independently control their personal data and relationships.
Audience
Format of the course
- Part lecture, part discussion, exercises and heavy hands-on practice
|
| ehcm | Ethical Hacking and Countermeasures | 35 hours | Description:
This class will immerse the students into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Students will begin by understanding how perimeter defences work and then be lead into scanning and attacking their own networks, no real network is harmed. Students then learn how Intruders escalate privileges and what steps can be taken to secure a system. Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation.
Target Audience:
This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure.
|
| nbiotfordev | NB-IoT for Developers | 7 hours | Most of today's IoT connections are industrial. Industrial IoT (IIoT) connections require Low Power Wide Area (LPWA) technologies to provide connectivity, coverage and subscription capabilities for low bandwidth applications. Although these requirements could be served by existing cellular networks, such networks may not be ideal. NB-IoT (Narrow Band IoT) technology offers a promising solution.
NB-IoT (also known as LTE Cat NB1) allows IoT devices to operate over carrier networks such as GSM and “guard bands” between LTE channels. NB-IoT needs only 200kHz of bandwidth and can efficiently connect large numbers of endpoint devices (up to 50,000 per NB-IoT network cell). Its low power requirements makes it ideal for use in small, uncomplicated IoT gadgets such as smart parking, utilities and wearables.
In this instructor-led, live training, participants will learn about the various aspects of NB-IoT as they develop and deploy a sample NB-IoT based application.
By the end of this training, participants will be able to:
- Identify the different components of NB-IoT and how to fit together to form an ecosystem
- Understand and explain the security features built into NB-IoT devices
- Develop a simple application to track NB-IoT devices
Audience
- Developers
- Technical Managers
Format of the course
- Part lecture, part discussion, exercises and heavy hands-on practice
|
| netnorad | NetNORAD | 7 hours | NetNORAD is a system built by Facebook to troubleshoot network problems via end-to-end probing, independent of device polling.
In this instructor-led, live training, participants will learn how NetNORAD and active path testing can help them improve their network troubleshooting methods.
By the end of this training, participants will be able to:
- Understand how NetNORAD works
- Learn the design principles behind NetNORAD
- Use open-source NetNORAD tools with their own code to implement a fault detection system
Audience
- Network engineers
- Developers
- System engineers
Format of the course
- Part lecture, part discussion, exercises and heavy hands-on practice
|
| NPen | Network Penetration Testing | 35 hours | This class will help the attendees to scan, test, hack and secure their own systems. To gain an in-depth knowledge and practical experience with the current essential security systems. The attendees will get to know how perimeter defences work and then be led into scanning and attacking their own networks, no real network is harmed. The attendees then will learn how intruders escalate privileges and what steps can be taken to secure a system, Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation.
|
| iotsecurity | IoT Security Architecture | 14 hours | Internet of Things (IoT) is a network infrastructure that connects physical objects and software applications wirelessly, allowing them to communicate with each other and exchange data via network communications, cloud computing, and data capture. One of the major hurdles in deployment of IoT solutions is security. Since IoT technologies involves a broad range of devices, designing IoT security is critical to a successful IoT deployment.
In this instructor-led, live training, participants will understand IoT architectures and learn the different IoT security solutions applicable to their organization.
By the end of this training, participants will be able to:
- Understand IoT architectures
- Understand emerging IoT security threats and solutions
- Implement technologies for IoT security in their organization
Audience
- IT Professionals
- Developers
- Engineers
- Managers
Format of the course
- Part lecture, part discussion, exercises and heavy hands-on practice
Note
- To request a customized training for this course, please contact us to arrange
|
| hipaafordev | HIPAA Compliance for Developers | 7 hours | HIPAA (Health Insurance Portability and Accountability Act of 1996) is a legislation in the United States that provides provisions for data privacy and security for handling and storing medical information. These guidelines are a good standard to follow in developing health applications, regardless of territory. HIPAA compliant applications are recognized and more trusted globally.
In this instructor-led, live training (remote), participants will learn the fundamentals of HIPAA as they step through a series of hands-on live-lab exercises.
By the end of this training, participants will be able to:
- Understand the basics of HIPAA
- Develop health applications that are compliant with HIPAA
- Use developer tools for HIPAA compliance
Audience
- Developers
- Product Managers
- Data Privacy Officers
Format of the Course
- Part lecture, part discussion, exercises and heavy hands-on practice.
Note
- To request a customized training for this course, please contact us to arrange.
|
| beyondcorp | BeyondCorp: Implementing Zero Trust Security | 14 hours | BeyondCorp is an open source Zero Trust security framework that allows employees to work securely from any location without the need for a traditional VPN.
In this instructor-led, live training, participants will learn hands-on how to set up a Zero Security system as they set up and deploy BeyondCorop in a live-lab environment.
By the end of this training, participants will be able to:
- Assess their organization's existing security model.
- Shift access controls from the perimeter to individual devices and users.
- Deploy applications using a user and device-centric authentication and authorization workflow.
- Understand, plan and implement a Zero Trust network within their organization.
Audience
- Network engineers
- Cyber security professionals
- System architects
- IT managers
Format of the Course
- Part lecture, part discussion, exercises and heavy hands-on practice
Note
- To request a customized training for this course, please contact us to arrange.
|
| computerroom | Computer Room Security and Maintenance | 14 hours | Network security begins at the physical level. In this instructor-led, live training, participants will learn the security risks related to computer server rooms and how to tighten security through smart practices, planning and technology implementation.
By the end of this training, participants will be able to:
- Assess their organization's security risk, as it relates to computer server rooms
- Set up control and monitoring systems to restrict physical access to infrastructure
- Design access policies for different members
- Effectively communicate security policies with team members
Audience
- Security professionals
- Network and hardware engineers
- Technicians
- Facilities managers
- System Administrators
Format of the Course
- Part lecture, part discussion, exercises and hands-on practice.
Note
- To request a customized training for this course, please contact us to arrange.
|
.jpg)
.jpg)
.jpg)
.png)
.png)
