Hands on Security Training Courses

Hands on Security Training

Hands on Security courses

Hands on Security Course Outlines

Code Name Duration Overview
seccode How to Write Secure Code 35 hours After the major attacks against national infrastructures, Security Professionals found that the majority of the vulnerabilities that caused the attacks came from poor and vulnerable code that the developers write.  Developers now need to master the techniques of how to write Secure Code, because we are in a situation where anyone can use availble tools to write a script that can effectivly disable a large organization's systems because the developers have written poor code. This Course aims to help in the following: Help Developers to master the techniques of writing Secure Code Help Software Testers to test the security of the application before publishing to the production environment Help Software Architects to understand the risks surrounding the applications Help Team Leaders to set the security base lines for the developers Help Web Masters to configure the Servers to avoid miss-configurations In this course you will also see details of the latest cyber attacks that have been used and the countermeasures used to stop and prevent these attacks. You will see for yourself how developers mistakes led to catastrophic attacks, and by participatig in the labs during the course you will be able to put into practise the security controls and gain the experience and knowledge to produce secure coding. Who should Attend this Course?  This Secure Code Training is ideal for those working in positions such as, but not limited to: Web Developers Mobile Developers Java Developers Dot Net Developers Software Architects Software Tester Security Professionals Web Masters Module1 Introduction to Secure Coding Module2 Web, Windows and Mobile Application bases Module3 Applications Attacks and Exploits, XSS, SQL injection Module4 Servers Attacks and Exploits, DOS, BOF Module5 Validation And Verification Module6 Security Controls and Countermeasures Module7 Mobile Application Secure Coding Module8 Security Standards and Testing
devopssecurity DevOps Security: Creating a DevOps security strategy 7 hours DevOps is a software development approach that aligns application development with IT operations. Some of the tools that have emerged to support DevOps include: automation tools, containerization and orchestration platforms. Security has not kept up with these developments. In this course, participants will learn how to formulate the proper security strategy to face the DevOps security challenge. Audience     Devops engineers     Security engineers Format of the course     Part lecture, part discussion, some hands-on practice Introduction     How DevOps creates more security risk for organizations         The price of agility, speed and de-centralized control Inadequacies of traditional security tools     Security policies     Firewall rules     Lack of APIs for integration     Lack of visualization tools Implementing a DevOps-ready security program Aligning security with business goals Removing the security bottleneck Implementing detailed visibility Standardizing security configurations Adding sensors into the application     Interactive Application Security Testing     Runtime Application Self-Protection Providing security data to DevOps tools through RESTful APIs On-demand scaling, micro-perimeterization of security controls Per-resource granular security policies Automating attacks against pre-production code Continually testing the production environment Protecting web applications from an Agile/DevOps perspective Securing containers and clouds Embracing next generation automated security tools The future of DevOps and its strategic role in security Closing remarks
embeddedsecurity Embedded systems security 21 hours This training introduces the system architectures, operating systems, networking, storage, and cryptographic issues that should be considered when designing secure embedded systems. By the end of this course, participants will have a solid understanding of security principles, concerns, and technologies. More importantly, participants will be equipped with the techniques needed for developing safe and secure embedded software. Audience     Embedded systems professionals     Security professionals Format of the course     Part lecture, part discussion, hands-on practice Introduction     Security vs embedded systems security Characteristics of embedded application security     Embedded network transactions     Automotive security     Android devices     Next-generation software-defined radio Critical aspects of an embedded system     Microkernel vs monolith     Independent security levels     Core security requirements     Access control     I/O virtualization Performing threat modeling and assessment       Attackers and assets     Attack surface     Attack trees     Establishsing a security policy Developing secure embedded software     Secure coding principles     Secure program design     Minimal Implementation     Component architecture     Least privilege     Secure development process     Independent expert validation     Model-driven design     Code review and static analysis     Security testing     Peer code reviews Understanding and implementing cryptography     Cryptographic modes     Cryptographic hashes     Cryptographic certifications     Managing keys     Block ciphers     Message Authentication Codes     Random Number Generation Data protection     Data-in-motion protocols     Securing data in motion     Data-at-rest protocols     Securing data at rest Mitigating attacks     Common software attacks     Preventing side-channel attacks Retrofitting security in existing projects     Securing bootloaders and firmware updates Closing remarks
iast Interactive Application Security Testing (IAST) 14 hours Interactive Application Security Testing (IAST) is a form of application security testing that combines Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) or Runtime Application Self-protection (RASP) techniques. IAST is able to report the specific lines of code responsible for a security exploit and replay the behaviors leading to and following such an exploit. In this instructor-led, live training, participants will learn how to secure an application by instrumenting runtime agents and attack inducers to simulate application behavior during an attack.   By the end of this training, participants will be able to: Simulate attacks against applications and validate their detection and protection capabilities Use RASP and DAST to gain code-level visibility into the data path taken by an application under different runtime scenarios Quickly and accurately fix the application code responsible for detected vulnerabilities Prioritize the vulnerability findings from dynamic scans Use RASP real-time alerts to protect applications in production against attacks. Reduce application vulnerability risks while maintaining production schedule targets Devise an integrated strategy for overall vulnerability detection and protection Audience DevOps engineers Security engineers Developers Format of the course Part lecture, part discussion, exercises and heavy hands-on practice To request a customized course outline for this training, please contact us.
shiro Apache Shiro: Securing your Java application 7 hours Apache Shiro is a powerful Java security framework that performs authentication, authorization, cryptography, and session management. In this instructor-led, live training, participants will learn how to secure a web application with Apache Shiro. By the end of this training, participants will be able to: Use Shiro's API to secure various types of applications, including mobile, web and enterprise Enable logins from various data sources, including LDAP, JDBC, Active Directory, etc. Audience Developers Security engineers Format of the course Part lecture, part discussion, exercises and heavy hands-on practice Introduction Overview of Shiro features Project setup and configuration Overview of the Security Manager Securing an application with Shiro Authentication Authorization Realm configuration Logging out Session management Using Shiro with Spring Integrating with Java EE Securing a mobile application Troubleshooting Deploying and monitoring your application Closing remarks
secana Security Analyst 35 hours   Target Audience would be - Network server administrators, firewall administrators, information security analysts, system administrators, and risk assessment professionals  Core modules: 1. Need for Security Analysis 2. TCP IP Packet Analysis 3. Penetration Testing Methodologies 4. Customers and legal Agreements 5. Rules of Engagement 6. Penetration Testing Planning and Scheduling 7. Pre- Penetration Testing Steps 8. Information gathering 9. Vulnerability Analysis 10. External penetration Testing 11. Internal Network Pen Testing 12. Firewall Penetration Testing 13. IDS Penetration Testing 14. Password Cracking Penetration Testing 15. Social Engineering Penetration testing 16. Web Application Penetration Testing 17. SQL Penetration Testing 18. Penetration Testing Reports and Post Testing Actions Additional Modules: 1. Router and Switches Penetration Testing 2. Wireless Network Penetration Testing 3. Denial-of-Service Penetration Testing 4. Stolen Laptop, PDAs and Cell Phones Penetration Testing 5. Source Code Penetration Testing 6. Physical Security Penetration Testing 7. Surveillance Camera Penetration Testing 8. Database Penetration Testing 9. VoIP Penetration Testing 10. VPN Penetration Testing 11. Cloud Penetration Testing 12. Virtual Machine Penetration Testing 13. War Dialling 14. Virus and Trojan Detection 15. Log Management Penetration Testing 16. File Integrity Checking 17. Mobile Devices Penetration Testing 18. Telecommunication and Broadband Communication Penetration Testing 19. Email Security Penetration Testing 20. Security Patches Penetration Testing 21. Data Leakage Penetration Testing 22. SAP Penetration Testing 23. Standards and Compliance 24. Information System Security Principles 25. Information System Incident and Response 26. Information System Auditing and Certification
ehcm Ethical Hacking and Countermeasures 35 hours Description: This class will immerse the students into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Students will begin by understanding how perimeter defences work and then be lead into scanning and attacking their own networks, no real network is harmed. Students then learn how Intruders escalate privileges and what steps can be taken to secure a system. Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation. Target Audience: This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure. Module 1: Introduction to Ethical Hacking Module 2: Footprinting and Reconnaissance Module 3: Scanning Networks Module 4: Enumeration Module 5: System Hacking Module 6: Trojans and Backdoors Module 7: Viruses and Worms Module 8: Sniffers Module 9: Social Engineering Module 10: Denial of Service Module 11: Session Hijacking Module 12: Hacking Webservers Module 13: Hacking Web applications Module 14: SQL Injection Module 15: Hacking Wireless Networks Module 16: Hacking Mobile Platforms Module 17: Evading IDS, Firewalls and Honeypots Module 18: Buffer Overflow Module 19: Cryptography Module 20: Penetration Testing
netsecadm Network Security Administrator 35 hours Audience: System Administrators and Network Administrators as well as anyone who is interested in defensive network security technologies.   Module 1: Introduction to Network Security Network topology; Network Types and the OSI Model Module 2: Network Protocols Network Protocols: SLIP; PPP; ARP; RARP; IGMP; ICMP; SNMP, HTTP IP: Attacks and Countermeasures TCP, UDP: Attacks and Countermeasures FTP, TFTP, TELNET, SMTP: Vulnerabilities Module 3: Security Policy What is Security Policy? What Defines a good security policy Security Policy Structure Developing and Implementing security policies Requirements of Effective Security Policy Module 4: Physical Security Physical Security Threats Locks and Keys TEMPEST Fire Safety: Fire Suppression, Gaseous Emission Systems Laptop Security: Physical Security Countermeasures Biometric Devices PC Security: Boot Access Module 5: Network Attacks Current Statistics Defining Terms: Threats, Attack and Exploit Classification of Hackers and Attacks Spoofing; Spamming; Eaves Dropping; Phishing; War Dialing; Password Cracking Web Page Defacement; SQL Injection; Wire Tapping; Buffer Overflow War Driving; War Chalking; War Flying Denial of Service (DOS) Attacks and Distributed DOS Module 6: Intrusion Detection System Characteristics of IDS Host based IDS Vs Network based IDS IDS Detection Methods; Types of Signatures Intrusion Prevention System IDS Vs IPS IPS Tool Module 7: Firewalls Handling threats and security tasks Protection against hacking Centralization and Documentation Multi-layer firewall protection Packet filtering and Stateful Packet Filtering Multi firewall DMZ Specialty firewalls and Reverse firewalls Module8: Packet Filtering and Proxy Servers Network Address Translation Application layer gateway and Proxying Virtual Private Network and the Authentication process Module 9: Bastion Host and Honeypots Bastion Host Honeypots and Honeynet Module 10: Hardening Routers Internet work Operating Systems (IOS) Troubleshooting a router Hardening a Router Components of router security Router security: testing tools Module 11: Hardening Operating Systems Security Windows Security Objects And Permissions NTFS File System Permissions Active Directory Kerberos Authentication And Security IP Security Linux Module 12: Patch Management Red Hat Up2date Patch Management Utility Installation Steps Microsoft Patch Management Process and Windows Update Services Patch Management Tools: Qchain Patch Management Tool: Microsoft Baseline Security Analyzer Other Patch Management Tools Module 13: Application Security Securing Web Applications IPSec And SSL Security Writing Secure Code; Best Practices Remote Administration Security Module 14: Web Security Network Devices and Design Altering the Network Addresses Client Authorization and Secure Client Transmissions Portable Applications Malicious Code Detection Browser Security Settings Common Gateway Interface (CGI) Web Application Input Data Validation and Buffer Overflows Module 15: E-Mail Security Components Of An Email E-mail protocols E-Mail Security Risks How to defend against E-Mail security risks Module 16: Encryption Firewalls Implementing Encryption Maintaining confidentiality Digital certificates Public and Private Keys (including PGP) Choosing the size of keys Analyzing popular encryption schemes including IPSEC Module 17: Virtual Private Networks VPN Tunneling Protocols PPTP and L2TP VPN Security Module 18: WLAN Wireless Network Types Antenna WLAN Standards BlueTooth And Ultra Wideband WEP Description Tool (Air Snort and WEPCrack) WLAN Security;WPA; TKIP; WTLS EAP Methods Advanced Encryption Standards (AES); DES; RSA Encryption RADIUS; Multifactor Authentication Mobile Security Through Certificates Certificate Management Through PKI Module 19: Creating Fault Tolerance Network Security: Fault Tolerance Why Create Fault Tolerance Planning For Fault Tolerance Reasons For System Failure Preventive Measures Module 20: Incident Response What Is an Incident Step by Step Procedure Managing Incidents What Is an Incident Response Six Step Approach for Incident Handling (PICERF Methodology) Incident Response Team Module 21: Disaster Recovery and Planning What is a Disaster Recovery Disaster Recovery Planning Business Continuity Planning Process Disaster Prevention Module 22: Network Vulnerability Assessment Vulnerability Assessment Goals of vulnerability assessment Network vulnerability Assessment methodology: Selecting vulnerability assessment tools

Upco...Upcoming Courses

CourseCourse DateCourse Price [Remote / Classroom]
How to Write Secure Code - DubaiSun, 2018-01-21 09:308000USD / 10850USD

Other regions

Weekend Hands on Security courses, Evening Hands on Security training, Hands on Security boot camp, Hands on Security instructor-led , Hands on Security private courses, Evening Hands on Security courses, Hands on Security classes, Hands on Security trainer , Hands on Security on-site, Hands on Security one on one training ,Weekend Hands on Security training, Hands on Security coaching, Hands on Security training courses

Course Discounts

Course Discounts Newsletter

We respect the privacy of your email address. We will not pass on or sell your address to others.
You can always change your preferences or unsubscribe completely.

Some of our clients