Internet Security Training Courses

Internet Security Training

Internet Security Courses

Subcategories

Internet Security Course Outlines

Code Name Duration Overview
devopssecurity DevOps Security: Creating a DevOps security strategy 7 hours DevOps is a software development approach that aligns application development with IT operations. Some of the tools that have emerged to support DevOps include: automation tools, containerization and orchestration platforms. Security has not kept up with these developments. In this course, participants will learn how to formulate the proper security strategy to face the DevOps security challenge. Audience     Devops engineers     Security engineers Format of the course     Part lecture, part discussion, some hands-on practice Introduction     How DevOps creates more security risk for organizations         The price of agility, speed and de-centralized control Inadequacies of traditional security tools     Security policies     Firewall rules     Lack of APIs for integration     Lack of visualization tools Implementing a DevOps-ready security program Aligning security with business goals Removing the security bottleneck Implementing detailed visibility Standardizing security configurations Adding sensors into the application     Interactive Application Security Testing     Runtime Application Self-Protection Providing security data to DevOps tools through RESTful APIs On-demand scaling, micro-perimeterization of security controls Per-resource granular security policies Automating attacks against pre-production code Continually testing the production environment Protecting web applications from an Agile/DevOps perspective Securing containers and clouds Embracing next generation automated security tools The future of DevOps and its strategic role in security Closing remarks
embeddedsecurity Embedded systems security 21 hours This training introduces the system architectures, operating systems, networking, storage, and cryptographic issues that should be considered when designing secure embedded systems. By the end of this course, participants will have a solid understanding of security principles, concerns, and technologies. More importantly, participants will be equipped with the techniques needed for developing safe and secure embedded software. Audience     Embedded systems professionals     Security professionals Format of the course     Part lecture, part discussion, hands-on practice Introduction     Security vs embedded systems security Characteristics of embedded application security     Embedded network transactions     Automotive security     Android devices     Next-generation software-defined radio Critical aspects of an embedded system     Microkernel vs monolith     Independent security levels     Core security requirements     Access control     I/O virtualization Performing threat modeling and assessment       Attackers and assets     Attack surface     Attack trees     Establishsing a security policy Developing secure embedded software     Secure coding principles     Secure program design     Minimal Implementation     Component architecture     Least privilege     Secure development process     Independent expert validation     Model-driven design     Code review and static analysis     Security testing     Peer code reviews Understanding and implementing cryptography     Cryptographic modes     Cryptographic hashes     Cryptographic certifications     Managing keys     Block ciphers     Message Authentication Codes     Random Number Generation Data protection     Data-in-motion protocols     Securing data in motion     Data-at-rest protocols     Securing data at rest Mitigating attacks     Common software attacks     Preventing side-channel attacks Retrofitting security in existing projects     Securing bootloaders and firmware updates Closing remarks
grmcfun Governance, Risk Management & Compliance (GRC) Fundamentals 21 hours Course goal: To ensure that an individual has the core understanding of GRC processes and capabilities, and the skills to integrate governance, performance management, risk management, internal control, and compliance activities. Overview: GRC Basic terms and definitions Principles of GRC Core components, practices and activities Relationship of GRC to other disciplines   Day One GRC Fundamentals Training Course Overview GRC Capability Model –Introduction GRC Key Definitions Day Two Learn Component Align Component Perform Component Day three Review Component GRC standards and frameworks GRC applications and technology GRC certifications
cyberwarfare Fundamentals of corporate cyberwarfare 14 hours Audience Cyber security specialists System administrators Cyber security managers Cyber security auditors CIOs Format of the course Heavy emphasis on hands-on practice. Most of the concepts are learned through samples, exercises and hands-on development. Introduction Different aspects of enterprise security Companies are more vulnerable to cyber warfare than governments Corporate espionage (industrial espionage) Corporate sabotage (industrial sabotage) Extortion Beyond traditional enterprise security Non-standard approaches to breaching your systems Compromising your company...without breaching your systems Artificial Intelligence (AI) in the age of corporate cyber warfare How AI will be used to launch the next cyber attack on your company Beyond database injection Fooling a company's computers and employees The offensive mindset vs detection mindset Attack patterns Systems and tools for launching cyber attacks Beyond dumb bots. Intelligent bots. Humans or robots? Designing intelligence Building comprehensive AI response systems The future of corporation cyber security in a world of AI, big data, and cyber warfare  
cisa CISA - Certified Information Systems Auditor 28 hours Description: CISA® is the world-renowned and most popular certification for professionals working in the field of IS audit and IT risk consulting. Our CISA course is an intense, very competitive and exam focused training course. With experience of delivering more than 150+ CISA trainings in Europe and around the world and training more than 1200+ CISA delegates, the Net Security CISA training material has been developed in house with the top priority of ensuring CISA delegates pass the ISACA CISA® Exam. The training methodology focuses on understanding the CISA IS auditing concepts and practicing large number of ISACA released question banks from the last three years. Over a period, CISA holders have been in huge demand with renowned accountings firms, global banks, advisory, assurance, and internal audit departments. Delegates may have years of experience in IT auditing but perspective towards solving CISA questionnaires will solely depend on their understanding to globally accepted IT assurance practices. CISA exam is very challenging because the possibility of a very tight clash between two possible answers exists and that is where ISACA tests you on your understanding in global IT auditing practices. To address these exam challenges, we always provide the best trainers who have extensive experience in delivering CISA training around the world. The Net Security CISA manual covers all exam-relevant concepts, case studies, Q&A's across CISA five domains. Further, the Trainer shares the key CISA supporting material like relevant CISA notes, question banks, CISA glossary, videos, revision documents, exam tips, and CISA mind maps during the course. Goal: The ultimate goal is to pass your CISA examination first time. Objectives: Use the knowledge gained in a practical manner beneficial to your organisation Provide audit services in accordance with IT audit standards Provide assurance on leadership and organizational structure and processes Provide assurance on acquisition/ development, testing and implementation of IT assets Provide assurance on IT operations including service operations and third party Provide assurance on organization’s security policies, standards, procedures, and controls to ensure confidentiality, integrity, and availability of information assets. Target Audience: Finance/CPA professionals, I.T. professionals, Internal & External auditors, Information security, and risk consulting professionals. Domain 1—The Process of Auditing Information Systems (14%) Provide audit services in accordance with IT audit standards to assist the organization in protecting and controlling information systems. 1.1 Develop and implement a risk-based IT audit strategy in compliance with IT audit standards to ensure that key areas are included. 1.2 Plan specific audits to determine whether information systems are protected, controlled and provide value to the organization. 1.3 Conduct audits in accordance with IT audit standards to achieve planned audit objectives. 1.4 Report audit findings and make recommendations to key stakeholders to communicate results and effect change when necessary. 1.5 Conduct follow-ups or prepare status reports to ensure appropriate actions have been taken by management in a timely manner. Domain 2—Governance and Management of IT (14%) Provide assurance that the necessary leadership and organization structure and processes are in place to achieve objectives and to support the organization's strategy. 2.1 Evaluate the effectiveness of the IT governance structure to determine whether IT decisions, directions and performance support the organization’s strategies and objectives. 2.2 Evaluate IT organizational structure and human resources (personnel) management to determine whether they support the organization’s strategies and objectives. 2.3 Evaluate the IT strategy, including the IT direction, and the processes for the strategy’s development, approval, implementation and maintenance for alignment with the organization’s strategies and objectives. 2.4 Evaluate the organization’s IT policies, standards, and procedures, and the processes for their development, approval, implementation, maintenance, and monitoring, to determine whether they support the IT strategy and comply with regulatory and legal requirements. 2.5 Evaluate the adequacy of the quality management system to determine whether it supports the organization’s strategies and objectives in a cost-effective manner. 2.6 Evaluate IT management and monitoring of controls (e.g., continuous monitoring, QA) for compliance with the organization’s policies, standards and procedures. 2.7 Evaluate IT resource investment, use and allocation practices, including prioritization criteria, for alignment with the organization’s strategies and objectives. 2.8 Evaluate IT contracting strategies and policies, and contract management practices to determine whether they support the organization’s strategies and objectives. 2.9 Evaluate risk management practices to determine whether the organization’s IT-related risks are properly managed. 2.10 Evaluate monitoring and assurance practices to determine whether the board and executive management receive sufficient and timely information about IT performance. 2.11 Evaluate the organization’s business continuity plan to determine the organization’s ability to continue essential business operations during the period of an IT disruption. Domain 3—Information Systems Acquisition, Development, and Implementation (19%) Provide assurance that the practices for the acquisition, development, testing, and implementation of information systems meet the organization’s strategies and objectives. 3.1 Evaluate the business case for the proposed investments in information systems acquisition, development, maintenance and subsequent retirement to determine whether it meets business objectives. 3.2 Evaluate the project management practices and controls to determine whether business requirements are achieved in a cost-effective manner while managing risks to the organization. 3.3 Conduct reviews to determine whether a project is progressing in accordance with project plans, is adequately supported by documentation and status reporting is accurate. 3.4 Evaluate controls for information systems during the requirements, acquisition, development and testing phases for compliance with the organization's policies, standards, procedures and applicable external requirements. 3.5 Evaluate the readiness of information systems for implementation and migration into production to determine whether project deliverables, controls and organization's requirements are met. 3.6 Conduct post-implementation reviews of systems to determine whether project deliverables, controls and organization's requirements are met. Domain 4—Information Systems Operations, Maintenance and Support (23%) Provide assurance that the processes for information systems operations, maintenance and support meet the organization’s strategies and objectives. 4.1 Conduct periodic reviews of information systems to determine whether they continue to meet the organization’s objectives. 4.2 Evaluate service level management practices to determine whether the level of service from internal and external service providers is defined and managed. 4.3 Evaluate third party management practices to determine whether the levels of controls expected by the organization are being adhered to by the provider. 4.4 Evaluate operations and end-user procedures to determine whether scheduled and non-scheduled processes are managed to completion. 4.5 Evaluate the process of information systems maintenance to determine whether they are controlled effectively and continue to support the organization’s objectives. 4.6 Evaluate data administration practices to determine the integrity and optimization of databases. 4.7 Evaluate the use of capacity and performance monitoring tools and techniques to determine whether IT services meet the organization’s objectives. 4.8 Evaluate problem and incident management practices to determine whether incidents, problems or errors are recorded, analyzed and resolved in a timely manner. 4.9 Evaluate change, configuration and release management practices to determine whether scheduled and non-scheduled changes made to the organization’s production environment are adequately controlled and documented. 4.10 Evaluate the adequacy of backup and restore provisions to determine the availability of information required to resume processing. 4.11 Evaluate the organization’s disaster recovery plan to determine whether it enables the recovery of IT processing capabilities in the event of a disaster. Domain 5—Protection of Information Assets (30%) Provide assurance that the organization’s security policies, standards, procedures and controls ensure the confidentiality, integrity and availability of information assets. 5.1 Evaluate the information security policies, standards and procedures for completeness and alignment with generally accepted practices. 5.2 Evaluate the design, implementation and monitoring of system and logical security controls to verify the confidentiality, integrity and availability of information. 5.3 Evaluate the design, implementation, and monitoring of the data classification processes and procedures for alignment with the organization’s policies, standards, procedures, and applicable external requirements. 5.4 Evaluate the design, implementation and monitoring of physical access and environmental controls to determine whether information assets are adequately safeguarded. 5.5 Evaluate the processes and procedures used to store, retrieve, transport and dispose of information assets (e.g., backup media, offsite storage, hard copy/print data, and softcopy media) to determine whether information assets are adequately safeguarded.
iast Interactive Application Security Testing (IAST) 14 hours Interactive Application Security Testing (IAST) is a form of application security testing that combines Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) or Runtime Application Self-protection (RASP) techniques. IAST is able to report the specific lines of code responsible for a security exploit and replay the behaviors leading to and following such an exploit. In this instructor-led, live training, participants will learn how to secure an application by instrumenting runtime agents and attack inducers to simulate application behavior during an attack.   By the end of this training, participants will be able to: Simulate attacks against applications and validate their detection and protection capabilities Use RASP and DAST to gain code-level visibility into the data path taken by an application under different runtime scenarios Quickly and accurately fix the application code responsible for detected vulnerabilities Prioritize the vulnerability findings from dynamic scans Use RASP real-time alerts to protect applications in production against attacks. Reduce application vulnerability risks while maintaining production schedule targets Devise an integrated strategy for overall vulnerability detection and protection Audience DevOps engineers Security engineers Developers Format of the course Part lecture, part discussion, exercises and heavy hands-on practice To request a customized course outline for this training, please contact us.
shadowsocks Shadowsocks: Set up a proxy server 7 hours Shadowsocks is an open-source, secure socks5 proxy. In this instructor-led, live training, participants will learn how to secure an internet connection through a Shadowsocks proxy. By the end of this training, participants will be able to: Install and configure Shadowsocks on any of a number of supported platforms, including Windows, Linux, Mac, Android, iOS, and OpenWRT. Deploy Shadosocks with package manager systems, such as pip, aur, freshports and others. Run Shadowsocks on mobile devices and wireless networks. Understand how Shadowsocks encrypts messages and ensures integrity and authenticity. Optimize a Shadowsocks server Audience Network engineers Computer technicians Format of the course Part lecture, part discussion, exercises and heavy hands-on practice To request a customized course outline for this training, please contact us.
shiro Apache Shiro: Securing your Java application 7 hours Apache Shiro is a powerful Java security framework that performs authentication, authorization, cryptography, and session management. In this instructor-led, live training, participants will learn how to secure a web application with Apache Shiro. By the end of this training, participants will be able to: Use Shiro's API to secure various types of applications, including mobile, web and enterprise Enable logins from various data sources, including LDAP, JDBC, Active Directory, etc. Audience Developers Security engineers Format of the course Part lecture, part discussion, exercises and heavy hands-on practice Introduction Overview of Shiro features Project setup and configuration Overview of the Security Manager Securing an application with Shiro Authentication Authorization Realm configuration Logging out Session management Using Shiro with Spring Integrating with Java EE Securing a mobile application Troubleshooting Deploying and monitoring your application Closing remarks
GDPR1 GDPR Workshop 7 hours This one-day course is for people looking for a brief outline of the GDPR – General Data Protection Regulations coming out May 25, 2018. This is ideal for managers, department heads, and employees who need to understand the basics of the GDPR. What is the GDPR What is personal data / sensitive data Picking your team Understanding GDPR terms Privacy by design and privacy by default Appointing a team Choosing the people to help with GDPR (legal, marketing, IT, hr) What is a DPO and do you need one Permissions Determine if it’s personal data Who can access data How and where data is stored i.e. electronically or paper-based Securing data Rights and obligations Data Subjects and their rights Controller’s obligations Processor’s obligations Dealing with data requests International data transfers What is a data breach Fines and penalties Third-party services Internatinal data transfers Developing policies and procedures (legal issues) Creating a data privacy policy for employees and clients Document legal basis for having the data Establish codes of conduct for collecting and handling data Examine outside third-party contracts with other suppliers Maintenance Updating data – you need to ensure data you hold is updated Update privacy notices and procedures as GDPR changes Update contracts as needed.
GDRPAd GDPR Advanced 21 hours This is more in-depth and would be for those working a great deal with the GDPR and who may be appointed to the GDPR team. This would be ideal for IT, human resources and marketing employees and they will deal extensively with the GDPR. Data privacy impact assessment What this is and why you need to do this Examining existing data The role of the DPO and do you need one. Key legislation Risk management framework Data mapping Dealing with cloud providers Demonstrating compliance Developing data collection policies and procedures Developing permission policies and procedures. Developing data loss prevention and data breach strategies and management programs How to proceed and how to address individuals’ requests and complaints Employees’ training and awareness program Anonymizing and pseudo-anonymizing data Maintenance Data inventory and data transfer mechanism Track legislation changes etc. Monitor data handling practices Internal audits and assessments – also ad-hoc in case of an event Documentations, certifications, accreditations etc. Security risks Look at existing security measures Integrate the new GDPR with security measures (intrusion detection, firewalls) Maintain human resources security (pre-screening, referencing paper-based files) Implement data protection into information security policy Establish data loss prevention strategy Conduct regular tests Data Breach management program What to do if you have a data breach Create a data privacy incident / breach response plan Maintain a log of incidents Create a policy for a data breach Appoint a forensic investigation team. 
cas CAS: Setting up an single-sign-on authentication server 7 hours CAS, or Central Authentication Service, is an open-source, enterprise-level, single-sign on protocol for the web. CAS gives users access to multiple applications using a single sign-on and allows web applications to authenticate users without giving them access to user passwords. CAS has a Java server component and various client libraries written in PHP, PL/SQL, Java, and more. In this course, we discuss CAS's architecture and features and practice installing and configuring a CAS server. By the end of the course, participants will have an understanding of CAS's implementation of SOS (Single-Sign-On-Authentication) as well as the necessary practice to deploy and manage their own authentication server. Audience     System administrators Format of the course     Part lecture, part discussion, heavy hands-on practice Introduction     The case for SOS (Single-Sign-On-Authentication)     CAS vs LDAP vs OpenID An overview of the CAS architecture     System components     CAS Server     CAS clients     Supported protocols     Software components         Spring MVC/Spring Webflow         Ticketing         Authentication Building CAS as an Overlay project     Building and deploying with Gradle, Maven and Docker     Using custom and third-party source     Managing dependencies Configuring authentication in CAS     Orchestrating authentication handlers with authentication manager     Choosing authentication handlers and schemes     Testing the default authentication scheme     Principal Resolution     Transforming the user id     Setting up "Remember Me" long-term authentication     Setting up proxy authentication     Multi-factor authentication (MFA)     Limiting failed login attempts with login throttling     Configuring an SSO session cookie Attribute resolution and release     Principal-Id attribute: receiving authenticated userid     Attribute release policy: Releasing attributes to applications     Caching attributes: Caching resolved attributes     Encrypting attributes: Conditionally encrypting attributes
secana Security Analyst 35 hours   Target Audience would be - Network server administrators, firewall administrators, information security analysts, system administrators, and risk assessment professionals  Core modules: 1. Need for Security Analysis 2. TCP IP Packet Analysis 3. Penetration Testing Methodologies 4. Customers and legal Agreements 5. Rules of Engagement 6. Penetration Testing Planning and Scheduling 7. Pre- Penetration Testing Steps 8. Information gathering 9. Vulnerability Analysis 10. External penetration Testing 11. Internal Network Pen Testing 12. Firewall Penetration Testing 13. IDS Penetration Testing 14. Password Cracking Penetration Testing 15. Social Engineering Penetration testing 16. Web Application Penetration Testing 17. SQL Penetration Testing 18. Penetration Testing Reports and Post Testing Actions Additional Modules: 1. Router and Switches Penetration Testing 2. Wireless Network Penetration Testing 3. Denial-of-Service Penetration Testing 4. Stolen Laptop, PDAs and Cell Phones Penetration Testing 5. Source Code Penetration Testing 6. Physical Security Penetration Testing 7. Surveillance Camera Penetration Testing 8. Database Penetration Testing 9. VoIP Penetration Testing 10. VPN Penetration Testing 11. Cloud Penetration Testing 12. Virtual Machine Penetration Testing 13. War Dialling 14. Virus and Trojan Detection 15. Log Management Penetration Testing 16. File Integrity Checking 17. Mobile Devices Penetration Testing 18. Telecommunication and Broadband Communication Penetration Testing 19. Email Security Penetration Testing 20. Security Patches Penetration Testing 21. Data Leakage Penetration Testing 22. SAP Penetration Testing 23. Standards and Compliance 24. Information System Security Principles 25. Information System Incident and Response 26. Information System Auditing and Certification
ehcm Ethical Hacking and Countermeasures 35 hours Description: This class will immerse the students into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Students will begin by understanding how perimeter defences work and then be lead into scanning and attacking their own networks, no real network is harmed. Students then learn how Intruders escalate privileges and what steps can be taken to secure a system. Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation. Target Audience: This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure. Module 1: Introduction to Ethical Hacking Module 2: Footprinting and Reconnaissance Module 3: Scanning Networks Module 4: Enumeration Module 5: System Hacking Module 6: Trojans and Backdoors Module 7: Viruses and Worms Module 8: Sniffers Module 9: Social Engineering Module 10: Denial of Service Module 11: Session Hijacking Module 12: Hacking Webservers Module 13: Hacking Web applications Module 14: SQL Injection Module 15: Hacking Wireless Networks Module 16: Hacking Mobile Platforms Module 17: Evading IDS, Firewalls and Honeypots Module 18: Buffer Overflow Module 19: Cryptography Module 20: Penetration Testing
netsecadm Network Security Administrator 35 hours Audience: System Administrators and Network Administrators as well as anyone who is interested in defensive network security technologies.   Module 1: Introduction to Network Security Network topology; Network Types and the OSI Model Module 2: Network Protocols Network Protocols: SLIP; PPP; ARP; RARP; IGMP; ICMP; SNMP, HTTP IP: Attacks and Countermeasures TCP, UDP: Attacks and Countermeasures FTP, TFTP, TELNET, SMTP: Vulnerabilities Module 3: Security Policy What is Security Policy? What Defines a good security policy Security Policy Structure Developing and Implementing security policies Requirements of Effective Security Policy Module 4: Physical Security Physical Security Threats Locks and Keys TEMPEST Fire Safety: Fire Suppression, Gaseous Emission Systems Laptop Security: Physical Security Countermeasures Biometric Devices PC Security: Boot Access Module 5: Network Attacks Current Statistics Defining Terms: Threats, Attack and Exploit Classification of Hackers and Attacks Spoofing; Spamming; Eaves Dropping; Phishing; War Dialing; Password Cracking Web Page Defacement; SQL Injection; Wire Tapping; Buffer Overflow War Driving; War Chalking; War Flying Denial of Service (DOS) Attacks and Distributed DOS Module 6: Intrusion Detection System Characteristics of IDS Host based IDS Vs Network based IDS IDS Detection Methods; Types of Signatures Intrusion Prevention System IDS Vs IPS IPS Tool Module 7: Firewalls Handling threats and security tasks Protection against hacking Centralization and Documentation Multi-layer firewall protection Packet filtering and Stateful Packet Filtering Multi firewall DMZ Specialty firewalls and Reverse firewalls Module8: Packet Filtering and Proxy Servers Network Address Translation Application layer gateway and Proxying Virtual Private Network and the Authentication process Module 9: Bastion Host and Honeypots Bastion Host Honeypots and Honeynet Module 10: Hardening Routers Internet work Operating Systems (IOS) Troubleshooting a router Hardening a Router Components of router security Router security: testing tools Module 11: Hardening Operating Systems Security Windows Security Objects And Permissions NTFS File System Permissions Active Directory Kerberos Authentication And Security IP Security Linux Module 12: Patch Management Red Hat Up2date Patch Management Utility Installation Steps Microsoft Patch Management Process and Windows Update Services Patch Management Tools: Qchain Patch Management Tool: Microsoft Baseline Security Analyzer Other Patch Management Tools Module 13: Application Security Securing Web Applications IPSec And SSL Security Writing Secure Code; Best Practices Remote Administration Security Module 14: Web Security Network Devices and Design Altering the Network Addresses Client Authorization and Secure Client Transmissions Portable Applications Malicious Code Detection Browser Security Settings Common Gateway Interface (CGI) Web Application Input Data Validation and Buffer Overflows Module 15: E-Mail Security Components Of An Email E-mail protocols E-Mail Security Risks How to defend against E-Mail security risks Module 16: Encryption Firewalls Implementing Encryption Maintaining confidentiality Digital certificates Public and Private Keys (including PGP) Choosing the size of keys Analyzing popular encryption schemes including IPSEC Module 17: Virtual Private Networks VPN Tunneling Protocols PPTP and L2TP VPN Security Module 18: WLAN Wireless Network Types Antenna WLAN Standards BlueTooth And Ultra Wideband WEP Description Tool (Air Snort and WEPCrack) WLAN Security;WPA; TKIP; WTLS EAP Methods Advanced Encryption Standards (AES); DES; RSA Encryption RADIUS; Multifactor Authentication Mobile Security Through Certificates Certificate Management Through PKI Module 19: Creating Fault Tolerance Network Security: Fault Tolerance Why Create Fault Tolerance Planning For Fault Tolerance Reasons For System Failure Preventive Measures Module 20: Incident Response What Is an Incident Step by Step Procedure Managing Incidents What Is an Incident Response Six Step Approach for Incident Handling (PICERF Methodology) Incident Response Team Module 21: Disaster Recovery and Planning What is a Disaster Recovery Disaster Recovery Planning Business Continuity Planning Process Disaster Prevention Module 22: Network Vulnerability Assessment Vulnerability Assessment Goals of vulnerability assessment Network vulnerability Assessment methodology: Selecting vulnerability assessment tools
seccode How to Write Secure Code 35 hours After the major attacks against national infrastructures, Security Professionals found that the majority of the vulnerabilities that caused the attacks came from poor and vulnerable code that the developers write.  Developers now need to master the techniques of how to write Secure Code, because we are in a situation where anyone can use availble tools to write a script that can effectivly disable a large organization's systems because the developers have written poor code. This Course aims to help in the following: Help Developers to master the techniques of writing Secure Code Help Software Testers to test the security of the application before publishing to the production environment Help Software Architects to understand the risks surrounding the applications Help Team Leaders to set the security base lines for the developers Help Web Masters to configure the Servers to avoid miss-configurations In this course you will also see details of the latest cyber attacks that have been used and the countermeasures used to stop and prevent these attacks. You will see for yourself how developers mistakes led to catastrophic attacks, and by participatig in the labs during the course you will be able to put into practise the security controls and gain the experience and knowledge to produce secure coding. Who should Attend this Course?  This Secure Code Training is ideal for those working in positions such as, but not limited to: Web Developers Mobile Developers Java Developers Dot Net Developers Software Architects Software Tester Security Professionals Web Masters Module1 Introduction to Secure Coding Module2 Web, Windows and Mobile Application bases Module3 Applications Attacks and Exploits, XSS, SQL injection Module4 Servers Attacks and Exploits, DOS, BOF Module5 Validation And Verification Module6 Security Controls and Countermeasures Module7 Mobile Application Secure Coding Module8 Security Standards and Testing

Upco...Upcoming Courses

CourseCourse DateCourse Price [Remote / Classroom]
Interactive Application Security Testing (IAST) - DubaiTue, 2018-01-09 09:303200USD / 4700USD

Other regions

Weekend Internet Security courses, Evening Internet Security training, Internet Security boot camp, Internet Security instructor-led , Internet Security one on one training , Internet Security training courses, Internet Security classes, Internet Security coaching,Weekend Internet Security training, Evening Internet Security courses, Internet Security private courses, Internet Security instructor, Internet Security on-site

Course Discounts

Course Discounts Newsletter

We respect the privacy of your email address. We will not pass on or sell your address to others.
You can always change your preferences or unsubscribe completely.

Some of our clients