| cl-jwe | Advanced Java, JEE and Web Application Security | 28 hours | Beyond a solid knowledge in using Java components, even for experienced Java programmers it is essential to have a deep knowledge in web-related vulnerabilities both on server and client side, the different vulnerabilities that are relevant for web applications written in Java, and the consequences of the various risks.
General web-based vulnerabilities are demonstrated through presenting the relevant attacks, while the recommended coding techniques and mitigation methods are explained in the context of Java with the most important aim to avoid the associated problems. In addition, a special focus is given to client-side security tackling security issues of JavaScript, Ajax and HTML5.
The course introduces security components of Standard Java Edition, which is preceded with the foundations of cryptography, providing a common baseline for understanding the purpose and the operation of the applicable components. Security issues of Java Enterprise Edition are presented through various exercises explaining both declarative and programmatic security techniques in JEE.
Finally, the course explains the most frequent and severe programming flaws of the Java language and platform. Besides the typical bugs committed by Java programmers, the introduced security vulnerabilities cover both language-specific issues and problems stemming from the runtime environment. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques.
Participants attending this course will
- Understand basic concepts of security, IT security and secure coding
- Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
- Learn client-side vulnerabilities and secure coding practices
- Learn to use various security features of the Java development environment
- Have a practical understanding of cryptography
- Understand security concepts of Web services
- Understand security solutions of Java EE
- Learn about typical coding mistakes and how to avoid them
- Get information about some recent vulnerabilities in the Java framework
- Get practical knowledge in using security testing tools
- Get sources and further readings on secure coding practices
Audience
Developers
|
| cl-osc | The Secure Coding Landscape | 14 hours | The course introduces some common security concepts, gives an overview about the nature of the vulnerabilities regardless of the used programming languages and platforms, and explains how to handle the risks that apply regarding software security in the various phases of the software development lifecycle. Without going deeply into technical details, it highlights some of the most interesting and most aching vulnerabilities in various software development technologies, and presents the challenges of security testing, along with some techniques and tools that one can apply to find any existing problems in their code.
Participants attending this course will
- Understand basic concepts of security, IT security and secure coding
- Understand Web vulnerabilities both on server and client side
- Realize the severe consequences of unsecure buffer handling
- Be informated about some recent vulnerabilities in development environments and frameworks
- Learn about typical coding mistakes and how to avoid them
- Understand security testing approaches and methodologies
Audience
Managers
|
| seccode | How to Write Secure Code | 35 hours | After the major attacks against national infrastructures, Security Professionals found that the majority of the vulnerabilities that caused the attacks came from poor and vulnerable code that the developers write.
Developers now need to master the techniques of how to write Secure Code, because we are in a situation where anyone can use availble tools to write a script that can effectivly disable a large organization's systems because the developers have written poor code.
This Course aims to help in the following:
- Help Developers to master the techniques of writing Secure Code
- Help Software Testers to test the security of the application before publishing to the production environment
- Help Software Architects to understand the risks surrounding the applications
- Help Team Leaders to set the security base lines for the developers
- Help Web Masters to configure the Servers to avoid miss-configurations
In this course you will also see details of the latest cyber attacks that have been used and the countermeasures used to stop and prevent these attacks.
You will see for yourself how developers mistakes led to catastrophic attacks, and by participatig in the labs during the course you will be able to put into practise the security controls and gain the experience and knowledge to produce secure coding.
Who should Attend this Course?
This Secure Code Training is ideal for those working in positions such as, but not limited to:
- Web Developers
- Mobile Developers
- Java Developers
- Dot Net Developers
- Software Architects
- Software Tester
- Security Professionals
- Web Masters
|
| devopssecurity | DevOps Security: Creating a DevOps security strategy | 7 hours | DevOps is a software development approach that aligns application development with IT operations. Some of the tools that have emerged to support DevOps include: automation tools, containerization and orchestration platforms. Security has not kept up with these developments.
In this course, participants will learn how to formulate the proper security strategy to face the DevOps security challenge.
Audience
Devops engineers
Security engineers
Format of the course
Part lecture, part discussion, some hands-on practice
|
| embeddedsecurity | Embedded systems security | 21 hours | This training introduces the system architectures, operating systems, networking, storage, and cryptographic issues that should be considered when designing secure embedded systems.
By the end of this course, participants will have a solid understanding of security principles, concerns, and technologies. More importantly, participants will be equipped with the techniques needed for developing safe and secure embedded software.
Audience
Embedded systems professionals
Security professionals
Format of the course
Part lecture, part discussion, hands-on practice
|
| iast | Interactive Application Security Testing (IAST) | 14 hours | Interactive Application Security Testing (IAST) is a form of application security testing that combines Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) or Runtime Application Self-protection (RASP) techniques. IAST is able to report the specific lines of code responsible for a security exploit and replay the behaviors leading to and following such an exploit.
In this instructor-led, live training, participants will learn how to secure an application by instrumenting runtime agents and attack inducers to simulate application behavior during an attack.
By the end of this training, participants will be able to:
- Simulate attacks against applications and validate their detection and protection capabilities
- Use RASP and DAST to gain code-level visibility into the data path taken by an application under different runtime scenarios
- Quickly and accurately fix the application code responsible for detected vulnerabilities
- Prioritize the vulnerability findings from dynamic scans
- Use RASP real-time alerts to protect applications in production against attacks.
- Reduce application vulnerability risks while maintaining production schedule targets
- Devise an integrated strategy for overall vulnerability detection and protection
Audience
- DevOps engineers
- Security engineers
- Developers
Format of the course
- Part lecture, part discussion, exercises and heavy hands-on practice
|
| shiro | Apache Shiro: Securing your Java application | 7 hours | Apache Shiro is a powerful Java security framework that performs authentication, authorization, cryptography, and session management.
In this instructor-led, live training, participants will learn how to secure a web application with Apache Shiro.
By the end of this training, participants will be able to:
- Use Shiro's API to secure various types of applications, including mobile, web and enterprise
- Enable logins from various data sources, including LDAP, JDBC, Active Directory, etc.
Audience
- Developers
- Security engineers
Format of the course
- Part lecture, part discussion, exercises and heavy hands-on practice
|
.jpg)
.jpg)
.jpg)
.png)
.png)
