Courses
Short description
This course is the next step for our participants, who completed our OWASP Top 10, Java Secure Coding Fundamentals course. This is a follow up training, meaning that in order to attend this, everyone must already have the knowledge that is covered in the Fundamentals.
This course enables our participants to gain a deeper knowledge in the field, because here we emphasize the Java-specific aspects of secure coding instead of the general vulnerabilities.
At the end of the training everyone has the possibility to take an exam, where they are able to measure their level of the gained knowledge.
Outline
Client-side security
Practical cryptography
Secure communication in Java
Java security services
participants attending this course will
Learn client-side vulnerabilities and secure coding practices
Have a practical understanding of cryptography
Learn to use various security features of the Java development environment
Short description
Writing web applications in Java can be rather complex – reasons range from dealing with legacy technologies or underdocumented third-party components to sharp deadlines and code maintainability. Yet, beyond all that, what if we told you that attackers were trying to break into your code right now? How likely would they be to succeed?
This course will change the way you look at your Java code. We'll teach you the common weaknesses and their consequences that can allow hackers to attack your system, and – more importantly – best practices you can apply to protect yourself. We cover typical Web vulnerabilities with a focus on how they affect Java web apps on the entire stack – from the Java runtime environment to modern AJAX and HTML5-based frontends. In addition, we discuss the security aspects of the Java platform itself as well as typical Java programming mistakes you need to be aware of. We present the entire course through live practical exercises to keep it engaging and fun.
Writing secure code will give you a distinct edge over your competitors. It is your choice to be ahead of the pack – take a step and be a game-changer in the fight against cybercrime.
Outline
IT security and secure coding
Web application security
Common coding errors and vulnerabilities
Principles of security and secure coding
Knowledge sources
participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn about XML security
Learn client-side vulnerabilities and secure coding practices
Learn about typical coding mistakes and how to avoid them
Get information about some recent vulnerabilities in the Java framework
Get sources and further readings on secure coding practices
Short description
Writing web applications in Java can be rather complex – reasons range from dealing with legacy technologies or underdocumented third-party components to sharp deadlines and code maintainability. Yet, beyond all that, what if we told you that attackers were trying to break into your code right now? How likely would they be to succeed?
This course will change the way you look at your Java code. We'll teach you the common weaknesses and their consequences that can allow hackers to attack your system, and – more importantly – best practices you can apply to protect yourself. We cover typical Web vulnerabilities with a focus on how they affect Java web apps on the entire stack – from the Java runtime environment to modern AJAX and HTML5-based frontends. In addition, we discuss the security aspects of the Java platform itself as well as typical Java programming mistakes you need to be aware of. We present the entire course through live practical exercises to keep it engaging and fun.
Writing secure code will give you a distinct edge over your competitors. It is your choice to be ahead of the pack – take a step and be a game-changer in the fight against cybercrime.
Outline
IT security and secure coding
Web application security
Client-side security
Practical cryptography
Secure communication in Java
Java security services
Common coding errors and vulnerabilities
Principles of security and secure coding
Knowledge sources
participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn about XML security
Learn client-side vulnerabilities and secure coding practices
Have a practical understanding of cryptography
Learn to use various security features of the Java development environment
Learn about typical coding mistakes and how to avoid them
Get information about some recent vulnerabilities in the Java framework
Get sources and further readings on secure coding practices
- Duration: 5 days
- Audience: Developers, Testers
Short description
Writing web applications in Java can be rather complex – reasons range from dealing with legacy technologies or underdocumented third-party components to sharp deadlines and code maintainability. Yet, beyond all that, what if we told you that attackers were trying to break into your code right now? How likely would they be to succeed?
This course will change the way you look at your Java code. We'll teach you the common weaknesses and their consequences that can allow hackers to attack your system, and – more importantly – best practices you can apply to protect yourself. We cover typical Web vulnerabilities with a focus on how they affect Java web apps on the entire stack – from the Java runtime environment to modern AJAX and HTML5-based frontends. In addition, we discuss the security aspects of the Java platform itself as well as typical Java programming mistakes you need to be aware of. We present the entire course through live practical exercises to keep it engaging and fun.
Writing secure code will give you a distinct edge over your competitors. It is your choice to be ahead of the pack – take a step and be a game-changer in the fight against cybercrime.
Outline
IT security and secure coding
Web application security (OWASP Top Ten)
Client-side security
Practical cryptography
Java security services
Foundations of Java security
Secure communication in Java
Common coding errors and vulnerabilities
Security of Web services
Cryptographic vulnerabilities
Hibernate security
Spring security
Denial of service
Security testing
Principles of security and secure coding
Knowledge sources
participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn about XML security
Learn client-side vulnerabilities and secure coding practices
Have a practical understanding of cryptography
Learn to use various security features of the Java development environment
Learn about typical coding mistakes and how to avoid them
Get information about some recent vulnerabilities in the Java framework
Understand security concepts of Web services
Learn about JSON security
Understand some recent attacks against cryptosystems
Learn about Hibernate security
Learn about Spring security
Learn about denial of service attacks and protections
Get practical knowledge in using security testing techniques and tools
Get sources and further readings on secure coding practices
- Duration: 5 days
- Audience: Developers, Testers, Professionals
Short description
<i>“Money makes the world go round....” </i>– remember? And yes: it is your responsibility to secure all that. As a fintech company you have to take up the challenge, and beat the bad guys with bomb-proof, secure applications!
If there is a domain where security is critical, it is definitely fintech. Vulnerability is not an option if you want to stay a trusted and reliable vendor with systems and applications that certainly comply with PCI-DSS requirements. You need devoted secure coders with high-level professional attitude and developers eager to fight all coding problems: yes, you need a skilled team of software engineers.
Want to know why? Just for the record: even though IT security best practices are widely available, 90% of security incidents stem from common vulnerabilities as a result of ignorance and malpractice. So, you better keep loaded in all possible ways with up to date knowledge about secure coding – unless you <i>wanna cry</i>!
We offer a training program exclusively targeting engineers developing applications for the banking and finance sector. Our dedicated trainers share their experience and expertise through hands-on labs, and give real-life case studies from the banking industry – engaging participants in live hacking fun to reveal all consequences of insecure coding.
Outline
IT security and secure coding
Special threats in the banking and finance sector
Regulations and standards
Web application security (OWASP Top Ten)
Client-side security
Security architecture
Requirements of secure communication
Practical cryptography
Crypto libraries and APIs
Security protocols
Input validation
Security of Web services
Improper use of security features
Object-relational mapping (ORM) security
Improper error and exception handling
Time and state problems
Code quality problems
Denial of service
Security testing techniques and tools
Deployment environment
Principles of security and secure coding
Knowledge sources
participants attending this course will
Understand basic concepts of security, IT security and secure coding
Understand security considerations in the SDLC
Understand special threats in the banking and finance sector
Understand regulations and standards
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn about XML security
Learn client-side vulnerabilities and secure coding practices
Have a practical understanding of cryptography
Understand the requirements of secure communication
Understand essential security protocols
Understand some recent attacks against cryptosystems
Understand security concepts of Web services
Learn about JSON security
Learn about typical coding mistakes and how to avoid them
Get information about some recent vulnerabilities in the Java framework
Learn about denial of service attacks and protections
Get practical knowledge in using security testing techniques and tools
Learn how to set up and operate the deployment environment securely
Get sources and further readings on secure coding practices
- Duration: 5 days
- Audience: Developers, Testers, Professionals
Short description
The past few years have seen a massive increase in attacks, data breaches and medical identity theft targeting the healthcare industry; there have also been various ransomware attacks paralyzing healthcare computer networks as well as the various medical devices connected to them. The rise of mobile devices used in the industry needs to be addressed as well: there is a huge growth of medical software applications for mobiles and tablets that connect the patient with the organization – carrying and storing personally identifiable information (PII).
Healthcare is one of the business domains where security is absolutely crucial. Vulnerability is not an option when working with life-saving devices. There is also significant compliance pressure – if you want to stay a trusted and reliable vendor, your systems and applications need to comply with Health Information Portability and Accountability Act (HIPAA) requirements. To deal with these challenges, you need motivated secure coders with the right skills and the right attitude to fight security problems: a skilled team of software engineers as well as network administrators.
This training program exclusively targets engineers developing applications or maintaining networks for the healthcare sector. Our dedicated trainers share their experience and expertise through hands-on labs, and give real-life case studies from the healthcare industry – engaging participants in live hacking fun to reveal all consequences of insecure coding.
Outline
IT security and secure coding
Special threats in the healthcare sector
Regulations and standards
Web application security (OWASP Top Ten)
Client-side security
Security architecture
Requirements of secure communication
Practical cryptography
Crypto libraries and APIs
Security protocols
Input validation
Security of Web services
Improper use of security features
Object-relational mapping (ORM) security
Improper error and exception handling
Time and state problems
Code quality problems
Denial of service
Security testing techniques and tools
Principles of security and secure coding
Knowledge sources
participants attending this course will
Understand basic concepts of security, IT security and secure coding
Understand special threats in the healthcare sector
Understand regulations and standards
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn about XML security
Learn client-side vulnerabilities and secure coding practices
Have a practical understanding of cryptography
Understand the requirements of secure communication
Understand essential security protocols
Understand some recent attacks against cryptosystems
Understand security concepts of Web services
Learn about JSON security
Learn about typical coding mistakes and how to avoid them
Get information about some recent vulnerabilities in the Java framework
Learn about denial of service attacks and protections
Get practical knowledge in using security testing techniques and tools
Get sources and further readings on secure coding practices
- Duration: 5 days
- Audience: Developers, Testers, Professionals
Short description
Telecommunication is the foundation on which critical infrastructures are built – all modern technologies heavily rely on its security. The continued adoption of IP-based telecommunication and the exposure of telecom equipment opens additional paths for attackers, with a massive increase in security incidents against telecom systems.
The security of customer premises equipment and the prevalence of Internet of Things (IoT) devices is especially critical, as these devices are directly exposed to attackers and potentially resulting in large-scale attacks against users and companies alike. IoT security is recognized by the industry as a critical area of telecommunications, as evidenced by the efforts of the GSM Alliance to produce a set of IoT security guidelines for network operators.
The threats against telecom systems run the gamut from simple-yet-effective DDoS attacks to large-scale exploitation of vulnerabilities in communication equipment. Ultimately, the best way to deal with these challenges, you need motivated secure coders with the right skills and the right attitude to fight security problems: a skilled team of software and network engineers.
This training program exclusively targets engineers developing software applications or network equipment for the healthcare sector. Our dedicated trainers share their experience and expertise through hands-on labs, and give real-life case studies from the telecom industry – engaging participants in hands-on labs to realize the harsh consequences of insecure coding.
Our dedicated trainers share their experience and expertise through hands-on labs, and give real-life case studies from the telecom industry – engaging participants in hands-on labs to realize the harsh consequences of insecure coding.
Outline
IT security and secure coding
Special threats in the telecom sector
Regulations and standards
Web application security
Client-side security
Practical cryptography
Network security
Common coding errors and vulnerabilities
Foundations of Java security
Secure communication in Java
Java security services
x86 machine code, memory layout and stack operations
Buffer overflow
Some additional native code-related vulnerabilities
Denial of service
Principles of security and secure coding
Knowledge sources
participants attending this course will
Understand basic concepts of security, IT security and secure coding
Understand special threats in the telecom sector
Understand regulations and standards
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn about XML security
Learn client-side vulnerabilities and secure coding practices
Have a practical understanding of cryptography
Learn about network attacks and defenses at different OSI layers
Learn about typical coding mistakes and how to avoid them
Get information about some recent vulnerabilities in the Java framework
Learn to use various security features of the Java development environment
Understand security concepts of Web services
Realize the severe consequences of unsecure buffer handling
Understand the architectural protection techniques and their weaknesses
Learn about denial of service attacks and protections
Get sources and further readings on secure coding practices
- Duration: 3 days
- Audience: Developers, Testers
Short description
After getting familiar with the vulnerabilities and the attack methods, participants learn about the general approach and the methodology for security testing, and the techniques that can be applied to reveal specific vulnerabilities. Security testing should start with information gathering about the system (ToC, i.e. Target of Evaluation), then a thorough threat modeling should reveal and rate all threats, arriving to the most appropriate risk analysis-driven test plan.
Security evaluations can happen at various steps of the SDLC, and so we discuss design review, code review, reconnaissance and information gathering about the system, testing the implementation and the testing and hardening the environment for secure deployment. Many different security testing techniques are introduced in details, like taint analysis and heuristics-based code review, static code analysis, dynamic web vulnerability testing or fuzzing. Various types of tools are introduced that can be applied in order to automate security evaluation of software products, which is also supported by a number of exercises, where we execute these tools to analyze the already discussed vulnerable code. Many real life case studies support better understanding of various vulnerabilities.
This course prepares testers and QA staff to adequately plan and precisely execute security tests, select and use the most appropriate tools and techniques to find even hidden security flaws, and thus gives essential practical skills that can be applied on the next day working day.
Outline
IT security and secure coding
Web application security
Client-side security
Security testing
Security testing techniques and tools
Source code review
Input validation
Improper use of security features
Testing the implementation
Deployment environment
Principles of security and secure coding
Knowledge sources
participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn about XML security
Learn client-side vulnerabilities and secure coding practices
Understand security testing approaches and methodologies
Get practical knowledge in using security testing techniques and tools
Learn how to set up and operate the deployment environment securely
Get sources and further readings on secure coding practices