Courses

Fundamental courses

- Duration: 1 days

- Audience: Developers

Short description

This course is the next step for our participants, who completed our OWASP Top 10, Java Secure Coding Fundamentals course. This is a follow up training, meaning that in order to attend this, everyone must already have the knowledge that is covered in the Fundamentals.

This course enables our participants to gain a deeper knowledge in the field, because here we emphasize the Java-specific aspects of secure coding instead of the general vulnerabilities.

At the end of the training everyone has the possibility to take an exam, where they are able to measure their level of the gained knowledge.

Outline
  • Client-side security

  • Practical cryptography

  • Secure communication in Java

  • Java security services

participants attending this course will
  • Learn client-side vulnerabilities and secure coding practices

  • Have a practical understanding of cryptography

  • Learn to use various security features of the Java development environment

- Duration: 2 days

- Audience: Developers

Short description

Writing web applications in Java can be rather complex – reasons range from dealing with legacy technologies or underdocumented third-party components to sharp deadlines and code maintainability. Yet, beyond all that, what if we told you that attackers were trying to break into your code right now? How likely would they be to succeed?

This course will change the way you look at your Java code. We'll teach you the common weaknesses and their consequences that can allow hackers to attack your system, and – more importantly – best practices you can apply to protect yourself. We cover typical Web vulnerabilities with a focus on how they affect Java web apps on the entire stack – from the Java runtime environment to modern AJAX and HTML5-based frontends. In addition, we discuss the security aspects of the Java platform itself as well as typical Java programming mistakes you need to be aware of. We present the entire course through live practical exercises to keep it engaging and fun.

Writing secure code will give you a distinct edge over your competitors. It is your choice to be ahead of the pack – take a step and be a game-changer in the fight against cybercrime.

Outline
  • IT security and secure coding

  • Web application security

  • Common coding errors and vulnerabilities

  • Principles of security and secure coding

  • Knowledge sources

participants attending this course will
  • Understand basic concepts of security, IT security and secure coding

  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them

  • Learn about XML security

  • Learn client-side vulnerabilities and secure coding practices

  • Learn about typical coding mistakes and how to avoid them

  • Get information about some recent vulnerabilities in the Java framework

  • Get sources and further readings on secure coding practices

Standard courses

- Duration: 3 days

- Audience: Developers

Short description

Writing web applications in Java can be rather complex – reasons range from dealing with legacy technologies or underdocumented third-party components to sharp deadlines and code maintainability. Yet, beyond all that, what if we told you that attackers were trying to break into your code right now? How likely would they be to succeed?

This course will change the way you look at your Java code. We'll teach you the common weaknesses and their consequences that can allow hackers to attack your system, and – more importantly – best practices you can apply to protect yourself. We cover typical Web vulnerabilities with a focus on how they affect Java web apps on the entire stack – from the Java runtime environment to modern AJAX and HTML5-based frontends. In addition, we discuss the security aspects of the Java platform itself as well as typical Java programming mistakes you need to be aware of. We present the entire course through live practical exercises to keep it engaging and fun.

Writing secure code will give you a distinct edge over your competitors. It is your choice to be ahead of the pack – take a step and be a game-changer in the fight against cybercrime.

Outline
  • IT security and secure coding

  • Web application security

  • Client-side security

  • Practical cryptography

  • Secure communication in Java

  • Java security services

  • Common coding errors and vulnerabilities

  • Principles of security and secure coding

  • Knowledge sources

participants attending this course will
  • Understand basic concepts of security, IT security and secure coding

  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them

  • Learn about XML security

  • Learn client-side vulnerabilities and secure coding practices

  • Have a practical understanding of cryptography

  • Learn to use various security features of the Java development environment

  • Learn about typical coding mistakes and how to avoid them

  • Get information about some recent vulnerabilities in the Java framework

  • Get sources and further readings on secure coding practices

Master courses

- Duration: 5 days

- Audience: Developers, Testers

Short description

Writing web applications in Java can be rather complex – reasons range from dealing with legacy technologies or underdocumented third-party components to sharp deadlines and code maintainability. Yet, beyond all that, what if we told you that attackers were trying to break into your code right now? How likely would they be to succeed?

This course will change the way you look at your Java code. We'll teach you the common weaknesses and their consequences that can allow hackers to attack your system, and – more importantly – best practices you can apply to protect yourself. We cover typical Web vulnerabilities with a focus on how they affect Java web apps on the entire stack – from the Java runtime environment to modern AJAX and HTML5-based frontends. In addition, we discuss the security aspects of the Java platform itself as well as typical Java programming mistakes you need to be aware of. We present the entire course through live practical exercises to keep it engaging and fun.

Writing secure code will give you a distinct edge over your competitors. It is your choice to be ahead of the pack – take a step and be a game-changer in the fight against cybercrime.

Outline
  • IT security and secure coding

  • Web application security (OWASP Top Ten)

  • Client-side security

  • Practical cryptography

  • Java security services

  • Foundations of Java security

  • Secure communication in Java

  • Common coding errors and vulnerabilities

  • Security of Web services

  • Cryptographic vulnerabilities

  • Hibernate security

  • Spring security

  • Denial of service

  • Security testing

  • Principles of security and secure coding

  • Knowledge sources

participants attending this course will
  • Understand basic concepts of security, IT security and secure coding

  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them

  • Learn about XML security

  • Learn client-side vulnerabilities and secure coding practices

  • Have a practical understanding of cryptography

  • Learn to use various security features of the Java development environment

  • Learn about typical coding mistakes and how to avoid them

  • Get information about some recent vulnerabilities in the Java framework

  • Understand security concepts of Web services

  • Learn about JSON security

  • Understand some recent attacks against cryptosystems

  • Learn about Hibernate security

  • Learn about Spring security

  • Learn about denial of service attacks and protections

  • Get practical knowledge in using security testing techniques and tools

  • Get sources and further readings on secure coding practices

Vertical courses

- Duration: 5 days

- Audience: Developers, Testers, Professionals

Short description

<i>“Money makes the world go round....” </i>– remember? And yes: it is your responsibility to secure all that. As a fintech company you have to take up the challenge, and beat the bad guys with bomb-proof, secure applications!

If there is a domain where security is critical, it is definitely fintech. Vulnerability is not an option if you want to stay a trusted and reliable vendor with systems and applications that certainly comply with PCI-DSS requirements. You need devoted secure coders with high-level professional attitude and developers eager to fight all coding problems: yes, you need a skilled team of software engineers.

Want to know why? Just for the record: even though IT security best practices are widely available, 90% of security incidents stem from common vulnerabilities as a result of ignorance and malpractice. So, you better keep loaded in all possible ways with up to date knowledge about secure coding – unless you <i>wanna cry</i>!

We offer a training program exclusively targeting engineers developing applications for the banking and finance sector. Our dedicated trainers share their experience and expertise through hands-on labs, and give real-life case studies from the banking industry – engaging participants in live hacking fun to reveal all consequences of insecure coding.

Outline
  • IT security and secure coding

  • Special threats in the banking and finance sector

  • Regulations and standards

  • Web application security (OWASP Top Ten)

  • Client-side security

  • Security architecture

  • Requirements of secure communication

  • Practical cryptography

  • Crypto libraries and APIs

  • Security protocols

  • Input validation

  • Security of Web services

  • Improper use of security features

  • Object-relational mapping (ORM) security

  • Improper error and exception handling

  • Time and state problems

  • Code quality problems

  • Denial of service

  • Security testing techniques and tools

  • Deployment environment

  • Principles of security and secure coding

  • Knowledge sources

participants attending this course will
  • Understand basic concepts of security, IT security and secure coding

  • Understand security considerations in the SDLC

  • Understand special threats in the banking and finance sector

  • Understand regulations and standards

  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them

  • Learn about XML security

  • Learn client-side vulnerabilities and secure coding practices

  • Have a practical understanding of cryptography

  • Understand the requirements of secure communication

  • Understand essential security protocols

  • Understand some recent attacks against cryptosystems

  • Understand security concepts of Web services

  • Learn about JSON security

  • Learn about typical coding mistakes and how to avoid them

  • Get information about some recent vulnerabilities in the Java framework

  • Learn about denial of service attacks and protections

  • Get practical knowledge in using security testing techniques and tools

  • Learn how to set up and operate the deployment environment securely

  • Get sources and further readings on secure coding practices

- Duration: 5 days

- Audience: Developers, Testers, Professionals

Short description

The past few years have seen a massive increase in attacks, data breaches and medical identity theft targeting the healthcare industry; there have also been various ransomware attacks paralyzing healthcare computer networks as well as the various medical devices connected to them. The rise of mobile devices used in the industry needs to be addressed as well: there is a huge growth of medical software applications for mobiles and tablets that connect the patient with the organization – carrying and storing personally identifiable information (PII).

Healthcare is one of the business domains where security is absolutely crucial. Vulnerability is not an option when working with life-saving devices. There is also significant compliance pressure – if you want to stay a trusted and reliable vendor, your systems and applications need to comply with Health Information Portability and Accountability Act (HIPAA) requirements. To deal with these challenges, you need motivated secure coders with the right skills and the right attitude to fight security problems: a skilled team of software engineers as well as network administrators.

This training program exclusively targets engineers developing applications or maintaining networks for the healthcare sector. Our dedicated trainers share their experience and expertise through hands-on labs, and give real-life case studies from the healthcare industry – engaging participants in live hacking fun to reveal all consequences of insecure coding.

Outline
  • IT security and secure coding

  • Special threats in the healthcare sector

  • Regulations and standards

  • Web application security (OWASP Top Ten)

  • Client-side security

  • Security architecture

  • Requirements of secure communication

  • Practical cryptography

  • Crypto libraries and APIs

  • Security protocols

  • Input validation

  • Security of Web services

  • Improper use of security features

  • Object-relational mapping (ORM) security

  • Improper error and exception handling

  • Time and state problems

  • Code quality problems

  • Denial of service

  • Security testing techniques and tools

  • Principles of security and secure coding

  • Knowledge sources

participants attending this course will
  • Understand basic concepts of security, IT security and secure coding

  • Understand special threats in the healthcare sector

  • Understand regulations and standards

  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them

  • Learn about XML security

  • Learn client-side vulnerabilities and secure coding practices

  • Have a practical understanding of cryptography

  • Understand the requirements of secure communication

  • Understand essential security protocols

  • Understand some recent attacks against cryptosystems

  • Understand security concepts of Web services

  • Learn about JSON security

  • Learn about typical coding mistakes and how to avoid them

  • Get information about some recent vulnerabilities in the Java framework

  • Learn about denial of service attacks and protections

  • Get practical knowledge in using security testing techniques and tools

  • Get sources and further readings on secure coding practices

- Duration: 5 days

- Audience: Developers, Testers, Professionals

Short description

Telecommunication is the foundation on which critical infrastructures are built – all modern technologies heavily rely on its security. The continued adoption of IP-based telecommunication and the exposure of telecom equipment opens additional paths for attackers, with a massive increase in security incidents against telecom systems.

The security of customer premises equipment and the prevalence of Internet of Things (IoT) devices is especially critical, as these devices are directly exposed to attackers and potentially resulting in large-scale attacks against users and companies alike. IoT security is recognized by the industry as a critical area of telecommunications, as evidenced by the efforts of the GSM Alliance to produce a set of IoT security guidelines for network operators.

The threats against telecom systems run the gamut from simple-yet-effective DDoS attacks to large-scale exploitation of vulnerabilities in communication equipment. Ultimately, the best way to deal with these challenges, you need motivated secure coders with the right skills and the right attitude to fight security problems: a skilled team of software and network engineers.

This training program exclusively targets engineers developing software applications or network equipment for the healthcare sector. Our dedicated trainers share their experience and expertise through hands-on labs, and give real-life case studies from the telecom industry – engaging participants in hands-on labs to realize the harsh consequences of insecure coding.

Our dedicated trainers share their experience and expertise through hands-on labs, and give real-life case studies from the telecom industry – engaging participants in hands-on labs to realize the harsh consequences of insecure coding.

Outline
  • IT security and secure coding

  • Special threats in the telecom sector

  • Regulations and standards

  • Web application security

  • Client-side security

  • Practical cryptography

  • Network security

  • Common coding errors and vulnerabilities

  • Foundations of Java security

  • Secure communication in Java

  • Java security services

  • x86 machine code, memory layout and stack operations

  • Buffer overflow

  • Some additional native code-related vulnerabilities

  • Denial of service

  • Principles of security and secure coding

  • Knowledge sources

participants attending this course will
  • Understand basic concepts of security, IT security and secure coding

  • Understand special threats in the telecom sector

  • Understand regulations and standards

  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them

  • Learn about XML security

  • Learn client-side vulnerabilities and secure coding practices

  • Have a practical understanding of cryptography

  • Learn about network attacks and defenses at different OSI layers

  • Learn about typical coding mistakes and how to avoid them

  • Get information about some recent vulnerabilities in the Java framework

  • Learn to use various security features of the Java development environment

  • Understand security concepts of Web services

  • Realize the severe consequences of unsecure buffer handling

  • Understand the architectural protection techniques and their weaknesses

  • Learn about denial of service attacks and protections

  • Get sources and further readings on secure coding practices

Special courses

- Duration: 3 days

- Audience: Developers, Testers

Short description

After getting familiar with the vulnerabilities and the attack methods, participants learn about the general approach and the methodology for security testing, and the techniques that can be applied to reveal specific vulnerabilities. Security testing should start with information gathering about the system (ToC, i.e. Target of Evaluation), then a thorough threat modeling should reveal and rate all threats, arriving to the most appropriate risk analysis-driven test plan.

Security evaluations can happen at various steps of the SDLC, and so we discuss design review, code review, reconnaissance and information gathering about the system, testing the implementation and the testing and hardening the environment for secure deployment. Many different security testing techniques are introduced in details, like taint analysis and heuristics-based code review, static code analysis, dynamic web vulnerability testing or fuzzing. Various types of tools are introduced that can be applied in order to automate security evaluation of software products, which is also supported by a number of exercises, where we execute these tools to analyze the already discussed vulnerable code. Many real life case studies support better understanding of various vulnerabilities.

This course prepares testers and QA staff to adequately plan and precisely execute security tests, select and use the most appropriate tools and techniques to find even hidden security flaws, and thus gives essential practical skills that can be applied on the next day working day.

Outline
  • IT security and secure coding

  • Web application security

  • Client-side security

  • Security testing

  • Security testing techniques and tools

  • Source code review

  • Input validation

  • Improper use of security features

  • Testing the implementation

  • Deployment environment

  • Principles of security and secure coding

  • Knowledge sources

participants attending this course will
  • Understand basic concepts of security, IT security and secure coding

  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them

  • Learn about XML security

  • Learn client-side vulnerabilities and secure coding practices

  • Understand security testing approaches and methodologies

  • Get practical knowledge in using security testing techniques and tools

  • Learn how to set up and operate the deployment environment securely

  • Get sources and further readings on secure coding practices