Course catalog

Show filters

Filter by programming languages

C/C++
.NET
Java
PHP

Filter by platforms

Windows
Linux
Android
IOS

Filter by target audience

Developers
Managers
Testers
Professionals
or

Search in course contents

results. Reset filters

Duration
Audience

Microsoft SDL core training

CL-SDL General security

2 days
Developers, Managers

Short description

The SDL core training gives an insight into the security of software development through Microsoft’s Security Development Lifecycle (SDL). It provides a level 100 overview of SDL elements, including the STRIDE model, design, development and testing, as well as the privacy issues. By systematically going through the development steps, one can gain a comprehensive picture of various security aspects of the whole lifecycle, and a holistic view of security of software products.

Outline

  • IT security and secure coding
  • Introduction to the Microsoft® Security Development Lifecycle (SDL)
  • Secure design principles
  • Secure implementation principles
  • Secure verification principles
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Get known to the essential steps of Microsoft Secure Development Lifecycle
  • Learn secure design and development practices
  • Learn about secure implementation principles
  • Understand security testing methodology
  • Get sources and further readings on secure coding practices
Course page Hide details

Web application security with SDL

CL-SDW General security

3 days
Developers, Managers

Short description

This course gives an insight into the security of software development through Microsoft’s Security Development Lifecycle (SDL) with a focus on web application security. It starts with a level 100 overview of SDL elements, including the STRIDE model, design, development and testing, but also introduces in details web application security issues both server- and on the client-side. By systematically going through the development steps, one can gain a comprehensive picture of various security aspects of the whole lifecycle, and a holistic view of security of web applications.

Outline

  • IT security and secure coding
  • Introduction to the Microsoft® Security Development Lifecycle (SDL)
  • Secure design principles
  • Secure implementation principles
  • Client-side security
  • XML security
  • JSON security
  • Secure verification principles
  • SDL in Application Lifecycle Management with TFS
  • Principles of security and secure coding
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Get known to the essential steps of Microsoft Secure Development Lifecycle
  • Learn secure design and development practices
  • Learn about secure implementation principles
  • Learn client-side vulnerabilities and secure coding practices
  • Learn about XML security
  • Learn about JSON security
  • Understand security testing methodology
  • Get sources and further readings on secure coding practices
Course page Hide details

C/C++ secure coding

CL-CSC C/C++

2 days
Developers

Short description

The training gives an insight into the typical C/C++ security relevant programming bugs and common security vulnerabilities, like different types of buffer overflows and their exploitation, integer handling problems, the printf format string bug, unicode bug, covert channel attacks and many more. Deep comprehension of the associated risks is reinforced by committing the attacks together with the participants, experiencing real hacking fun. The specific protection measures are introduced along with the secure coding guidelines, substantially changing the way attendees will think about writing C/C++ code.

Outline

  • IT security and secure coding
  • x86 machine code, memory layout and stack operations
  • Buffer overflow
  • Common coding errors and vulnerabilities
  • Principles of security and secure coding
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Realize the severe consequences of unsecure buffer handling
  • Understand the architectural protection techniques and their weaknesses
  • Learn about typical coding mistakes and how to avoid them
  • Be informed about recent vulnerabilities in various platforms, frameworks and libraries
  • Get sources and further readings on secure coding practices
Course page Hide details

C/C++ security master course

CL-CSM C/C++

5 days
Developers

Short description

The training gives an insight into the typical C/C++ security relevant programming bugs and common security vulnerabilities, like different types of buffer overflows and their exploitation, integer handling problems, the printf format string bug, unicode bug, covert channel attacks and many more. Deep comprehension of the associated risks is reinforced by committing the attacks together with the participants, experiencing real hacking fun. The specific protection measures are introduced along with the secure coding guidelines, substantially changing the way attendees will think about writing C/C++ code.

Outline

  • IT security and secure coding
  • x86 machine code, memory layout and stack operations
  • Buffer overflow
  • Common coding errors and vulnerabilities
  • Requirements of secure communication
  • Practical cryptography
  • Security protocols
  • Denial of service
  • XML security
  • Security testing
  • Security testing techniques
  • Deployment environment
  • Principles of security and secure coding
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Realize the severe consequences of unsecure buffer handling
  • Understand the architectural protection techniques and their weaknesses
  • Learn about typical coding mistakes and how to avoid them
  • Be informed about recent vulnerabilities in various platforms, frameworks and libraries
  • Understand the requirements of secure communication
  • Have a practical understanding of cryptography
  • Understand essential security protocols
  • Understand some recent attacks against cryptosystems
  • Learn about denial of service attacks and protections
  • Learn about XML security
  • Understand security testing approaches and methodologies
  • Get practical knowledge in using security testing techniques and tools
  • Learn how to handle vulnerabilities in the used platforms, frameworks and libraries
  • Get sources and further readings on secure coding practices
Course page Hide details

Standard Java security

CL-JSC Java

2 days
Developers

Short description

The course introduces the basic security solutions provided by the Java language and the runtime environment, and also systematically goes through the most frequent and severe programming flaws of the Java language and platform, dealing with both language-specific issues and the problems stemming from the runtime environment. Gaining experience in using security components and the deep understanding of different security-relevant bugs are supported by a number of hands-on exercises through which participants can try out the discussed issues for themselves. While Java is considered to be a safe platform, the course makes it clear that there is still much to be aware of.

Outline

  • IT security and secure coding
  • Web application security
  • Practical cryptography
  • Foundations of Java security
  • Java security services
  • Common coding errors and vulnerabilities
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Have a practical understanding of cryptography
  • Learn to use various security features of the Java development environment
  • Learn about typical coding mistakes and how to avoid them
  • Get information about some recent vulnerabilities in the Java framework
  • Get sources and further readings on secure coding practices
Course page Hide details

Java and Web application security

CL-JWA Java Web

3 days
Developers

Short description

The training targets experienced Java developers who use the Java platform to develop web applications. Aligned to this, it tackles general web-related security issues – including both server- and client-side vulnerabilities – in the context of Java, as well as vulnerabilities specific to the Java language and platform itself. The course also introduces the basic security solutions provided by the Java language and the runtime environment. The use of the components is explained through numerous exercises, while the risks posed by the various vulnerabilities are demonstrated through committing attacks and then applying the relevant protection methods. Understanding security solutions of Java and the latest web- and Java-related vulnerabilities is a must for all programmers using Java to develop applications for the web.

Outline

  • IT security and secure coding
  • Web application security
  • Client-side security
  • Foundations of Java security
  • Practical cryptography
  • Java security services
  • Denial of service
  • XML security
  • Common coding errors and vulnerabilities
  • Principles of security and secure coding
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Learn client-side vulnerabilities and secure coding practices
  • Learn to use various security features of the Java development environment
  • Have a practical understanding of cryptography
  • Learn about denial of service attacks and protections
  • Learn about XML security
  • Learn about typical coding mistakes and how to avoid them
  • Get information about some recent vulnerabilities in the Java framework
  • Get sources and further readings on secure coding practices
Course page Hide details

Java and JEE security

CL-JAD Java Web

3 days
Developers

Short description

The training is tailored to the needs of experienced Java developers who work on IP and web technology based development. It gives a broad overview of the security solutions provided by Java including the different security-related services of the Java Enterprise Edition, as well as the security solutions in connection with web services. On the other hand it also provides a comprehensive introduction to Java and web-specific security vulnerabilities by demonstrating attack techniques and introducing applicable protection methods. Numerous hands-on exercises give first-hand experience on selected topics, making this course a perfect fit for those experienced Java programmers who want to gain deeper security expertise.

Outline

  • IT security and secure coding
  • Web application security
  • Security of Web services
  • XML security
  • Foundations of Java security
  • Practical cryptography
  • Java security services
  • Java EE security
  • Denial of service
  • Common coding errors and vulnerabilities
  • Security testing techniques
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Understand security concepts of Web services
  • Learn about XML security
  • Learn to use various security features of the Java development environment
  • Have a practical understanding of cryptography
  • Understand security solutions of Java EE
  • Learn about denial of service attacks and protections
  • Learn about typical coding mistakes and how to avoid them
  • Get information about some recent vulnerabilities in the Java framework
  • Get practical knowledge in using security testing techniques and tools
  • Get sources and further readings on secure coding practices
Course page Hide details

Java, JEE and Web application security

CL-JWE Java Web

4 days
Developers

Short description

The training targets experienced Java developers who use the Java platform and JEE to develop web applications. Aligned to this, it tackles general web-related security issues – including both server- and client-side vulnerabilities – in the context of Java, as well as vulnerabilities specific to the Java language and platform itself. The course also introduces the basic security solutions provided by the Java language and the runtime environment, including the different security-related services of the Java Enterprise Edition. The use of the components is explained through numerous exercises, while the risks posed by the various vulnerabilities are demonstrated through committing attacks and then applying the relevant protection methods. Understanding security solutions of Java, JEE and the latest web- and Java-related vulnerabilities is a must for all programmers using Java to develop applications for the web.

Outline

  • IT security and secure coding
  • Web application security
  • Client-side security
  • Foundations of Java security
  • Practical cryptography
  • Java security services
  • Security of Web services
  • XML security
  • JSON security
  • Java EE security
  • Spring security
  • Denial of service
  • Common coding errors and vulnerabilities
  • Security testing techniques
  • Principles of security and secure coding
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Learn client-side vulnerabilities and secure coding practices
  • Learn to use various security features of the Java development environment
  • Have a practical understanding of cryptography
  • Understand security concepts of Web services
  • Learn about XML security
  • Learn about JSON security
  • Understand security solutions of Java EE
  • Learn about Spring security
  • Learn about denial of service attacks and protections
  • Learn about typical coding mistakes and how to avoid them
  • Get information about some recent vulnerabilities in the Java framework
  • Get practical knowledge in using security testing techniques and tools
  • Get sources and further readings on secure coding practices
Course page Hide details

Java security master course

CL-JSM Java Web

5 days
Developers, Testers

Short description

The training targets experienced Java developers who use the Java platform and Java-related technologies to develop web or desktop applications. Aligned to this, it tackles general web-related security issues – including both server- and client-side vulnerabilities – in the context of Java, as well as vulnerabilities specific to the Java language and platform itself. The course also introduces the basic security solutions provided by the Java language and the runtime environment, including the different security-related services of the Java Enterprise Edition, Spring, Hibernate and many others. The use of the components is explained through numerous exercises, while the risks posed by the various vulnerabilities are demonstrated through committing attacks and then applying the relevant protection methods. Understanding security solutions of Java, JEE, Spring and the latest web- and Java-related vulnerabilities is a must for all programmers using Java to develop applications for the web.

Outline

  • IT security and secure coding
  • Web application security
  • Hibernate security
  • Client-side security
  • Foundations of Java security
  • Practical cryptography
  • Java security services
  • Input validation
  • Security of Web services
  • XML security
  • JSON security
  • Vaadin security
  • JSF and PrimeFaces security
  • Improper use of security features
  • Denial of service
  • Java EE security
  • Spring security
  • Improper error and exception handling
  • Time and state problems
  • Code quality problems
  • Security testing techniques
  • Deployment environment
  • Principles of security and secure coding
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Learn about Hibernate security
  • Learn client-side vulnerabilities and secure coding practices
  • Learn to use various security features of the Java development environment
  • Have a practical understanding of cryptography
  • Learn about typical coding mistakes and vulnerabilities of various technologies
  • Understand security concepts of Web services
  • Learn about XML security
  • Learn about JSON security
  • Learn about Vaadin security
  • Learn about JSF and PrimeFaces security
  • Learn about typical coding mistakes and how to avoid them
  • Get information about some recent vulnerabilities in the Java framework
  • Learn about denial of service attacks and protections
  • Understand security solutions of Java EE
  • Learn about Spring security
  • Get practical knowledge in using security testing techniques and tools
  • Learn how to handle vulnerabilities in the used platforms, frameworks and libraries
  • Get sources and further readings on secure coding practices
Course page Hide details

Secure coding in C#

CL-NSC C#/.NET/ASP.NET

2 days
Developers

Short description

.NET and ASP.NET provide a plethora of different solutions and tools to support security development. The course gives a comprehensive overview of these techniques, and presents the most frequent security vulnerabilities stemming from both language-specific issues and the runtime environment. Web-related vulnerabilities as well as some common coding mistakes in .NET are introduced through a number of practical exercises. By understanding the operation of the security components, executing attacks and applying protection methods one can gain a complete picture of managed code security.

Outline

  • IT security and secure coding
  • Web application security
  • .NET security architecture and services
  • Using transparency attributes
  • Allow partially trusted callers
  • Exercise – using transparency attributes
  • Role-based security
  • Common coding errors and vulnerabilities
  • Principles of security and secure coding
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Learn to use various security features of the .NET development environment
  • Learn about typical coding mistakes and how to avoid them
  • Get sources and further readings on secure coding practices
Course page Hide details

Secure desktop application development in C#

CL-ANS C#/.NET/ASP.NET

3 days
Developers

Short description

.NET and ASP.NET provide a plethora of different solutions and tools to support security development. The course gives a comprehensive overview of these techniques by focusing on both language-specific issues and the desktop runtime environment. Common coding mistakes in .NET and ASP.NET are introduced through a number of practical exercises. By understanding the operation of the security components, executing attacks and applying protection methods one can gain a complete picture of managed code security.

Outline

  • IT security and secure coding
  • Common coding errors and vulnerabilities
  • .NET security architecture and services
  • Practical cryptography
  • Desktop application security
  • Security of Web services
  • XML security
  • JSON security
  • Data access security in .NET
  • Windows Communication Foundation security
  • Security testing
  • Deployment environment
  • Principles of security and secure coding
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Learn about typical coding mistakes and how to avoid them
  • Learn to use various security features of the .NET development environment
  • Have a practical understanding of cryptography
  • Understand security concepts of Web services
  • Learn about XML security
  • Learn about JSON security
  • Get practical knowledge in using security testing techniques and tools
  • Learn how to handle vulnerabilities in the used platforms, frameworks and libraries
  • Get sources and further readings on secure coding practices
Course page Hide details

C# and Web application security

CL-NWA C#/.NET/ASP.NET Web

3 days
Developers

Short description

.NET and ASP.NET provide a plethora of different solutions and tools to support security development. The course gives a comprehensive overview of these techniques focusing on the web application security – both on the server- and on the client-side –, and presents the most frequent security vulnerabilities stemming from both language-specific issues and the runtime environment. Web-related vulnerabilities as well as some common coding mistakes in .NET and ASP.NET are introduced through a number of practical exercises. By understanding the operation of the security components, executing attacks and applying protection methods one can gain a complete picture of security of web applications implemented in managed code.

Outline

  • IT security and secure coding
  • Web application security
  • Client-side security
  • .NET security architecture and services
  • Practical cryptography
  • ASP.NET security architecture
  • Common coding errors and vulnerabilities
  • Denial of service
  • Principles of security and secure coding
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Learn client-side vulnerabilities and secure coding practices
  • Learn to use various security features of the .NET development environment
  • Have a practical understanding of cryptography
  • Learn about typical coding mistakes and how to avoid them
  • Learn about denial of service attacks and protections
  • Get sources and further readings on secure coding practices
Course page Hide details

C# and Web application security master course

CL-NSM C#/.NET/ASP.NET Web

5 days
Developers, Testers

Short description

.NET and related technologies provide an environment and a number of different solutions and tools to support security development. The course gives a comprehensive overview of these techniques, starting off from Web application security – both on the server- and on the client-side –, and presents the most frequent security vulnerabilities stemming from both language-specific issues and the runtime environment. The Web-related vulnerabilities as well as some common coding mistakes in C# are introduced through a number of practical exercises. By understanding the operation of the security components, executing attacks and applying protection methods one can gain a complete picture of security of web applications implemented in managed code.

Outline

  • IT security and secure coding
  • Web application security
  • Client-side security
  • Requirements of secure communication
  • Practical cryptography
  • Denial of service
  • .NET security architecture and services
  • Desktop application security
  • Data access security in .NET
  • Security of Web services
  • XML security
  • JSON security
  • Security protocols
  • ASP.NET security architecture
  • Common coding errors and vulnerabilities
  • Security testing
  • Security testing techniques
  • Deployment environment
  • Principles of security and secure coding
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Learn client-side vulnerabilities and secure coding practices
  • Understand the requirements of secure communication
  • Learn to use various security features of the .NET development environment
  • Have a practical understanding of cryptography
  • Learn about denial of service attacks and protections
  • Understand security concepts of Web services
  • Learn about XML security
  • Learn about JSON security
  • Understand essential security protocols
  • Understand some recent attacks against cryptosystems
  • Get information about some recent vulnerabilities in .NET and ASP.NET
  • Learn about typical coding mistakes and how to avoid them
  • Understand security testing approaches and methodologies
  • Get practical knowledge in using security testing techniques and tools
  • Learn how to handle vulnerabilities in the used platforms, frameworks and libraries
  • Get sources and further readings on secure coding practices
Course page Hide details

Node.js and Web application security

CL-NJS Specific topic Web

3 days
Developers

Short description

Web applications are continuously exposed to attacks due to being open and accessible via the Internet. Developers must therefore be extremely cautious in how to use different technologies, and should have a deep understanding in secure coding techniques applied. In the context of Node.js, this course deals with the security of some relevant technologies, and presents the security vulnerabilities of web applications based on the OWASP Top Ten list. An essential secure coding course for all programmers developing applications that are exposed to the threats of the web.

Outline

  • IT security and secure coding
  • Web application security
  • Client-side security
  • Node.js security
  • Practical cryptography
  • Security protocols
  • Denial of service
  • Security of Web services
  • JSON security
  • Other typical programming mistakes
  • Security testing techniques
  • Deployment environment
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Learn client-side vulnerabilities and secure coding practices
  • Learn about Node.js security
  • Learn about MongoDB security
  • Have a practical understanding of cryptography
  • Understand essential security protocols
  • Learn about denial of service attacks and protections
  • Understand security concepts of Web services
  • Learn about JSON security
  • Get practical knowledge in using security testing techniques and tools
  • Learn how to handle vulnerabilities in the used platforms, frameworks and libraries
  • Get sources and further readings on secure coding practices
Course page Hide details

Web application security

CL-WSC Web

2 days
Developers

Short description

Web applications are continuously exposed to attacks due to being open and accessible via the Internet. Developers must therefore be extremely cautious in how to use different technologies, and should have a deep understanding in secure coding techniques applied. The course introduces web-based security technologies like web services, and presents the security vulnerabilities of web applications based on the OWASP Top Ten list. So this is an essential secure coding course for all programmers developing applications that are exposed to the threats of the web.

Outline

  • IT security and secure coding
  • Web application security
  • Client-side security
  • Practical cryptography
  • Security protocols
  • Security of Web services
  • XML security
  • Security testing techniques
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Learn client-side vulnerabilities and secure coding practices
  • Have a practical understanding of cryptography
  • Understand essential security protocols
  • Understand security concepts of Web services
  • Learn about XML security
  • Get practical knowledge in using security testing techniques and tools
  • Get sources and further readings on secure coding practices
Course page Hide details

Web application security testing

CL-WTS Web

2 days
Developers, Testers

Short description

The course first gives an overview of the most important web-related security problems, attacks, recommended coding techniques and mitigation methods. After getting familiar with the vulnerabilities and the attack methods, participants learn about the general approach and the methodology for security testing, and the techniques that can be applied to reveal specific vulnerabilities. They also learn to use various tools that can be applied in order to automate security evaluation of software products, which is also supported by a number of exercises, where we execute various tools to analyze the already discussed vulnerable codes. This training is a must-attend for testers of security-sensitive web applications.

Outline

  • IT security and secure coding
  • Web application security
  • Client-side security
  • Security testing
  • Security testing techniques
  • Deployment environment
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Learn client-side vulnerabilities and secure coding practices
  • Understand security testing approaches and methodologies
  • Get practical knowledge in using security testing techniques and tools
  • Learn how to handle vulnerabilities in the used platforms, frameworks and libraries
  • Get sources and further readings on secure coding practices
Course page Hide details

Security testing

CL-STS Web C/C++

2 days
Developers, Testers

Short description

Testing plays a very important role in ensuring security and robustness of applications. Various approaches – from high level auditing through penetration testing to ethical hacking – can be applied to find vulnerabilities of different types. Remember: security testers should ideally find all bugs to protect a system, while for adversaries it is enough to find one single exploitable vulnerability to reach their goals. Therefore, if you want to go beyond the easy-to-find low-hanging fruits, security testing should be well planned, properly executed, and thus needs a strong security expertise. This is why this course is a must-attend for all testers of security-sensitive applications.

Outline

  • IT security and secure coding
  • Web application security
  • Client-side security
  • Security testing
  • Security testing techniques and tools
  • Finding common coding errors
  • Testing the implementation
  • Deployment environment
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Learn client-side vulnerabilities and secure coding practices
  • Understand security testing approaches and methodologies
  • Get practical knowledge in using security testing techniques and tools
  • Learn how to handle vulnerabilities in the used platforms, frameworks and libraries
  • Get sources and further readings on secure coding practices
Course page Hide details

Secure Web application development and testing for DevOps

CL-WDT Web

3 days
Developers, Testers

Short description

Web applications are continuously exposed to attacks due to being open and accessible via the Internet. Developers must therefore be extremely cautious in how to use different technologies, and should have a deep understanding in secure coding techniques applied, while testers should be able to look for these security problems. The course introduces web-based security technologies, and presents the security vulnerabilities of web applications based on the OWASP Top Ten list. Participants also learn about the general approach and the methodology for security testing, and the techniques that can be applied to reveal specific vulnerabilities, as well as how to use various tools that can be applied in order to automate security evaluation of software products. The course gives comprehensive insights into software security to both web application developers and testers.

Outline

  • IT security and secure coding
  • Web application security
  • Client-side security
  • Practical cryptography
  • Security protocols
  • XML security
  • JSON security
  • Denial of service
  • Security testing
  • Security testing techniques
  • Deployment environment
  • Principles of security and secure coding
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Learn client-side vulnerabilities and secure coding practices
  • Have a practical understanding of cryptography
  • Understand essential security protocols
  • Learn about XML security
  • Learn about JSON security
  • Learn about denial of service attacks and protections
  • Understand security testing approaches and methodologies
  • Get practical knowledge in using security testing techniques and tools
  • Learn how to handle vulnerabilities in the used platforms, frameworks and libraries
  • Get sources and further readings on secure coding practices
Course page Hide details

Secure coding in PHP

CL-PSC PHP Web

3 days
Developers

Short description

Targeting developers of web-based applications using PHP in their everyday work, this course provides essential skills necessary to resist attacks on the web. Participants will not only learn about the various vulnerabilities relevant to PHP and the web, but will be also introduced to security features of PHP complemented with the security of client-side technologies, and can learn about the extension, configuration and hardening of the standard LAMP (Linux-Apache-MySQL-PHP) environment. Web vulnerabilities are presented through PHP-based examples, while input validation vulnerabilities, improper use of security features and time- and state-related problems are all discussed in the context of PHP. Essential for all PHP programmers delivering web applications highly exposed to web-based attacks.

Outline

  • IT security and secure coding
  • Web application security
  • Web application vulnerabilities
  • Client-side security
  • Practical cryptography
  • PHP security services
  • PHP Environment
  • Principles of security and secure coding
  • Common coding errors and vulnerabilities
  • Privacy violation
  • Security testing techniques
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Learn client-side vulnerabilities and secure coding practices
  • Have a practical understanding of cryptography
  • Learn to use various security features of PHP
  • Learn about typical coding mistakes and how to avoid them
  • Be informed about recent vulnerabilities of the PHP framework
  • Get practical knowledge in using security testing techniques and tools
  • Get sources and further readings on secure coding practices
Course page Hide details

Combined Java, C# and Web application security

CL-JNW Java C#/.NET/ASP.NET Web

3 days
Developers

Short description

Both Java and .NET provide a plethora of different solutions and tools to support secure development, and at the same time carry a number of risks when being used for web application development. Aligned to this, the training targets experienced developers who use both platforms, and starts with the general, platform-independent web-related security issues. The course then introduces the security solutions provided by the Java and C# languages and the associated runtime environments, all explained through numerous exercises. Most importantly, the course gives a comprehensive overview of the most frequent security vulnerabilities committed by developers, as well as the problems stemming from both language-specific issues and the runtime environments. All problems are demonstrated through committing attacks and then applying the relevant protection methods. Understanding security solutions of Java and .NET, as well as the various vulnerabilities is a must for all programmers using these technologies to develop web applications.

Outline

  • IT security and secure coding
  • Web application security
  • Practical cryptography
  • Foundations of Java security
  • Java security services
  • .NET security architecture and services
  • ASP.NET security architecture
  • Common coding errors and vulnerabilities
  • Principles of security and secure coding
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Have a practical understanding of cryptography
  • Learn to use various security features of the Java development environment
  • Learn to use various security features of the .NET development environment
  • Get information about some recent vulnerabilities in .NET and ASP.NET
  • Learn about typical coding mistakes and how to avoid them
  • Get information about some recent vulnerabilities in the Java framework
  • Get sources and further readings on secure coding practices
Course page Hide details

Combined C/C++, Java and Web application security

CL-CJW C/C++ Java Web

4 days
Developers

Short description

The training gives a comprehensive overview of the typical security relevant problems of the most commonly used software technologies, including C/C++, Java and web-based applications. Different flaws and the associated attack techniques are presented, while the focus is on the preventive measures against potential vulnerabilities during software development. This combined subject serves in the best way heterogeneous development groups that are using various platforms simultaneously during their everyday work.

Outline

  • IT security and secure coding
  • Web application security
  • Client-side security
  • Foundations of Java security
  • Practical cryptography
  • Java security services
  • Denial of service
  • x86 machine code, memory layout and stack operations
  • Buffer overflow
  • Some additional native code-related vulnerabilities
  • Common coding errors and vulnerabilities
  • Principles of security and secure coding
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Learn client-side vulnerabilities and secure coding practices
  • Learn to use various security features of the Java development environment
  • Have a practical understanding of cryptography
  • Learn about denial of service attacks and protections
  • Realize the severe consequences of unsecure buffer handling in native code
  • Understand the architectural protection techniques and their weaknesses
  • Learn about typical coding mistakes and how to avoid them
  • Be informed about recent vulnerabilities in various platforms, frameworks and libraries
  • Get information about some recent vulnerabilities in the Java framework
  • Get sources and further readings on secure coding practices
Course page Hide details

Combined C#, C/C++ and Web application security

CL-CNA C/C++ C#/.NET/ASP.NET Web

4 days
Developers

Short description

Supporting development teams that use managed and native code in parallel for their developments, this course gives an insight into both C/C++ relevant common security vulnerabilities and to the various security problems of .NET and ASP.NET environments. It overviews the various security solutions and tools for this platform as well as for web-based development in general. The proper use of the security services, along with the deep comprehension of the dangers stemming from vulnerabilities are presented through a number of hands-on exercises. This course is designed to fit the needs of groups developing complex products for web, but with the extent use of native code for special tasks.

Outline

  • IT security and secure coding
  • Web application security
  • Client-side security
  • .NET security architecture and services
  • Practical cryptography
  • Denial of service
  • x86 machine code, memory layout and stack operations
  • Buffer overflow
  • Some additional native code-related vulnerabilities
  • Common coding errors and vulnerabilities
  • Security testing techniques
  • Principles of security and secure coding
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Learn client-side vulnerabilities and secure coding practices
  • Learn to use various security features of the .NET development environment
  • Have a practical understanding of cryptography
  • Learn about denial of service attacks and protections
  • Realize the severe consequences of unsecure buffer handling in native code
  • Understand the architectural protection techniques and their weaknesses
  • Learn about typical coding mistakes and how to avoid them
  • Get practical knowledge in using security testing techniques and tools
  • Get sources and further readings on secure coding practices
Course page Hide details

Combined Java, PHP and Web application security

CL-JPW Java PHP Web

4 days
Developers

Short description

Targeting developers of web-based applications using both Java and PHP in their everyday work, this course provides essential skills necessary to resist attacks on the web. Participants will not only learn about the various vulnerabilities relevant to PHP, Java and the web, but will be also introduced to security architecture of Java and the security features of PHP, the security of various client-side technologies, and can learn about the extension, configuration and hardening of the standard LAMP (Linux-Apache-MySQL-PHP) environment. Web vulnerabilities are presented aligned to the OWASP Top Ten, while various language and platform specific vulnerabilities of Java and PHP are categorized following the Fortify categories. An essential course for all programmers developing web applications highly exposed to web-based attacks, who use both Java and PHP in their everyday work.

Outline

  • IT security and secure coding
  • Web application security
  • Web application vulnerabilities
  • Client-side security
  • Foundations of Java security
  • Practical cryptography
  • Java security services
  • Security of Web services
  • XML security
  • JSON security
  • PHP security services
  • PHP Environment
  • Denial of service
  • Security testing techniques
  • Common coding errors and vulnerabilities
  • Principles of security and secure coding
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Learn client-side vulnerabilities and secure coding practices
  • Learn to use various security features of the Java development environment
  • Have a practical understanding of cryptography
  • Understand security concepts of Web services
  • Learn about XML security
  • Learn about JSON security
  • Learn to use various security features of PHP
  • Learn about denial of service attacks and protections
  • Get practical knowledge in using security testing techniques and tools
  • Learn about typical coding mistakes and how to avoid them
  • Be informed about recent vulnerabilities in Java and PHP frameworks and libraries
  • Get information about some recent vulnerabilities in the Java framework
  • Get sources and further readings on secure coding practices
Course page Hide details

Advanced software security - beyond ethical hacking

CL-BEH C/C++ Java PHP Web C#/.NET/ASP.NET

5 days
Developers

Short description

The training targets experienced developers who use various development platforms and environments to develop applications (both desktop and web). Aligned to this, it tackles web-related security issues – including both server- and client-side vulnerabilities –, general security issues of various technologies – including Java, .NET, web services and XML – as well as the consequences of typical coding mistakes in different environments, platforms and programming languages. Even though the starting point is ethical hacking, the main goal of demonstrating the techniques used on the dark side is the protect against them and thus mitigate the risks. This course is the best selection of our “negative security” subjects: lots of live-hacking fun, with a single purpose to learn how to avoid the exploitable security-relevant programming bugs and flaws.

Outline

  • IT security and secure coding
  • Web application security
  • Client-side security
  • Security of Web services
  • XML security
  • Denial of service
  • Practical cryptography
  • x86 machine code, memory layout and stack operations
  • Buffer overflow and its exploitation
  • Exploitation of typical coding mistakes
  • Time and state problems
  • Code quality problems
  • Security testing techniques
  • Deployment environment
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Learn client-side vulnerabilities and secure coding practices
  • Understand security concepts of Web services
  • Learn about XML security
  • Learn about denial of service attacks and protections
  • Have a practical understanding of cryptography
  • Realize the severe consequences of unsecure buffer handling
  • Understand the architectural protection techniques and their weaknesses
  • Learn about typical coding mistakes and how to exploit them
  • Be informed about recent vulnerabilities in various platforms, frameworks and libraries
  • Get practical knowledge in using security testing techniques and tools
  • Learn how to handle vulnerabilities in the used platforms, frameworks and libraries
  • Get sources and further readings on secure coding practices
Course page Hide details

Crypto chip-set security

CL-CHS Specific topic

2 days
Professionals

Short description

Secure systems operating in hostile environment usually rely on crypto chip-sets, whose security is essential as they are not only logically, but also physically exposed to attacks. This course deals with the security chipset design as well as with various implementation issues, presenting IC-level attack possibilities and the relevant prevention and protection techniques. The subject also tackles security relevant low-level programming bugs, firmware vulnerabilities and their mitigation. A special course for professionals working in the field of secure hardware development.

Outline

  • IT security and secure coding
  • Requirements of secure communication
  • Practical cryptography
  • Security protocols
  • Simple physical attacks and protections
  • Passive physical attacks
  • Active attacks
  • Active physical attacks
  • Passive and active combined attacks
  • Special security functions – Requirements and solutions

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Understand the requirements of secure communication
  • Have a practical understanding of cryptography
  • Understand essential security protocols
Course page Hide details

Practical cryptography for software engineers

CL-PCR Specific topic

3 days
Developers, Professionals

Short description

Proper understanding of how to use the building blocks of secure communication and cryptography is essential when designing and developing networked systems – especially when such systems are exposed to an untrusted network such as the Internet. This course discusses cryptography without going deeply into the mathematical and theoretical background; it however gives software engineers an overview of the various solutions, focusing on what these should be used for, and what not. The course also gives an overview of the most critical implementation-level attacks against crypto implementations, and the mitigation of these risks.

This course is intended for all software architects and engineers who design and implement applications that rely on cryptography.

Outline

  • IT security and secure coding
  • Requirements of secure communication
  • Practical cryptography
  • Security protocols
  • Cryptographic vulnerabilities
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Understand the requirements of secure communication
  • Have a practical understanding of cryptography
  • Understand essential security protocols
  • Understand some recent attacks against cryptosystems
  • Get information about some recent implementation problems
  • Get sources and further readings on secure coding practices
Course page Hide details

Voice over IP security

CL-VIP Specific topic

2 days
Professionals

Short description

Voice over IP systems are not only vulnerable to the same threats as data networks, but also to numerous, mainly availability-related dangers specific to telecommunication services. Consequently professionals in this field should be fully aware of the various security issues and the security features of the underlying technologies. VoIP security is introduced from the bottom raw protocol level, dealing with the various attack methods that are used against the most popular VoIP protocols up to application level abuses. The course provides essential coding and mitigation skills for engineers working with VoIP technologies.

Outline

Participants attending this course will

Course page Hide details

Android security

CL-AND Mobile

2 days
Professionals

Short description

Android is an open platform for mobile devices such as handsets and tablets, with a unique security model. In addition to various platform security features, it also has several limitations that developers need to be aware of. The course covers all Android security technologies and services as well as instructing developers on how to avoid the most common pitfalls and vulnerabilities in Android applications, not only tackling Java security issues, but also some essential secure coding issues in native code.

The course provides essential knowledge for Android app developers about the Android security architecture as well as typical weaknesses and protection mechanisms.

Outline

  • IT security and secure coding
  • Android security overview
  • Application security
  • Android and Java vulnerabilities
  • Android native code security
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Learn the security solutions on Android
  • Learn to use various security features of the Android platform
  • Get information about some recent vulnerabilities in Java on Android
  • Learn about typical coding mistakes and how to avoid them
  • Get understanding on native code vulnerabilities on Android
  • Realize the severe consequences of unsecure buffer handling in native code
  • Understand the architectural protection techniques and their weaknesses
  • Get sources and further readings on secure coding practices
Course page Hide details

Android Java and native code security

CL-AAN Mobile

3 days
Professionals

Short description

Android is an open platform for mobile devices such as handsets and tablets, with a unique security model. In addition to various platform security features, it also has several limitations that developers need to be aware of. The course covers all Android security technologies and services as well as a comprehensive study on the most common pitfalls and vulnerabilities in Android applications, including Java and native code security, and practical cryptography.

The course is recommended to those developers who extensively use both Java and native code to develop complex Android applications.

Outline

  • IT security and secure coding
  • Android security overview
  • Application security
  • Practical cryptography
  • Android native code security
  • Principles of security and secure coding
  • Android and Java vulnerabilities
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Learn the security solutions on Android
  • Learn to use various security features of the Android platform
  • Have a practical understanding of cryptography
  • Get understanding on native code vulnerabilities on Android
  • Realize the severe consequences of unsecure buffer handling in native code
  • Understand the architectural protection techniques and their weaknesses
  • Get information about some recent vulnerabilities in Java on Android
  • Learn about typical coding mistakes and how to avoid them
  • Get sources and further readings on secure coding practices
Course page Hide details

iOS security

CL-IOS Mobile

2 days
Professionals

Short description

The iOS platform – distributed exclusively for Apple hardware – was designed with security in mind from the ground up. This course introduces developers to the iOS security model, while also discussing common vulnerabilities and attacks targeting iOS applications.

The course provides essential knowledge for iOS app developer about the iOS security architecture as well as typical weaknesses and protection mechanisms.

Outline

  • IT security and secure coding
  • iOS security overview
  • Application security
  • Buffer overflow protection on iOS
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Learn the security solutions on iPhone
  • Learn to use various security features of iOS
  • Get information about some recent vulnerabilities of iOS
  • Learn about typical coding mistakes and how to avoid them
  • Get practical knowledge in using security testing tools for iOS
  • Get sources and further readings on secure coding practices
Course page Hide details

Windows Phone security

CL-WPS Mobile

2 days
Professionals

Short description

Windows Phone 7 is Microsoft’s new platform for mobile devices. The course gives a comprehensive overview of the platform’s security features and their limitations. Each component of the Windows Phone 7 architecture is examined from a security standpoint, along with best practices on how to utilize the security features when developing software for the platform. The course explains the strengths and weaknesses of WP7’s security architecture along with typical mistakes to avoid when developing software for the platform.

Outline

Participants attending this course will

Course page Hide details

Application security in the cloud

CL-CLS Specific topic

3 days
Developers, Managers, Professionals

Short description

Migrating to the cloud introduces immense benefits for companies and individuals in terms of efficiency and costs. With respect to security, the effects are quite diverse, but it is a common perception that using cloud services impacts security in a positive manner. This course deals with the various security aspects of cloud computing, starting off from discussing cloud-specific threats and risks, followed by legal and contractual basics, as well as how a cloud application should be audited and evaluated from a security perspective. Core cloud security is discussed in multiple areas: from securing the infrastructure – issues like hardening, configuration, authentication, authorization and identity management – to application security issues as the culmination of the course.

The course gives application developers essential knowledge with respect to application security challenges and solutions when developing in a cloud environment.

Outline

  • IT security and secure coding
  • Threats and risks in the clouds
  • Cloud security solutions
  • Denial of service
  • Security of Web services
  • XML security
  • Practical cryptography
  • Security protocols
  • Web application security
  • Input validation
  • Data security in the cloud
  • MongoDB security
  • Security audit in the cloud
  • Securing the cloud environment
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Understand major threats and risks in the cloud domain
  • Learn about elementary cloud security solutions
  • Learn about denial of service attacks and protections
  • Understand security concepts of Web services
  • Learn about XML security
  • Have a practical understanding of cryptography
  • Understand essential security protocols
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Learn typical input validation mistakes
  • Understand data security challenges in the cloud
  • Learn about NoSQL security
  • Learn about MongoDB security
  • Understand the challenges of auditing and evaluating cloud systems for security
  • Learn how to secure the cloud environment and infrastructure
  • Get sources and further readings on secure coding practices
Course page Hide details

Network security

CL-NWS Web

2 days
Developers, Professionals

Short description

Since all applications today heavily rely on communication and networks, there is no application security without network security. This course focuses on the two most critical areas in that domain from a developer's point of view: network communication and practical cryptography. In addition to covering network-level threats and countermeasures from the Data Link to the Application layer, it also presents practical answers on how to use various cryptographic primitives and security protocols properly. Finally, it gives an overview of the most critical implementation-level attacks against crypto implementations.

The course is recommended for developers of networked applications – giving them the knowledge to implement secure network software and helping them use crypto appropriately.

Outline

  • IT security and secure coding
  • Network security
  • Practical cryptography
  • Security protocols
  • Cryptographic vulnerabilities
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Learn about network attacks and defenses at different OSI layers
  • Have a practical understanding of cryptography
  • Understand essential security protocols
  • Understand some recent attacks against cryptosystems
  • Get information about some recent related vulnerabilities
  • Get sources and further readings on secure coding practices
Course page Hide details

Network security and secure communication

CL-ANW Web

3 days
Developers, Professionals

Short description

Since all applications today heavily rely on communication and networks, there is no application security without network security. This course gives a strong foundation on design principles as well as practical answers on how to use various cryptographic primitives and security protocols properly, while also focusing on the two most critical areas in that domain from a developer's point of view: network communication and practical cryptography. It covers network-level threats and countermeasures from the Data Link to the Application layer, and gives an overview of the most critical implementation-level attacks against crypto implementations as well as the security issues related to XML.

The course is recommended for developers of interoperating networked applications – giving them the essential knowledge to design and implement secure network software.

Outline

  • IT security and secure coding
  • Requirements of secure communication
  • Network security
  • Practical cryptography
  • Security protocols
  • Cryptographic vulnerabilities
  • Security of Web services
  • XML security
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Understand the requirements of secure communication
  • Learn about network attacks and defenses at different OSI layers
  • Have a practical understanding of cryptography
  • Understand essential security protocols
  • Understand some recent attacks against cryptosystems
  • Get information about some recent related vulnerabilities
  • Understand security concepts of Web services
  • Learn about XML security
  • Get sources and further readings on secure coding practices
Course page Hide details

Overview on secure coding

CL-OSC General security

2 days
Managers

Short description

The course introduces some common security concepts, gives an overview about the nature of the vulnerabilities regardless of the used programming languages and platforms, and explains how to handle the risks that apply regarding software security in the various phases of the software development lifecycle. Without going deeply into technical details, it highlights some of the most interesting and most aching vulnerabilities in various software development technologies, and presents the challenges of security testing, along with some techniques and tools that one can apply to find any existing problems in their code. A training that primarily targets managers and engineers getting involved in secure coding issues, giving them an overview on software security problems through a number of demonstrations.

Outline

  • Agenda
  • IT security and secure coding
  • Security challenges of various platforms – highlights –
  • C/C++ (native code) secure coding
  • Web application security
  • Java platform security
  • Challenges of security testing
  • Secure Coding Academy

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Understand Web vulnerabilities both on server and client side
  • Realize the severe consequences of unsecure buffer handling
  • Be informated about some recent vulnerabilities in development environments and frameworks
  • Learn about typical coding mistakes and how to avoid them
  • Understand security testing approaches and methodologies
Course page Hide details

Management overview on Microsoft SDL

CL-SDM General security

half day
Managers

Short description

The course provides a brief management level overview on Microsoft Security Development Lifecycle (SDL) by introducing essential concepts, tackling secure design and the nature of the most common vulnerabilities. Selected secure coding topics of various platforms show the importance of proper design and implementation. Test methodologies and most important concepts regarding privacy are also addressed. This course is perfect for managers who want to gain a high-level overview on Microsoft SDL in order to manage software development projects with security in mind.

Outline

Participants attending this course will

Course page Hide details