Course catalog

Show filters

Filter by programming languages

C/C++
.NET
Java
Python

Filter by category

Standard
Comprehensive
Master
Vertical

Filter by target audience

Developers
Testers
Professionals
Managers
or

Search in course contents

results. Reset filters

Duration
Audience

Standard courses

Duration
Audience

C and C++ secure coding (x86)

CL-CPI C/C++

3 days
Developers

Short description

Outline

  • IT security and secure coding
  • x86 machine code, memory layout and stack operations
  • Buffer overflow
  • Practical cryptography
  • XML security
  • Common coding errors and vulnerabilities
  • Principles of security and secure coding
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Realize the severe consequences of unsecure buffer handling
  • Understand the architectural protection techniques and their weaknesses
  • Have a practical understanding of cryptography
  • Learn about XML security
  • Learn about typical coding mistakes and how to avoid them
  • Be informed about recent vulnerabilities in various platforms, frameworks and libraries
  • Get sources and further readings on secure coding practices
Course page Hide details

C and C++ secure coding (ARM)

CL-CPA C/C++

3 days
Developers

Short description

Outline

  • IT security and secure coding
  • ARM machine code, memory layout and stack operations
  • Buffer overflow
  • Practical cryptography
  • XML security
  • Common coding errors and vulnerabilities
  • Denial of service
  • Principles of security and secure coding
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Realize the severe consequences of unsecure buffer handling
  • Understand the architectural protection techniques and their weaknesses
  • Have a practical understanding of cryptography
  • Learn about XML security
  • Learn about typical coding mistakes and how to avoid them
  • Be informed about recent vulnerabilities in various platforms, frameworks and libraries
  • Learn about denial of service attacks and protections
  • Get sources and further readings on secure coding practices
Course page Hide details

Secure desktop application development in C#

CL-ANS C#/.NET/ASP.NET

3 days
Developers

Short description

.NET and ASP.NET provide a plethora of different solutions and tools to support security development. The course gives a comprehensive overview of these techniques by focusing on both language-specific issues and the desktop runtime environment. Common coding mistakes in .NET and ASP.NET are introduced through a number of practical exercises. By understanding the operation of the security components, executing attacks and applying protection methods one can gain a complete picture of managed code security.

Outline

  • IT security and secure coding
  • Common coding errors and vulnerabilities
  • .NET security architecture and services
  • Practical cryptography
  • Desktop application security
  • Data access security in .NET
  • Windows Communication Foundation security
  • Denial of service
  • Principles of security and secure coding
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Learn about typical coding mistakes and how to avoid them
  • Learn to use various security features of the .NET development environment
  • Have a practical understanding of cryptography
  • Understand security concepts of Web services
  • Learn about XML security
  • Learn about denial of service attacks and protections
  • Get sources and further readings on secure coding practices
Course page Hide details

C# and Web application security

CL-NWA C#/.NET/ASP.NET Web

3 days
Developers

Short description

.NET and ASP.NET provide a plethora of different solutions and tools to support security development. The course gives a comprehensive overview of these techniques focusing on the web application security – both on the server- and on the client-side –, and presents the most frequent security vulnerabilities stemming from both language-specific issues and the runtime environment. Web-related vulnerabilities as well as some common coding mistakes in .NET and ASP.NET are introduced through a number of practical exercises. By understanding the operation of the security components, executing attacks and applying protection methods one can gain a complete picture of security of web applications implemented in managed code.

Outline

  • IT security and secure coding
  • Web application security
  • Client-side security
  • .NET security architecture and services
  • Practical cryptography
  • Common coding errors and vulnerabilities
  • Principles of security and secure coding
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Learn about XML security
  • Learn client-side vulnerabilities and secure coding practices
  • Learn to use various security features of the .NET development environment
  • Have a practical understanding of cryptography
  • Learn about typical coding mistakes and how to avoid them
  • Get sources and further readings on secure coding practices
Course page Hide details

Java and Web application security

CL-JWA Java Web

3 days
Developers

Short description

The training targets experienced Java developers who use the Java platform to develop web applications. Aligned to this, it tackles general web-related security issues – including both server- and client-side vulnerabilities – in the context of Java, as well as vulnerabilities specific to the Java language and platform itself. The course also introduces the basic security solutions provided by the Java language and the runtime environment. The use of the components is explained through numerous exercises, while the risks posed by the various vulnerabilities are demonstrated through committing attacks and then applying the relevant protection methods. Understanding security solutions of Java and the latest web- and Java-related vulnerabilities is a must for all programmers using Java to develop applications for the web.

Outline

  • IT security and secure coding
  • Web application security
  • Client-side security
  • Practical cryptography
  • Secure communication in Java
  • Java security services
  • Common coding errors and vulnerabilities
  • Principles of security and secure coding
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Learn about XML security
  • Learn client-side vulnerabilities and secure coding practices
  • Have a practical understanding of cryptography
  • Learn to use various security features of the Java development environment
  • Learn about typical coding mistakes and how to avoid them
  • Get information about some recent vulnerabilities in the Java framework
  • Get sources and further readings on secure coding practices
Course page Hide details

Web application security

CL-WSC Web

3 days
Developers

Short description

Web applications are continuously exposed to attacks due to being open and accessible via the Internet. Developers must therefore be extremely cautious in how to use different technologies, and should have a deep understanding in secure coding techniques applied. The course introduces web-based security technologies like web services, and presents the security vulnerabilities of web applications based on the OWASP Top Ten list. An essential secure coding course for all programmers developing applications that are exposed to the threats of the web.

Outline

  • IT security and secure coding
  • Web application security (OWASP Top Ten 2017)
  • Client-side security
  • Practical cryptography
  • Security protocols
  • Security of Web services
  • Common coding errors and vulnerabilities
  • Denial of service
  • Principles of security and secure coding
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Learn about XML security
  • Learn client-side vulnerabilities and secure coding practices
  • Have a practical understanding of cryptography
  • Understand essential security protocols
  • Understand some recent attacks against cryptosystems
  • Understand security concepts of Web services
  • Learn about JSON security
  • Learn about typical coding mistakes and how to avoid them
  • Get information about some recent vulnerabilities in the Java framework
  • Learn about denial of service attacks and protections
  • Get sources and further readings on secure coding practices
Course page Hide details

Python security

CL-PYS Python

3 days
Developers

Short description

Outline

  • IT security and secure coding
  • Web application security (OWASP Top Ten 2017)
  • Client-side security
  • XML security
  • Python security architecture
  • Practical cryptography
  • Common coding errors and vulnerabilities
  • Denial of service
  • Principles of security and secure coding
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Learn about XML security
  • Learn client-side vulnerabilities and secure coding practices
  • Understand security concepts of Web services
  • Learn about JSON security
  • Learn about Python security architecture
  • Have a practical understanding of cryptography
  • Learn about typical coding mistakes and how to avoid them
  • Learn about denial of service attacks and protections
  • Get sources and further readings on secure coding practices
Course page Hide details

Comprehensive courses

Duration
Audience

Comprehensive C and C++ secure coding (x86)

CL-CCI C/C++

4 days
Developers

Short description

Outline

  • IT security and secure coding
  • x86 machine code, memory layout and stack operations
  • Buffer overflow
  • Practical cryptography
  • Security protocols
  • Cryptographic vulnerabilities
  • XML security
  • Common coding errors and vulnerabilities
  • Security testing techniques and tools
  • Deployment environment
  • Principles of security and secure coding
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Realize the severe consequences of unsecure buffer handling
  • Understand the architectural protection techniques and their weaknesses
  • Have a practical understanding of cryptography
  • Understand essential security protocols
  • Understand some recent attacks against cryptosystems
  • Learn about XML security
  • Learn about typical coding mistakes and how to avoid them
  • Be informed about recent vulnerabilities in various platforms, frameworks and libraries
  • Get practical knowledge in using security testing techniques and tools
  • Learn how to set up and operate the deployment environment securely
  • Get sources and further readings on secure coding practices
Course page Hide details

Comprehensive C and C++ secure coding (ARM)

CL-CCA C/C++

4 days
Developers

Short description

Outline

  • IT security and secure coding
  • ARM machine code, memory layout and stack operations
  • Buffer overflow
  • Practical cryptography
  • Security protocols
  • Cryptographic vulnerabilities
  • XML security
  • Common coding errors and vulnerabilities
  • Security testing techniques and tools
  • Deployment environment
  • Principles of security and secure coding
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Realize the severe consequences of unsecure buffer handling
  • Understand the architectural protection techniques and their weaknesses
  • Have a practical understanding of cryptography
  • Understand essential security protocols
  • Understand some recent attacks against cryptosystems
  • Learn about XML security
  • Learn about typical coding mistakes and how to avoid them
  • Be informed about recent vulnerabilities in various platforms, frameworks and libraries
  • Get practical knowledge in using security testing techniques and tools
  • Learn how to set up and operate the deployment environment securely
  • Get sources and further readings on secure coding practices
Course page Hide details

Master courses

Duration
Audience

C and C++ security master course (x86)

CL-CMI C/C++

5 days
Developers, Testers

Short description

Outline

  • IT security and secure coding
  • x86 machine code, memory layout and stack operations
  • Buffer overflow
  • Common coding errors and vulnerabilities
  • Requirements of secure communication
  • Practical cryptography
  • XML security
  • Security protocols
  • Security in the software development lifecycle
  • Security testing
  • Security testing techniques and tools
  • Deployment environment
  • Principles of security and secure coding
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Realize the severe consequences of unsecure buffer handling
  • Understand the architectural protection techniques and their weaknesses
  • Learn about typical coding mistakes and how to avoid them
  • Be informed about recent vulnerabilities in various platforms, frameworks and libraries
  • Understand the requirements of secure communication
  • Have a practical understanding of cryptography
  • Learn about XML security
  • Understand essential security protocols
  • Understand some recent attacks against cryptosystems
  • Understand security considerations in the SDLC
  • Understand security testing approaches and methodologies
  • Get practical knowledge in using security testing techniques and tools
  • Learn how to set up and operate the deployment environment securely
  • Get sources and further readings on secure coding practices
Course page Hide details

C and C++ security master course (ARM)

CL-CMA C/C++

5 days
Developers, Testers

Short description

Outline

  • IT security and secure coding
  • ARM machine code, memory layout and stack operations
  • Buffer overflow
  • Common coding errors and vulnerabilities
  • Requirements of secure communication
  • Practical cryptography
  • XML security
  • Security protocols
  • Security in the software development lifecycle
  • Security testing
  • Security testing techniques and tools
  • Deployment environment
  • Principles of security and secure coding
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Realize the severe consequences of unsecure buffer handling
  • Understand the architectural protection techniques and their weaknesses
  • Learn about typical coding mistakes and how to avoid them
  • Be informed about recent vulnerabilities in various platforms, frameworks and libraries
  • Understand the requirements of secure communication
  • Have a practical understanding of cryptography
  • Learn about XML security
  • Understand essential security protocols
  • Understand some recent attacks against cryptosystems
  • Understand security considerations in the SDLC
  • Understand security testing approaches and methodologies
  • Get practical knowledge in using security testing techniques and tools
  • Learn how to set up and operate the deployment environment securely
  • Get sources and further readings on secure coding practices
Course page Hide details

C# and Web application security master course

CL-NSM C#/.NET/ASP.NET Web

5 days
Developers, Testers

Short description

.NET and related technologies provide an environment and a number of different solutions and tools to support security development. The course gives a comprehensive overview of these techniques, starting off from Web application security – both on the server- and on the client-side –, and presents the most frequent security vulnerabilities stemming from both language-specific issues and the runtime environment. The Web-related vulnerabilities as well as some common coding mistakes in C# are introduced through a number of practical exercises. By understanding the operation of the security components, executing attacks and applying protection methods one can gain a complete picture of security of web applications implemented in managed code.

Outline

  • IT security and secure coding
  • Web application security (OWASP Top Ten 2017)
  • Client-side security
  • Denial of service
  • Data access security in .NET
  • .NET security architecture and services
  • Practical cryptography
  • Security protocols
  • Security of Web services
  • Desktop application security
  • Common coding errors and vulnerabilities
  • Security testing
  • Security testing techniques and tools
  • Principles of security and secure coding
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Learn about XML security
  • Learn client-side vulnerabilities and secure coding practices
  • Learn about denial of service attacks and protections
  • Understand security concepts of Web services
  • Learn about JSON security
  • Learn to use various security features of the .NET development environment
  • Have a practical understanding of cryptography
  • Understand essential security protocols
  • Get information about some recent vulnerabilities in .NET and ASP.NET
  • Learn about typical coding mistakes and how to avoid them
  • Understand security testing approaches and methodologies
  • Get practical knowledge in using security testing techniques and tools
  • Get sources and further readings on secure coding practices
Course page Hide details

Java and Web application security master course

CL-JSM Java Web

5 days
Developers, Testers

Short description

The training targets experienced Java developers who use the Java platform to develop web applications. Aligned to this, it tackles general web-related security issues – including both server- and client-side vulnerabilities – in the context of Java, as well as vulnerabilities specific to the Java language and platform itself. The course also introduces the basic security solutions provided by the Java language and the runtime environment. The use of the components is explained through numerous exercises, while the risks posed by the various vulnerabilities are demonstrated through committing attacks and then applying the relevant protection methods. Understanding security solutions of Java and the latest web- and Java-related vulnerabilities is a must for all programmers using Java to develop applications for the web.

Outline

  • IT security and secure coding
  • Web application security (OWASP Top Ten 2017)
  • Client-side security
  • Practical cryptography
  • Java security services
  • Foundations of Java security
  • Secure communication in Java
  • Common coding errors and vulnerabilities
  • Security of Web services
  • Hibernate security
  • Java EE security
  • JSF and PrimeFaces security
  • Spring security
  • Denial of service
  • Security testing techniques and tools
  • Principles of security and secure coding
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Learn about XML security
  • Learn client-side vulnerabilities and secure coding practices
  • Have a practical understanding of cryptography
  • Learn to use various security features of the Java development environment
  • Learn about typical coding mistakes and how to avoid them
  • Get information about some recent vulnerabilities in the Java framework
  • Understand security concepts of Web services
  • Learn about JSON security
  • Learn about Hibernate security
  • Understand security solutions of Java EE
  • Learn about JSF and PrimeFaces security
  • Learn about Spring security
  • Learn about denial of service attacks and protections
  • Get practical knowledge in using security testing techniques and tools
  • Get sources and further readings on secure coding practices
Course page Hide details

Web application security master course

CL-WSM Web

5 days
Developers, Testers

Short description

Outline

  • IT security and secure coding
  • Web application security (OWASP Top Ten 2017)
  • Content security policy
  • Client-side security
  • Denial of service
  • Practical cryptography
  • Security protocols
  • Common coding errors and vulnerabilities
  • Security in the software development lifecycle
  • Security testing
  • Security testing methodology
  • Security testing techniques and tools
  • Deployment environment
  • Principles of security and secure coding
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Learn about XML security
  • Understand Content Security Policy
  • Learn client-side vulnerabilities and secure coding practices
  • Learn about denial of service attacks and protections
  • Understand security concepts of Web services
  • Learn about JSON security
  • Have a practical understanding of cryptography
  • Understand essential security protocols
  • Understand some recent attacks against cryptosystems
  • Learn about typical coding mistakes and how to avoid them
  • Get information about some recent vulnerabilities in the Java framework
  • Understand security considerations in the SDLC
  • Understand security testing approaches and methodologies
  • Get practical knowledge in using security testing techniques and tools
  • Learn how to set up and operate the deployment environment securely
  • Get sources and further readings on secure coding practices
Course page Hide details

Vertical courses

Duration
Audience

Secure coding master course for banking and finance

CL-IFINT Java C#/.NET/ASP.NET Web

5 days
Developers, Testers, Professionals

Short description

If you happen to be an IT security manager in the fintech industry, recent news of the sector might have caused you serious nightmares about PCI security. Manage your anxiety with our professional master course on secure coding and keep your company the first in line on the market!

We designed the Secure Coding Master Course specifically for companies of the fintech industry who provide the most sensitive data transmission: all types of money transfer.

Therefore our program offers pragmatic assimilation of knowledge and experience on secure coding issues. We deal with threats and vulnerabilities of systems and applications through hands-on labs, real-life case studies from the banking industry, even engaging participants in live hacking fun to reveal all consequences of insecure coding. Join us and we’ll train you to have a good sleep!

Outline

  • IT security and secure coding
  • Special threats in the banking and finance sector
  • Regulations and standards
  • Web application security (OWASP Top Ten 2017)
  • Client-side security
  • Security architecture
  • Requirements of secure communication
  • Practical cryptography
  • Crypto libraries and APIs
  • Security protocols
  • Input validation
  • Security of Web services
  • Improper use of security features
  • Object-relational mapping (ORM) security
  • Improper error and exception handling
  • Time and state problems
  • Code quality problems
  • Denial of service
  • Security testing techniques and tools
  • Deployment environment
  • Principles of security and secure coding
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Understand security considerations in the SDLC
  • Understand special threats in the banking and finance sector
  • Understand regulations and standards
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Learn about XML security
  • Learn client-side vulnerabilities and secure coding practices
  • Have a practical understanding of cryptography
  • Understand the requirements of secure communication
  • Understand essential security protocols
  • Understand some recent attacks against cryptosystems
  • Understand security concepts of Web services
  • Learn about JSON security
  • Learn about typical coding mistakes and how to avoid them
  • Get information about some recent vulnerabilities in the Java framework
  • Learn about denial of service attacks and protections
  • Get practical knowledge in using security testing techniques and tools
  • Learn how to set up and operate the deployment environment securely
  • Get sources and further readings on secure coding practices
Course page Hide details

Secure coding master course for healthcare

CL-IHEAL C/C++ Java C#/.NET/ASP.NET Web

5 days
Developers, Testers, Professionals

Short description

Healthcare is one of the business domains where security is absolutely crucial. Vulnerability is not an option when working with life-saving devices, while your systems and applications need to comply with Health Information Portability and Accountability Act (HIPAA) requirements.

This training program exclusively targets engineers developing applications or maintaining networks for the healthcare sector. Our dedicated trainers share their experience and expertise through hands-on labs, and give real-life case studies from the healthcare industry – engaging participants in live hacking fun to reveal all consequences of insecure coding.

Outline

  • IT security and secure coding
  • Special threats in the healthcare sector
  • Regulations and standards
  • Web application security (OWASP Top Ten 2017)
  • Client-side security
  • Security architecture
  • Requirements of secure communication
  • Practical cryptography
  • Crypto libraries and APIs
  • Security protocols
  • Input validation
  • Security of Web services
  • Improper use of security features
  • Object-relational mapping (ORM) security
  • Improper error and exception handling
  • Time and state problems
  • Code quality problems
  • Denial of service
  • Security testing techniques and tools
  • Principles of security and secure coding
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Understand special threats in the healthcare sector
  • Understand regulations and standards
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Learn about XML security
  • Learn client-side vulnerabilities and secure coding practices
  • Have a practical understanding of cryptography
  • Understand the requirements of secure communication
  • Understand essential security protocols
  • Understand some recent attacks against cryptosystems
  • Understand security concepts of Web services
  • Learn about JSON security
  • Learn about typical coding mistakes and how to avoid them
  • Get information about some recent vulnerabilities in the Java framework
  • Learn about denial of service attacks and protections
  • Get practical knowledge in using security testing techniques and tools
  • Get sources and further readings on secure coding practices
Course page Hide details

Secure coding master course for telecoms

CL-ITELC Java Web C/C++

5 days
Developers, Testers, Professionals

Short description

In today's connected world, the security of telecommunication is more important than ever. Vulnerabilities in telecom equipment enable attacks on subscribers as well as companies and services on a global scale, and thus dealing with them is absolutely crucial. Standards such as ITU-T X.805 or the GSMA IoT Security Guidelines for Network Operators give important guidance about building secure telecom systems.

This training program exclusively targets engineers developing software and equipment for the telecom sector. Our dedicated trainers share their experience and expertise through hands-on labs, and give real-life case studies from the telecom industry – engaging participants in live hacking fun to reveal all consequences of insecure coding.

Outline

  • IT security and secure coding
  • Special threats in the telecom sector
  • Regulations and standards
  • Web application security
  • Client-side security
  • Practical cryptography
  • Network security
  • Common coding errors and vulnerabilities
  • Foundations of Java security
  • Secure communication in Java
  • Java security services
  • x86 machine code, memory layout and stack operations
  • Buffer overflow
  • Some additional native code-related vulnerabilities
  • Denial of service
  • Principles of security and secure coding
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Understand special threats in the telecom sector
  • Understand regulations and standards
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Learn about XML security
  • Learn client-side vulnerabilities and secure coding practices
  • Have a practical understanding of cryptography
  • Learn about network attacks and defenses at different OSI layers
  • Learn about typical coding mistakes and how to avoid them
  • Get information about some recent vulnerabilities in the Java framework
  • Learn to use various security features of the Java development environment
  • Understand security concepts of Web services
  • Realize the severe consequences of unsecure buffer handling in native code
  • Understand the architectural protection techniques and their weaknesses
  • Realize the severe consequences of unsecure buffer handling
  • Learn about denial of service attacks and protections
  • Get sources and further readings on secure coding practices
Course page Hide details

Other courses

Duration
Audience

Security testing

CL-STS C/C++ Java C#/.NET/ASP.NET Web

3 days
Developers, Testers

Short description

Testing plays a very important role in ensuring security and robustness of applications. Various approaches – from high level auditing through penetration testing to ethical hacking – can be applied to find vulnerabilities of different types. Remember: security testers should ideally find all bugs to protect a system, while for adversaries it is enough to find one single exploitable vulnerability to reach their goals. Therefore, if you want to go beyond the easy-to-find low-hanging fruits, security testing should be well planned, properly executed, and thus needs a strong security expertise. This is why this course is a must-attend for all testers of security-sensitive applications.

Outline

  • IT security and secure coding
  • Web application security
  • Client-side security
  • Security testing
  • Security testing techniques and tools
  • Source code review
  • Input validation
  • Improper use of security features
  • Testing the implementation
  • Deployment environment
  • Principles of security and secure coding
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Learn about XML security
  • Learn client-side vulnerabilities and secure coding practices
  • Understand security testing approaches and methodologies
  • Get practical knowledge in using security testing techniques and tools
  • Learn how to set up and operate the deployment environment securely
  • Get sources and further readings on secure coding practices
Course page Hide details

Web application security testing

CL-WTS Web

3 days
Developers, Testers

Short description

The course first gives an overview of the most important web-related security problems, attacks, recommended coding techniques and mitigation methods. After getting familiar with the vulnerabilities and the attack methods, participants learn about the general approach and the methodology for security testing, and the techniques that can be applied to reveal specific vulnerabilities. They also learn to use various tools that can be applied in order to automate security evaluation of software products, which is also supported by a number of exercises, where we execute various tools to analyze the already discussed vulnerable codes. This training is a must-attend for testers of security-sensitive web applications.

Outline

  • IT security and secure coding
  • Web application security (OWASP Top Ten 2017)
  • Client-side security
  • Denial of service
  • Security testing
  • Security testing techniques and tools
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Learn about XML security
  • Learn client-side vulnerabilities and secure coding practices
  • Understand security concepts of Web services
  • Learn about JSON security
  • Learn about denial of service attacks and protections
  • Understand security testing approaches and methodologies
  • Get practical knowledge in using security testing techniques and tools
  • Get sources and further readings on secure coding practices
Course page Hide details

Security testing native code

CL-CTS C/C++

3 days
Developers, Testers

Short description

Testing plays a very important role in ensuring security and robustness of applications. Various approaches – from high level auditing through penetration testing to ethical hacking – can be applied to find vulnerabilities of different types. Remember: security testers should ideally find all bugs to protect a system, while for adversaries it is enough to find one single exploitable vulnerability to reach their goals. Therefore, if you want to go beyond the easy-to-find low-hanging fruits, security testing should be well planned, properly executed, and thus needs a strong security expertise. This is why this course is a must-attend for all testers of security-sensitive applications.

Outline

  • IT security and secure coding
  • x86 machine code, memory layout and stack operations
  • Buffer overflow
  • Common coding errors and vulnerabilities
  • Denial of service
  • Security testing
  • Security testing techniques and tools
  • Deployment environment
  • Principles of security and secure coding
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Realize the severe consequences of unsecure buffer handling
  • Understand the architectural protection techniques and their weaknesses
  • Learn about typical coding mistakes and how to avoid them
  • Be informed about recent vulnerabilities in various platforms, frameworks and libraries
  • Learn about denial of service attacks and protections
  • Understand security testing approaches and methodologies
  • Get practical knowledge in using security testing techniques and tools
  • Learn how to set up and operate the deployment environment securely
  • Get sources and further readings on secure coding practices
Course page Hide details

Secure coding in PHP

CL-PSC PHP Web

3 days
Developers

Short description

Targeting developers of web-based applications using PHP in their everyday work, this course provides essential skills necessary to resist attacks on the web. Participants will not only learn about the various vulnerabilities relevant to PHP and the web, but will be also introduced to security features of PHP complemented with the security of client-side technologies, and can learn about the extension, configuration and hardening of the standard LAMP (Linux-Apache-MySQL-PHP) environment. Web vulnerabilities are presented through PHP-based examples, while input validation vulnerabilities, improper use of security features and time- and state-related problems are all discussed in the context of PHP. Essential for all PHP programmers delivering web applications highly exposed to web-based attacks.

Outline

  • IT security and secure coding
  • Web application security
  • Client-side security
  • Practical cryptography
  • Deployment environment
  • Denial of service
  • Common coding errors and vulnerabilities
  • XML security
  • Principles of security and secure coding
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Learn about XML security
  • Learn client-side vulnerabilities and secure coding practices
  • Learn to use various security features of PHP
  • Have a practical understanding of cryptography
  • Learn how to set up and operate the deployment environment securely
  • Learn about denial of service attacks and protections
  • Learn about typical coding mistakes and how to avoid them
  • Be informed about recent vulnerabilities of the PHP framework
  • Get sources and further readings on secure coding practices
Course page Hide details

Node.js and Web application security

CL-NJS Web Mobile

3 days
Developers

Short description

Web applications are continuously exposed to attacks due to being open and accessible via the Internet. Developers must therefore be extremely cautious in how to use different technologies, and should have a deep understanding in secure coding techniques applied. In the context of Node.js, this course deals with the security of some relevant technologies, and presents the security vulnerabilities of web applications based on the OWASP Top Ten list. An essential secure coding course for all programmers developing applications that are exposed to the threats of the web.

Outline

  • IT security and secure coding
  • Web application security
  • Client-side security
  • Node.js security
  • Practical cryptography
  • Security of Web services
  • MongoDB security
  • Common coding errors and vulnerabilities
  • Denial of service
  • Principles of security and secure coding
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Learn about XML security
  • Learn client-side vulnerabilities and secure coding practices
  • Learn about Node.js security
  • Have a practical understanding of cryptography
  • Understand security concepts of Web services
  • Learn about JSON security
  • Learn about MongoDB security
  • Learn about typical coding mistakes and how to avoid them
  • Get information about some recent vulnerabilities in the Java framework
  • Learn about denial of service attacks and protections
  • Get sources and further readings on secure coding practices
Course page Hide details

Crypto chip-set security

CL-CHS Specific topic

3 days
Professionals

Short description

Secure systems operating in hostile environment usually rely on crypto chip-sets, whose security is essential as they are not only logically, but also physically exposed to attacks. This course deals with the security chipset design as well as with various implementation issues, presenting IC-level attack possibilities and the relevant prevention and protection techniques. The subject also tackles security relevant low-level programming bugs, firmware vulnerabilities and their mitigation. A special course for professionals working in the field of secure hardware development.

Outline

  • IT security and secure coding
  • Requirements of secure communication
  • Practical cryptography
  • Security protocols
  • Simple physical attacks and protections
  • Passive physical attacks
  • Active physical attacks
  • Passive and active combined attacks
  • Special security functions – Requirements and solutions
  • Principles of security and secure coding

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Have a practical understanding of cryptography
  • Understand the requirements of secure communication
  • Understand essential security protocols
  • Understand some recent attacks against cryptosystems
Course page Hide details

Network security and secure communication

CL-ANW Web Specific topic

3 days
Developers, Professionals

Short description

Since all applications today heavily rely on communication and networks, there is no application security without network security. This course gives a strong foundation on design principles as well as practical answers on how to use various cryptographic primitives and security protocols properly, while also focusing on the two most critical areas in that domain from a developer's point of view: network communication and practical cryptography. It covers network-level threats and countermeasures from the Data Link to the Application layer, and gives an overview of the most critical implementation-level attacks against crypto implementations as well as the security issues related to XML.

The course is recommended for developers of interoperating networked applications – giving them the essential knowledge to design and implement secure network software.

Outline

  • IT security and secure coding
  • Requirements of secure communication
  • Network security
  • Practical cryptography
  • Security protocols
  • Cryptographic vulnerabilities
  • Common coding errors and vulnerabilities
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Understand the requirements of secure communication
  • Learn about network attacks and defenses at different OSI layers
  • Have a practical understanding of cryptography
  • Understand essential security protocols
  • Understand some recent attacks against cryptosystems
  • Learn about typical coding mistakes and how to avoid them
  • Get information about some recent vulnerabilities in the Java framework
  • Learn about XML security
  • Get information about some recent related vulnerabilities
  • Get sources and further readings on secure coding practices
Course page Hide details

Application security in the cloud

CL-CLS Web Specific topic

3 days
Developers, Managers, Professionals

Short description

Migrating to the cloud introduces immense benefits for companies and individuals in terms of efficiency and costs. With respect to security, the effects are quite diverse, but it is a common perception that using cloud services impacts security in a positive manner. This course deals with the various security aspects of cloud computing, starting off from discussing cloud-specific threats and risks, followed by legal and contractual basics, as well as how a cloud application should be audited and evaluated from a security perspective. Core cloud security is discussed in multiple areas: from securing the infrastructure – issues like hardening, configuration, authentication, authorization and identity management – to application security issues as the culmination of the course.

The course gives application developers essential knowledge with respect to application security challenges and solutions when developing in a cloud environment.

Outline

  • IT security and secure coding
  • Cloud security basics
  • Threats and risks in the clouds
  • Cloud security solutions
  • Practical cryptography
  • Web application security
  • Denial of service
  • Input validation
  • Data security in the cloud
  • Security audit in the cloud
  • Dynamic security testing
  • Securing the cloud environment
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Understand major threats and risks in the cloud domain
  • Learn about elementary cloud security solutions
  • Understand security concepts of Web services
  • Learn about XML security
  • Have a practical understanding of cryptography
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Learn about denial of service attacks and protections
  • Learn typical input validation mistakes
  • Understand data security challenges in the cloud
  • Learn about NoSQL security
  • Learn about MongoDB security
  • Understand the challenges of auditing and evaluating cloud systems for security
  • Learn how to secure the cloud environment and infrastructure
  • Learn how to set up and operate the deployment environment securely
  • Get sources and further readings on secure coding practices
Course page Hide details

The secure coding landscape

CL-OSC General security

Developers, Managers

Short description

The course introduces some common security concepts, gives an overview about the nature of the vulnerabilities regardless of the used programming languages and platforms, and explains how to handle the risks that apply regarding software security in the various phases of the software development lifecycle. Without going deeply into technical details, it highlights some of the most interesting and most aching vulnerabilities in various software development technologies, and presents the challenges of security testing, along with some techniques and tools that one can apply to find any existing problems in their code. A training that primarily targets managers and engineers getting involved in secure coding issues, giving them an overview on software security problems through a number of demonstrations.

Outline

  • Agenda
  • IT security and secure coding
  • Security challenges of various platforms – highlights –
  • Challenges of security testing
  • Principles of security and secure coding
  • Knowledge sources

Participants attending this course will

  • Understand basic concepts of security, IT security and secure coding
  • Understand Web vulnerabilities both on server and client side
  • Realize the severe consequences of unsecure buffer handling
  • Be informated about some recent vulnerabilities in development environments and frameworks
  • Learn about typical coding mistakes and how to avoid them
  • Understand security testing approaches and methodologies
  • Get sources and further readings on secure coding practices
Course page Hide details