Filter by programming languages
Filter by category
Filter by target audience
results. Reset filters
This course is a language-agnostic introduction to web security. It covers the most frequent vulnerabilities and the mitigation techniques used to patch them. During the class, participants will exploit these flaws and understand the anatomy of an attack. This knowledge is critical to be able to successfully apply defense techniques. The course showcases examples from multiple platforms and languages.
After this training, participants usually attend a language-specific course where we dive deeper into secure coding that's beyond the web.
This course goes through the top 10, most frequent vulnerabilities that applications usually contain around the world. During the class the participants see examples about how to exploit these security flaws, because knowing the threats and possible attacks is fundamental to understand the necessary steps of mitigation. This course is an introduction to our OWASP Top 10, Java Secure Coding Follow Up course, which aims to deepen the security related knowledge of the participants in the Java programming language.
This course goes through the top 10, most frequent vulnerabilities that applications usually contain around the world. During the class the participants see examples about how to exploit these security flaws, because knowing the threats and possible attacks is fundamental to understand the necessary steps of mitigation. This course is an introduction to our OWASP Top 10, C# Secure Coding Follow Up course, which aims to deepen the security related knowledge of the participants in the C# programming language.
This course is the next step for our participants, who completed our OWASP Top 10, Java Secure Coding Fundamentals course. While the Fundamentals was rather an independent introduction to secure coding, this class emphasizes rather the Java specific parts of the topic, supplemented with some basic cryptographic knowledge that is useful to have for every developer.
This course is the next step for our participants, who completed our OWASP Top 10, C# Secure Coding Fundamentals course. While the Fundamentals was rather an independent introduction to secure coding, this class emphasizes rather the C# specific parts of the topic, supplemented with some basic cryptographic knowledge that is useful to have for every developer.
This course is the next step for our participants, who completed either our OWASP Top 10, Java Secure Coding or C# Fundamentals course. This follow-up course is tailored to participants working as full-stack or frontend developers using Angular and React.
.NET and ASP.NET provide a plethora of different solutions and tools to support security development. The course gives a comprehensive overview of these techniques by focusing on both language-specific issues and the desktop runtime environment. Common coding mistakes in .NET and ASP.NET are introduced through a number of practical exercises. By understanding the operation of the security components, executing attacks and applying protection methods one can gain a complete picture of managed code security.
.NET and ASP.NET provide a plethora of different solutions and tools to support security development. The course gives a comprehensive overview of these techniques focusing on the web application security – both on the server- and on the client-side –, and presents the most frequent security vulnerabilities stemming from both language-specific issues and the runtime environment. Web-related vulnerabilities as well as some common coding mistakes in .NET and ASP.NET are introduced through a number of practical exercises. By understanding the operation of the security components, executing attacks and applying protection methods one can gain a complete picture of security of web applications implemented in managed code.
The training targets experienced Java developers who use the Java platform to develop web applications. Aligned to this, it tackles general web-related security issues – including both server- and client-side vulnerabilities – in the context of Java, as well as vulnerabilities specific to the Java language and platform itself. The course also introduces the basic security solutions provided by the Java language and the runtime environment. The use of the components is explained through numerous exercises, while the risks posed by the various vulnerabilities are demonstrated through committing attacks and then applying the relevant protection methods. Understanding security solutions of Java and the latest web- and Java-related vulnerabilities is a must for all programmers using Java to develop applications for the web.
Web applications are continuously exposed to attacks due to being open and accessible via the Internet. Developers must therefore be extremely cautious in how to use different technologies, and should have a deep understanding in secure coding techniques applied. The course introduces web-based security technologies like web services, and presents the security vulnerabilities of web applications based on the OWASP Top Ten list. An essential secure coding course for all programmers developing applications that are exposed to the threats of the web.
.NET and related technologies provide an environment and a number of different solutions and tools to support security development. The course gives a comprehensive overview of these techniques, starting off from Web application security – both on the server- and on the client-side –, and presents the most frequent security vulnerabilities stemming from both language-specific issues and the runtime environment. The Web-related vulnerabilities as well as some common coding mistakes in C# are introduced through a number of practical exercises. By understanding the operation of the security components, executing attacks and applying protection methods one can gain a complete picture of security of web applications implemented in managed code.
The training targets experienced Java developers who use the Java platform to develop web applications. Aligned to this, it tackles general web-related security issues – including both server- and client-side vulnerabilities – in the context of Java, as well as vulnerabilities specific to the Java language and platform itself. The course also introduces the basic security solutions provided by the Java language and the runtime environment. The use of the components is explained through numerous exercises, while the risks posed by the various vulnerabilities are demonstrated through committing attacks and then applying the relevant protection methods. Understanding security solutions of Java and the latest web- and Java-related vulnerabilities is a must for all programmers using Java to develop applications for the web.
If you happen to be an IT security manager in the fintech industry, recent news of the sector might have caused you serious nightmares about PCI security. Manage your anxiety with our professional master course on secure coding and keep your company the first in line on the market!
We designed the Secure Coding Master Course specifically for companies of the fintech industry who provide the most sensitive data transmission: all types of money transfer.
Therefore our program offers pragmatic assimilation of knowledge and experience on secure coding issues. We deal with threats and vulnerabilities of systems and applications through hands-on labs, real-life case studies from the banking industry, even engaging participants in live hacking fun to reveal all consequences of insecure coding. Join us and we’ll train you to have a good sleep!
Healthcare is one of the business domains where security is absolutely crucial. Vulnerability is not an option when working with life-saving devices, while your systems and applications need to comply with Health Information Portability and Accountability Act (HIPAA) requirements.
This training program exclusively targets engineers developing applications or maintaining networks for the healthcare sector. Our dedicated trainers share their experience and expertise through hands-on labs, and give real-life case studies from the healthcare industry – engaging participants in live hacking fun to reveal all consequences of insecure coding.
In today's connected world, the security of telecommunication is more important than ever. Vulnerabilities in telecom equipment enable attacks on subscribers as well as companies and services on a global scale, and thus dealing with them is absolutely crucial. Standards such as ITU-T X.805 or the GSMA IoT Security Guidelines for Network Operators give important guidance about building secure telecom systems.
This training program exclusively targets engineers developing software and equipment for the telecom sector. Our dedicated trainers share their experience and expertise through hands-on labs, and give real-life case studies from the telecom industry – engaging participants in live hacking fun to reveal all consequences of insecure coding.
Today, cryptography protects the confidentiality and integrity of data in all states. It is imperative to understand how cryptographic pieces fit together, as misusing them can completely nullify the protections applied. Following the practices and recommendations in this course ensures that cryptography used will genuinely serve its function and protect data as intended.
TPM chip features form a complex toolset in order to provide root of trust protection, measurement of integrity, secure storage (with NV-indexes) and secure auditing (with PCRs) and reporting. All these features are backed with key management, organized into special hierarchies. Our TPM based sample application framework covers the topics of device identification, firmware integrity protection, secure boot loader, chain of trust verification, remote attestation and encryption-based solutions. This course provides hands-on exercises for the participants to implement their secure solutions based on TPM chip features.
Testing plays a very important role in ensuring security and robustness of applications. Various approaches – from high level auditing through penetration testing to ethical hacking – can be applied to find vulnerabilities of different types. Remember: security testers should ideally find all bugs to protect a system, while for adversaries it is enough to find one single exploitable vulnerability to reach their goals. Therefore, if you want to go beyond the easy-to-find low-hanging fruits, security testing should be well planned, properly executed, and thus needs a strong security expertise. This is why this course is a must-attend for all testers of security-sensitive applications.
The course first gives an overview of the most important web-related security problems, attacks, recommended coding techniques and mitigation methods. After getting familiar with the vulnerabilities and the attack methods, participants learn about the general approach and the methodology for security testing, and the techniques that can be applied to reveal specific vulnerabilities. They also learn to use various tools that can be applied in order to automate security evaluation of software products, which is also supported by a number of exercises, where we execute various tools to analyze the already discussed vulnerable codes. This training is a must-attend for testers of security-sensitive web applications.
Testing plays a very important role in ensuring security and robustness of applications. Various approaches – from high level auditing through penetration testing to ethical hacking – can be applied to find vulnerabilities of different types. Remember: security testers should ideally find all bugs to protect a system, while for adversaries it is enough to find one single exploitable vulnerability to reach their goals. Therefore, if you want to go beyond the easy-to-find low-hanging fruits, security testing should be well planned, properly executed, and thus needs a strong security expertise. This is why this course is a must-attend for all testers of security-sensitive applications.
Targeting developers of web-based applications using PHP in their everyday work, this course provides essential skills necessary to resist attacks on the web. Participants will not only learn about the various vulnerabilities relevant to PHP and the web, but will be also introduced to security features of PHP complemented with the security of client-side technologies, and can learn about the extension, configuration and hardening of the standard LAMP (Linux-Apache-MySQL-PHP) environment. Web vulnerabilities are presented through PHP-based examples, while input validation vulnerabilities, improper use of security features and time- and state-related problems are all discussed in the context of PHP. Essential for all PHP programmers delivering web applications highly exposed to web-based attacks.
Web applications are continuously exposed to attacks due to being open and accessible via the Internet. Developers must therefore be extremely cautious in how to use different technologies, and should have a deep understanding in secure coding techniques applied. In the context of Node.js, this course deals with the security of some relevant technologies, and presents the security vulnerabilities of web applications based on the OWASP Top Ten list. An essential secure coding course for all programmers developing applications that are exposed to the threats of the web.
Secure systems operating in hostile environment usually rely on crypto chip-sets, whose security is essential as they are not only logically, but also physically exposed to attacks. This course deals with the security chipset design as well as with various implementation issues, presenting IC-level attack possibilities and the relevant prevention and protection techniques. The subject also tackles security relevant low-level programming bugs, firmware vulnerabilities and their mitigation. A special course for professionals working in the field of secure hardware development.
Since all applications today heavily rely on communication and networks, there is no application security without network security. This course gives a strong foundation on design principles as well as practical answers on how to use various cryptographic primitives and security protocols properly, while also focusing on the two most critical areas in that domain from a developer's point of view: network communication and practical cryptography. It covers network-level threats and countermeasures from the Data Link to the Application layer, and gives an overview of the most critical implementation-level attacks against crypto implementations as well as the security issues related to XML.
The course is recommended for developers of interoperating networked applications – giving them the essential knowledge to design and implement secure network software.
Migrating to the cloud introduces immense benefits for companies and individuals in terms of efficiency and costs. With respect to security, the effects are quite diverse, but it is a common perception that using cloud services impacts security in a positive manner. This course deals with the various security aspects of cloud computing, starting off from discussing cloud-specific threats and risks, followed by legal and contractual basics, as well as how a cloud application should be audited and evaluated from a security perspective. Core cloud security is discussed in multiple areas: from securing the infrastructure – issues like hardening, configuration, authentication, authorization and identity management – to application security issues as the culmination of the course.
The course gives application developers essential knowledge with respect to application security challenges and solutions when developing in a cloud environment.
The course introduces some common security concepts, gives an overview about the nature of the vulnerabilities regardless of the used programming languages and platforms, and explains how to handle the risks that apply regarding software security in the various phases of the software development lifecycle. Without going deeply into technical details, it highlights some of the most interesting and most aching vulnerabilities in various software development technologies, and presents the challenges of security testing, along with some techniques and tools that one can apply to find any existing problems in their code. A training that primarily targets managers and engineers getting involved in secure coding issues, giving them an overview on software security problems through a number of demonstrations.
Embedded PLCs are often used for decades. Therefore, their security is a crucial question. But even when a PLC is manufactured perfectly, human programming and implementation errors are still present.
This course gives an overview of PLC security based on the Top 20 PLC Secure Coding Practices List, explained with examples that can occur anytime in real life.
