Filter by programming languages
Filter by platforms
Filter by target audience
results. Reset filters
The SDL core training gives an insight into the security of software development through Microsoft’s Security Development Lifecycle (SDL). It provides a level 100 overview of SDL elements, including the STRIDE model, design, development and testing, as well as the privacy issues. By systematically going through the development steps, one can gain a comprehensive picture of various security aspects of the whole lifecycle, and a holistic view of security of software products.
This course gives an insight into the security of software development through Microsoft’s Security Development Lifecycle (SDL) with a focus on web application security. It starts with a level 100 overview of SDL elements, including the STRIDE model, design, development and testing, but also introduces in details web application security issues both server- and on the client-side. By systematically going through the development steps, one can gain a comprehensive picture of various security aspects of the whole lifecycle, and a holistic view of security of web applications.
The training gives an insight into the typical C/C++ security relevant programming bugs and common security vulnerabilities, like different types of buffer overflows and their exploitation, integer handling problems, the printf format string bug, unicode bug, covert channel attacks and many more. Deep comprehension of the associated risks is reinforced by committing the attacks together with the participants, experiencing real hacking fun. The specific protection measures are introduced along with the secure coding guidelines, substantially changing the way attendees will think about writing C/C++ code.
The training gives an insight into the typical C/C++ security relevant programming bugs and common security vulnerabilities, like different types of buffer overflows and their exploitation, integer handling problems, the printf format string bug, unicode bug, covert channel attacks and many more. Deep comprehension of the associated risks is reinforced by committing the attacks together with the participants, experiencing real hacking fun. The specific protection measures are introduced along with the secure coding guidelines, substantially changing the way attendees will think about writing C/C++ code.
The course introduces the basic security solutions provided by the Java language and the runtime environment, and also systematically goes through the most frequent and severe programming flaws of the Java language and platform, dealing with both language-specific issues and the problems stemming from the runtime environment. Gaining experience in using security components and the deep understanding of different security-relevant bugs are supported by a number of hands-on exercises through which participants can try out the discussed issues for themselves. While Java is considered to be a safe platform, the course makes it clear that there is still much to be aware of.
The training targets experienced Java developers who use the Java platform to develop web applications. Aligned to this, it tackles general web-related security issues – including both server- and client-side vulnerabilities – in the context of Java, as well as vulnerabilities specific to the Java language and platform itself. The course also introduces the basic security solutions provided by the Java language and the runtime environment. The use of the components is explained through numerous exercises, while the risks posed by the various vulnerabilities are demonstrated through committing attacks and then applying the relevant protection methods. Understanding security solutions of Java and the latest web- and Java-related vulnerabilities is a must for all programmers using Java to develop applications for the web.
The training is tailored to the needs of experienced Java developers who work on IP and web technology based development. It gives a broad overview of the security solutions provided by Java including the different security-related services of the Java Enterprise Edition, as well as the security solutions in connection with web services. On the other hand it also provides a comprehensive introduction to Java and web-specific security vulnerabilities by demonstrating attack techniques and introducing applicable protection methods. Numerous hands-on exercises give first-hand experience on selected topics, making this course a perfect fit for those experienced Java programmers who want to gain deeper security expertise.
The training targets experienced Java developers who use the Java platform and JEE to develop web applications. Aligned to this, it tackles general web-related security issues – including both server- and client-side vulnerabilities – in the context of Java, as well as vulnerabilities specific to the Java language and platform itself. The course also introduces the basic security solutions provided by the Java language and the runtime environment, including the different security-related services of the Java Enterprise Edition. The use of the components is explained through numerous exercises, while the risks posed by the various vulnerabilities are demonstrated through committing attacks and then applying the relevant protection methods. Understanding security solutions of Java, JEE and the latest web- and Java-related vulnerabilities is a must for all programmers using Java to develop applications for the web.
The training targets experienced Java developers who use the Java platform and Java-related technologies to develop web or desktop applications. Aligned to this, it tackles general web-related security issues – including both server- and client-side vulnerabilities – in the context of Java, as well as vulnerabilities specific to the Java language and platform itself. The course also introduces the basic security solutions provided by the Java language and the runtime environment, including the different security-related services of the Java Enterprise Edition, Spring, Hibernate and many others. The use of the components is explained through numerous exercises, while the risks posed by the various vulnerabilities are demonstrated through committing attacks and then applying the relevant protection methods. Understanding security solutions of Java, JEE, Spring and the latest web- and Java-related vulnerabilities is a must for all programmers using Java to develop applications for the web.
.NET and ASP.NET provide a plethora of different solutions and tools to support security development. The course gives a comprehensive overview of these techniques, and presents the most frequent security vulnerabilities stemming from both language-specific issues and the runtime environment. Web-related vulnerabilities as well as some common coding mistakes in .NET are introduced through a number of practical exercises. By understanding the operation of the security components, executing attacks and applying protection methods one can gain a complete picture of managed code security.
.NET and ASP.NET provide a plethora of different solutions and tools to support security development. The course gives a comprehensive overview of these techniques by focusing on both language-specific issues and the desktop runtime environment. Common coding mistakes in .NET and ASP.NET are introduced through a number of practical exercises. By understanding the operation of the security components, executing attacks and applying protection methods one can gain a complete picture of managed code security.
.NET and ASP.NET provide a plethora of different solutions and tools to support security development. The course gives a comprehensive overview of these techniques focusing on the web application security – both on the server- and on the client-side –, and presents the most frequent security vulnerabilities stemming from both language-specific issues and the runtime environment. Web-related vulnerabilities as well as some common coding mistakes in .NET and ASP.NET are introduced through a number of practical exercises. By understanding the operation of the security components, executing attacks and applying protection methods one can gain a complete picture of security of web applications implemented in managed code.
.NET and related technologies provide an environment and a number of different solutions and tools to support security development. The course gives a comprehensive overview of these techniques, starting off from Web application security – both on the server- and on the client-side –, and presents the most frequent security vulnerabilities stemming from both language-specific issues and the runtime environment. The Web-related vulnerabilities as well as some common coding mistakes in C# are introduced through a number of practical exercises. By understanding the operation of the security components, executing attacks and applying protection methods one can gain a complete picture of security of web applications implemented in managed code.
Web applications are continuously exposed to attacks due to being open and accessible via the Internet. Developers must therefore be extremely cautious in how to use different technologies, and should have a deep understanding in secure coding techniques applied. In the context of Node.js, this course deals with the security of some relevant technologies, and presents the security vulnerabilities of web applications based on the OWASP Top Ten list. An essential secure coding course for all programmers developing applications that are exposed to the threats of the web.
Web applications are continuously exposed to attacks due to being open and accessible via the Internet. Developers must therefore be extremely cautious in how to use different technologies, and should have a deep understanding in secure coding techniques applied. The course introduces web-based security technologies like web services, and presents the security vulnerabilities of web applications based on the OWASP Top Ten list. So this is an essential secure coding course for all programmers developing applications that are exposed to the threats of the web.
The course first gives an overview of the most important web-related security problems, attacks, recommended coding techniques and mitigation methods. After getting familiar with the vulnerabilities and the attack methods, participants learn about the general approach and the methodology for security testing, and the techniques that can be applied to reveal specific vulnerabilities. They also learn to use various tools that can be applied in order to automate security evaluation of software products, which is also supported by a number of exercises, where we execute various tools to analyze the already discussed vulnerable codes. This training is a must-attend for testers of security-sensitive web applications.
Testing plays a very important role in ensuring security and robustness of applications. Various approaches – from high level auditing through penetration testing to ethical hacking – can be applied to find vulnerabilities of different types. Remember: security testers should ideally find all bugs to protect a system, while for adversaries it is enough to find one single exploitable vulnerability to reach their goals. Therefore, if you want to go beyond the easy-to-find low-hanging fruits, security testing should be well planned, properly executed, and thus needs a strong security expertise. This is why this course is a must-attend for all testers of security-sensitive applications.
Web applications are continuously exposed to attacks due to being open and accessible via the Internet. Developers must therefore be extremely cautious in how to use different technologies, and should have a deep understanding in secure coding techniques applied, while testers should be able to look for these security problems. The course introduces web-based security technologies, and presents the security vulnerabilities of web applications based on the OWASP Top Ten list. Participants also learn about the general approach and the methodology for security testing, and the techniques that can be applied to reveal specific vulnerabilities, as well as how to use various tools that can be applied in order to automate security evaluation of software products. The course gives comprehensive insights into software security to both web application developers and testers.
Targeting developers of web-based applications using PHP in their everyday work, this course provides essential skills necessary to resist attacks on the web. Participants will not only learn about the various vulnerabilities relevant to PHP and the web, but will be also introduced to security features of PHP complemented with the security of client-side technologies, and can learn about the extension, configuration and hardening of the standard LAMP (Linux-Apache-MySQL-PHP) environment. Web vulnerabilities are presented through PHP-based examples, while input validation vulnerabilities, improper use of security features and time- and state-related problems are all discussed in the context of PHP. Essential for all PHP programmers delivering web applications highly exposed to web-based attacks.
Both Java and .NET provide a plethora of different solutions and tools to support secure development, and at the same time carry a number of risks when being used for web application development. Aligned to this, the training targets experienced developers who use both platforms, and starts with the general, platform-independent web-related security issues. The course then introduces the security solutions provided by the Java and C# languages and the associated runtime environments, all explained through numerous exercises. Most importantly, the course gives a comprehensive overview of the most frequent security vulnerabilities committed by developers, as well as the problems stemming from both language-specific issues and the runtime environments. All problems are demonstrated through committing attacks and then applying the relevant protection methods. Understanding security solutions of Java and .NET, as well as the various vulnerabilities is a must for all programmers using these technologies to develop web applications.
The training gives a comprehensive overview of the typical security relevant problems of the most commonly used software technologies, including C/C++, Java and web-based applications. Different flaws and the associated attack techniques are presented, while the focus is on the preventive measures against potential vulnerabilities during software development. This combined subject serves in the best way heterogeneous development groups that are using various platforms simultaneously during their everyday work.
Supporting development teams that use managed and native code in parallel for their developments, this course gives an insight into both C/C++ relevant common security vulnerabilities and to the various security problems of .NET and ASP.NET environments. It overviews the various security solutions and tools for this platform as well as for web-based development in general. The proper use of the security services, along with the deep comprehension of the dangers stemming from vulnerabilities are presented through a number of hands-on exercises. This course is designed to fit the needs of groups developing complex products for web, but with the extent use of native code for special tasks.
Targeting developers of web-based applications using both Java and PHP in their everyday work, this course provides essential skills necessary to resist attacks on the web. Participants will not only learn about the various vulnerabilities relevant to PHP, Java and the web, but will be also introduced to security architecture of Java and the security features of PHP, the security of various client-side technologies, and can learn about the extension, configuration and hardening of the standard LAMP (Linux-Apache-MySQL-PHP) environment. Web vulnerabilities are presented aligned to the OWASP Top Ten, while various language and platform specific vulnerabilities of Java and PHP are categorized following the Fortify categories. An essential course for all programmers developing web applications highly exposed to web-based attacks, who use both Java and PHP in their everyday work.
The training targets experienced developers who use various development platforms and environments to develop applications (both desktop and web). Aligned to this, it tackles web-related security issues – including both server- and client-side vulnerabilities –, general security issues of various technologies – including Java, .NET, web services and XML – as well as the consequences of typical coding mistakes in different environments, platforms and programming languages. Even though the starting point is ethical hacking, the main goal of demonstrating the techniques used on the dark side is the protect against them and thus mitigate the risks. This course is the best selection of our “negative security” subjects: lots of live-hacking fun, with a single purpose to learn how to avoid the exploitable security-relevant programming bugs and flaws.
If you happen to be an IT security manager in the fintech industry, recent news of the sector might have caused you serious nightmares about PCI security. Manage your anxiety with our professional master course on secure coding and keep your company the first in line on the market!
We designed the Secure Coding Master Course specifically for companies of the fintech industry who provide the most sensitive data transmission: all types of money transfer.
Therefore our program offers pragmatic assimilation of knowledge and experience on secure coding issues. We deal with threats and vulnerabilities of systems and applications through hands-on labs, real-life case studies from the banking industry, even engaging participants in live hacking fun to reveal all consequences of insecure coding. Join us and we’ll train you to have a good sleep!
Secure systems operating in hostile environment usually rely on crypto chip-sets, whose security is essential as they are not only logically, but also physically exposed to attacks. This course deals with the security chipset design as well as with various implementation issues, presenting IC-level attack possibilities and the relevant prevention and protection techniques. The subject also tackles security relevant low-level programming bugs, firmware vulnerabilities and their mitigation. A special course for professionals working in the field of secure hardware development.
Proper understanding of how to use the building blocks of secure communication and cryptography is essential when designing and developing networked systems – especially when such systems are exposed to an untrusted network such as the Internet. This course discusses cryptography without going deeply into the mathematical and theoretical background; it however gives software engineers an overview of the various solutions, focusing on what these should be used for, and what not. The course also gives an overview of the most critical implementation-level attacks against crypto implementations, and the mitigation of these risks.
This course is intended for all software architects and engineers who design and implement applications that rely on cryptography.
Voice over IP systems are not only vulnerable to the same threats as data networks, but also to numerous, mainly availability-related dangers specific to telecommunication services. Consequently professionals in this field should be fully aware of the various security issues and the security features of the underlying technologies. VoIP security is introduced from the bottom raw protocol level, dealing with the various attack methods that are used against the most popular VoIP protocols up to application level abuses. The course provides essential coding and mitigation skills for engineers working with VoIP technologies.
Android is an open platform for mobile devices such as handsets and tablets, with a unique security model. In addition to various platform security features, it also has several limitations that developers need to be aware of. The course covers all Android security technologies and services as well as instructing developers on how to avoid the most common pitfalls and vulnerabilities in Android applications, not only tackling Java security issues, but also some essential secure coding issues in native code.
The course provides essential knowledge for Android app developers about the Android security architecture as well as typical weaknesses and protection mechanisms.
Android is an open platform for mobile devices such as handsets and tablets, with a unique security model. In addition to various platform security features, it also has several limitations that developers need to be aware of. The course covers all Android security technologies and services as well as a comprehensive study on the most common pitfalls and vulnerabilities in Android applications, including Java and native code security, and practical cryptography.
The course is recommended to those developers who extensively use both Java and native code to develop complex Android applications.
The iOS platform – distributed exclusively for Apple hardware – was designed with security in mind from the ground up. This course introduces developers to the iOS security model, while also discussing common vulnerabilities and attacks targeting iOS applications.
The course provides essential knowledge for iOS app developer about the iOS security architecture as well as typical weaknesses and protection mechanisms.
Windows Phone 7 is Microsoft’s new platform for mobile devices. The course gives a comprehensive overview of the platform’s security features and their limitations. Each component of the Windows Phone 7 architecture is examined from a security standpoint, along with best practices on how to utilize the security features when developing software for the platform. The course explains the strengths and weaknesses of WP7’s security architecture along with typical mistakes to avoid when developing software for the platform.
Migrating to the cloud introduces immense benefits for companies and individuals in terms of efficiency and costs. With respect to security, the effects are quite diverse, but it is a common perception that using cloud services impacts security in a positive manner. This course deals with the various security aspects of cloud computing, starting off from discussing cloud-specific threats and risks, followed by legal and contractual basics, as well as how a cloud application should be audited and evaluated from a security perspective. Core cloud security is discussed in multiple areas: from securing the infrastructure – issues like hardening, configuration, authentication, authorization and identity management – to application security issues as the culmination of the course.
The course gives application developers essential knowledge with respect to application security challenges and solutions when developing in a cloud environment.
Since all applications today heavily rely on communication and networks, there is no application security without network security. This course focuses on the two most critical areas in that domain from a developer's point of view: network communication and practical cryptography. In addition to covering network-level threats and countermeasures from the Data Link to the Application layer, it also presents practical answers on how to use various cryptographic primitives and security protocols properly. Finally, it gives an overview of the most critical implementation-level attacks against crypto implementations.
The course is recommended for developers of networked applications – giving them the knowledge to implement secure network software and helping them use crypto appropriately.
Since all applications today heavily rely on communication and networks, there is no application security without network security. This course gives a strong foundation on design principles as well as practical answers on how to use various cryptographic primitives and security protocols properly, while also focusing on the two most critical areas in that domain from a developer's point of view: network communication and practical cryptography. It covers network-level threats and countermeasures from the Data Link to the Application layer, and gives an overview of the most critical implementation-level attacks against crypto implementations as well as the security issues related to XML.
The course is recommended for developers of interoperating networked applications – giving them the essential knowledge to design and implement secure network software.
The course introduces some common security concepts, gives an overview about the nature of the vulnerabilities regardless of the used programming languages and platforms, and explains how to handle the risks that apply regarding software security in the various phases of the software development lifecycle. Without going deeply into technical details, it highlights some of the most interesting and most aching vulnerabilities in various software development technologies, and presents the challenges of security testing, along with some techniques and tools that one can apply to find any existing problems in their code. A training that primarily targets managers and engineers getting involved in secure coding issues, giving them an overview on software security problems through a number of demonstrations.
The course provides a brief management level overview on Microsoft Security Development Lifecycle (SDL) by introducing essential concepts, tackling secure design and the nature of the most common vulnerabilities. Selected secure coding topics of various platforms show the importance of proper design and implementation. Test methodologies and most important concepts regarding privacy are also addressed. This course is perfect for managers who want to gain a high-level overview on Microsoft SDL in order to manage software development projects with security in mind.