Training
Services
Are you looking for world-class security training,
delivered by seasoned professionals who have spent years
practicing what they train? We specialize in small
classroom, instructor-lead heavily hands-on training that
is tailored and customizable to our
customers' needs. Since our classes are generally on-site
at customer locations, and since we charge per class, and
not per student, we can help you get the most out of your
training budget. The on-site training also minimizes down
time that your employees will spend away from their
offices.
Our training philosophy is to clearly present various
technical topics, and then to drive them home through a
series of hands-on exercises that reinforce the lecture
content and help the students internalize what they've
learned. This allows them to take concepts and immediately
put them into practice.
We have a small cadre of highly qualified instructors who
have years of experience in the field. By maintaining these
standards, we have built a substantial track record of
successful deliveries and maintaining the highest levels of
customer satisfaction.
Following recent training for the Department of Education, Employment and
Workplace Relations (DEEWR), Ken received the
following kind words from one of the students in the
class:
“"Ken van Wyk runs an up-to-date comprehensive course that
I would highly recommend it to anyone in this area. He
presents with years of experience and stories, in a
friendly, down-to-earth fashion, adjusting his presentation
style to the audience. In the course, he presents a
balanced approach and explains the cost-benefits of
mitigation controls. He never gets carried away and reminds
us of the real goal, which is to serve busines. He doesn't
try to push any particular vender, technology or system.
Nor does he try to sell you any of his books but he will be
glad to sign them if you do. I learnt a lot and really
enjoyed the course. Thanks Ken!"
Course
Catalog
The list below contains brief summaries of our primary
course offerings. Detailed descriptions, including course
outlines and pricing options, are available upon request.
Pervasive Web Application Security Defects and
How to Avoid Them (3 or 4 days - 18 or 24
hours of class time)
Course Description - This tutorial starts with a
description of the security problems faced by today's
software developer, as well as a detailed description of
today's most common web application security defects,
following the venerable OWASP Top-10 (2010) list, along with
a few additional weaknesses not found on the OWASP
list. Each security defect is presented along with a
hands-on exercise in which each student gets to see
the vulnerability first hand, in order to thoroughly
internalize the issues. Remediation techniques and
strategies, complete with source code examples, are
also covered for most of the defects (where
applicable). Following this, attention is turned to
effective techniques that can be used during software
design, coding, and security testing.
If you are looking for PCI-DSS training for your software
developers, consider this course.
OPTIONAL: There is also an
optional 1-day addition to our 3-day web application
security class. This optional day includes 3 in-depth
coding labs for Java developers to fine tune their Java EE
skills. The labs include patching existing Java EE code to
make it resilient to cross-site scripting (XSS) and SQL
injection flaws, as well as adding various role-based
access control code to some existing web servlets.
Additionally, in this 1-day add-on, students will get
hands-on exposure to a commercial static code analysis tool
by analyzing some existing open source Java
software. Familiarity with software development
in Java is strongly recommended.
Intended Audience - The ideal student for this
tutorial is a hands-on web application developer or
architect who is looking for a fundamental understanding of
today's best practices in secure software development.
Software Security In Depth (5 days - 34 hours
of class time)
Course Description - This tutorial takes the core
instructional material as the offering above, and builds on
it via 3 intense days of hands-on lab time in which the
students delve directly into the three core topics of
software design, coding, and testing. Each hands-on day
includes a half day of exercises in which the students put
into practice the processes and tools covered in the
lecture content. Students experience first-hand many of
today's best of breed secure software development tools on
the market in a non-sales, non-threatening, and safe
environment.
C/C++ and Java are highlighted in both the lecture content
and lab exercises. Students may select exercises and tools
that are specific to these development languages and
environments.
Intended Audience - The ideal student for this
tutorial is a hands-on software developer
(design/architecture, coding, and/or security testing).
Additionally, the student should be looking for a
fundamental understanding of how to develop secure
software, and have a need to know what development tools
are available to assist in the process -- and how to put
them into practice.
Intrusion Detection and Prevention Systems
Hands-on (3 days - 18 hours of class time)
Course Description - This tutorial provides a rock
solid foundation for the intrusion detection practitioner.
It describes the background and basics of IDS/IPS, how they
work, how they are commonly deployed, and such. It then
uses extensive hands-on labs to demonstrate to the students
how to install and configure the popular open source
Snort IDS/IPS engine. Hands-on labs
include attacking a Snort equipped virtual machine
with commonly used attack tools and methods. The
attacks include both operating system and application
level methods. The Snort IDS is used to detect the
attacks, the results of which are then checked and
discussed. Students also learn how to create
customized Snort rules. Lastly, common pitfalls and
how to avoid them, along with practical tips for how
to deploy an IDS network are discussed.
Intended Audience - The ideal student for this
tutorial is a hands-on IT security practitioner, with a
solid working knowledge of TCP/IP networking and common
operating systems.