Training Services

Are you looking for world-class security training, delivered by seasoned professionals who have spent years practicing what they train? We specialize in small classroom, instructor-lead heavily hands-on training that is tailored and customizable to our customers' needs. Since our classes are generally on-site at customer locations, and since we charge per class, and not per student, we can help you get the most out of your training budget. The on-site training also minimizes down time that your employees will spend away from their offices.

Our training philosophy is to clearly present various technical topics, and then to drive them home through a series of hands-on exercises that reinforce the lecture content and help the students internalize what they've learned. This allows them to take concepts and immediately put them into practice.

We have a small cadre of highly qualified instructors who have years of experience in the field. By maintaining these standards, we have built a substantial track record of successful deliveries and maintaining the highest levels of customer satisfaction.



Course Catalog

The list below contains brief summaries of our primary course offerings. Detailed descriptions, including course outlines and pricing options, are available upon request.


(NEW for 2011!) The Art of Building Bulletproof Applications for Mobile Devices: iOS OR Android (2 or 2 1/2 days each - 12 hours of class time)

Course Description - This pair of classes covers the major security issues for developing secure mobile applications on the iOS (iPhone, iPad, and iPod Touch) and Google Android platforms, respectively. Each class begins with an overview of, and hands-on exercises using OWASP’s iGoat tool, that demonstrate the major security pitfalls on each platform. They then showcase the major security features of each platform, complete with source code examples of how to make use of them. Next, the principal security building blocks for such vital mechanisms as authentication, session management, protecting sensitive data, and such are discussed, again with detailed source code examples and discussions. Lastly, putting these topics into practice through threat modeling, source code review, and security testing are covered.

OPTIONAL: There is an additional 1/2-day coding lab available for this course. In the coding lab, students are required to implement all the remediations in each of iGoat’s exercises. Each exercise and its remediation is described and discussed at length, including how to properly implement similar remediations in production-quality apps.

Intended Audience - The ideal student for this class is a hands-on iOS or Android app developer, security architect, or technical manager who is looking for a solid understanding of the best practices for developing secure apps.


(NEW for 2011!) Managing the iPad/iPhone in the Enterprise (1 day - 7 hours of class time)

Course Description - This class helps the IT security team learn what it takes to properly manage a fleet of iOS devices--iPhones and/or iPads--in a modern enterprise environment. The course begins by delving deeply into the problems encountered with deploying iOS in large numbers. It then looks into how to analyze an iOS app to determine whether it should be allowed into the enterprise or not. Next, the course covers how to create custom tailored configuration profiles on iOS devices, and how to deploy them across an entire fleet of devices. Where applicable, hands-on exercises are used to clearly illustrate the topics being covered.

Intended Audience - The ideal student for this class is an IT or IT Security manager or tech leader.


Pervasive Web Application Security Defects and How to Avoid Them (3 or 4 days - 18 or 24 hours of class time)

Course Description - This class starts with a description of the security problems faced by today's software developer, as well as a detailed description of today's most common web application security defects, following the venerable OWASP Top-10 (2010) list, along with a few additional weaknesses not found on the OWASP list. Each security defect is presented along with a hands-on exercise in which each student gets to see the vulnerability first hand, in order to thoroughly internalize the issues. Remediation techniques and strategies, complete with source code examples, are also covered for most of the defects (where applicable). Following this, attention is turned to effective techniques that can be used during software design, coding, and security testing.

This class is available in two versions: Java EE and C#. The primary difference in the versions is the source code examples used throughout the class.

If you are looking for PCI-DSS training for your software developers, consider this course.

OPTIONAL: There is also an optional 1-day Java coding lab addition to our 3-day web application security class. This optional day includes 3 in-depth coding labs for Java developers to fine tune their Java EE skills. The labs include patching existing Java EE code to make it resilient to cross-site scripting (XSS) and SQL injection flaws, as well as adding various role-based access control code to some existing web servlets. Additionally, in this 1-day add-on, students will get hands-on exposure to a commercial static code analysis tool by analyzing some existing open source Java software. Familiarity with software development in Java is strongly recommended. NOTE: The optional coding lab is not currently available in C#.

Intended Audience - The ideal student for this class is a hands-on web application developer or architect who is looking for a fundamental understanding of today's best practices in secure software development.


Intrusion Detection Using Snort, Hands-on (3 days - 18 hours of class time)

Course Description - This class provides a rock solid foundation for the intrusion detection practitioner. It describes the background and basics of IDS/IPS, how they work, how they are commonly deployed, and such. It then uses extensive hands-on labs to demonstrate to the students how to install and configure the popular open source Snort IDS/IPS engine. Hands-on labs include attacking a Snort equipped virtual machine with commonly used attack tools and methods. The attacks include both operating system and application level methods. The Snort IDS is used to detect the attacks, the results of which are then checked and discussed. Students also learn how to create customized Snort rules. Lastly, common pitfalls and how to avoid them, along with practical tips for how to deploy an IDS network are discussed.

Intended Audience - The ideal student for this class is a hands-on IT security practitioner, with a solid working knowledge of TCP/IP networking and common operating systems.