Training
Services
Are you looking for world-class security training,
delivered by seasoned professionals who have spent years
practicing what they train? We specialize in small
classroom, instructor-lead training that is
tailored and customizable to our
customers' needs. Our classes are generally on-site at our
customer locations, further driving down the per-student
training costs to highly affordable levels, while also
minimizing the amount of time the students need to be away
from their offices.
Our training philosophy is to clearly present various
technical topics, and then to drive them home through a
series of hands-on and paper exercises that reinforce the
lecture content and help the students internalize what
they've learned. This allows them to take the sometimes
abstract concepts and immediately put them into practice by
way of the actionable guidance we provide.
We have a small cadre of highly qualified instructors who
have years of experience in the field. By maintaining these
standards, we have built a substantial track record of
successful deliveries and maintaining the highest levels of
customer satisfaction.
Course
Catalog
The list below contains brief summaries of our primary
course offerings. Detailed descriptions, including pricing
options, of each of the courses are available upon request
as well.
NEW!
Web Application Security
Essentials (3 days - 18 hours of class time)
Course Description - This tutorial starts with a
description of the security problems faced by today's
software developer, as well as a detailed description of
today's most common web application security defects,
following the venerable OWASP Top-10 (2007) list. Each
security defect is presented along with a hands-on
exercise in which each student gets to see the
vulnerability first hand, in order to thoroughly
internalize the issues. Remediation techniques and
strategies are also covered for each defect. Following
this, the tutorial goes on to provide a thorough
description of the best practices for developing
secure software.
Intended Audience - The ideal student for this
tutorial is a hands-on web application developer or
architect who is looking for a fundamental understanding of
today's best practices in secure software development.
Software Security Best Practices (2 days - 12
hours of class time)
Course Description - This tutorial starts with a
description of the security problems faced by today's
software developer, as well as a detailed description of
how defective software can be exploited. It goes on to
provide a thorough description of the best practices
available to prevent, detect, and remediate security
problems in software. Next, the tutorial includes hands-on
design review exercises to reinforce each of the concepts
presented, together with dozens of examples of common
coding errors (primarily in C/C++ and Java).
Intended Audience - The ideal student for this
tutorial is a hands-on software developer or architect who
is looking for a fundamental understanding of today's best
practices in secure software development.
Software Security In Depth (5 days - 34 hours
of class time)
Course Description - This tutorial takes the core
instructional material as the offering above, and builds on
it via 3 intense days of hands-on lab time in which the
students delve directly into the three core topics of
software design, coding, and testing. Each hands-on day
includes a half day of exercises in which the students put
into practice the processes and tools covered in the
lecture content. Students experience first-hand many of
today's best of breed secure software development tools on
the market in a non-sales, non-threatening, and safe
environment.
C/C++ and Java are highlighted in both the lecture content
and lab exercises. Students may select exercises and tools
that are specific to these development languages and
environments.
Intended Audience - The ideal student for this
tutorial is a hands-on software developer
(design/architecture, coding, and/or security testing).
Additionally, the student should be looking for a
fundamental understanding of how to develop secure
software, and have a need to know what development tools
are available to assist in the process -- and how to put
them into practice.
Basic Incident Response (1/2 day
- 3 hours of instruction time)
Course Description - Much like its Basic Secure
Coding counterpart, this tutorial lays down the basic
principles and practices of how to best set up and conduct
Incident Response operations. It stresses the bonds between
the technical and the business concerns in a way that helps
the student build an effective businesslike Incident
Response capability. It too is designed to follow the
authors' book on the subject matter, Incident Response
(Kenneth R. van Wyk and Richard Forno, O'Reilly &
Associates, 2001).
Intended Audience - Security professionals with
direct or managerial responsibilities in the Incident
Response process.
Incident Response Tutorial (1 day
- 6 hours of instruction time)
Course Description - This tutorial builds and
expands on its 1/2 day counterpart by going into more
detail on the processes, procedures, and tools available
for conducting Incident Response operations.
Intended Audience - Security professionals
directly involved in Incident Response who are looking to
build a fundamental knowledge of the discipline.