Security|Training

We have a small cadre of highly qualified instructors who have years of experience in the field. By maintaining these standards, we have built a substantial track record of successful deliveries and maintaining the highest levels of customer satisfaction.

Since our classes are generally on-site at customer locations, and since we charge per class, and not per student, we can help you get the most out of your training budget. The on-site training also minimizes down time that your employees will spend away from their offices.

• Break ‘em and Build ‘em Biathlon
  Pervasive Web Application Security Defects and How to Avoid Them

• Break ‘em and Build ‘em Biathlon
  (2 days each, 12 hours of class time)

  ---

  Don't have the time? Can your team only be spared for a day?

  We tailor each program to your organizations needs, time requirements and budget.

  ---

  Course Description

  Our “biathlons” are built to give software developers and information security personnel a rapid immersion into how to break the security of weak applications and how to build secure applications. The classes are intensively hands-on with labs using virtual machines. The labs step through common application security defects and how they can be exploited. Folllowing the break ‘em labs, the class revisits the same security defects and focuses on how to build secure code that isn’t so vulnerable to being so easily broken.

  ---

  Technologies Available

  Our biathlons are currently available for web applications in Java and Apple's iOS in Objective C.

  ---

  Intended Audience

  We encourage security and software development staff to take these biathlons in pairs. However, software developers and security staff with basic backgrounds in software development will benefit from them as well.

  ---

  Customized Courses

  We tailor each program to your organizations needs, time requirements and budget. Contact us to learn more.

  ---

• Pervasive Web Application Security Defects and How to Avoid Them
  (3 or 4 days - 18 or 24 hours of class time)

  ---

  Don't have the time? Can your team only be spared for a day?

  We tailor each program to your organizations needs, time requirements and budget.

  ---

  Course Description

  This class starts with a description of the security problems faced by today's software developer, as well as a detailed description of today's most common web application security defects, following the venerable OWASP Top-10 (2010) list, along with a few additional weaknesses not found on the OWASP list. Each security defect is presented along with a hands-on exercise in which each student gets to see the vulnerability first hand, in order to thoroughly internalize the issues. Remediation techniques and strategies, complete with source code examples, are also covered for most of the defects (where applicable). Following this, attention is turned to effective techniques that can be used during software design, coding, and security testing.

  This class is available in two versions: Java EE and C#. The primary difference in the versions is the source code examples used throughout the class.

  If you are looking for PCI-DSS training for your software developers, consider this course.

  ---

  Optional

  There is also an optional 1-day Java coding lab addition to our 3-day web application security class. This optional day includes 3 in-depth coding labs for Java developers to fine tune their Java EE skills. The labs include patching existing Java EE code to make it resilient to cross-site scripting (XSS) and SQL injection flaws, as well as adding various role-based access control code to some existing web servlets. Additionally, in this 1-day add-on, students will get hands-on exposure to a commercial static code analysis tool by analyzing some existing open source Java software. Familiarity with software development in Java is strongly recommended. NOTE: The optional coding lab is not currently available in C#.

  ---

  Intended Audience

  The ideal student for this class is a hands-on web application developer or architect who is looking for a fundamental understanding of today's best practices in secure software development.

  ---

  Customized Courses

  We tailor each program to your organizations needs, time requirements and budget. Contact us to learn more.

  ---

• Intrusion Detection Using Snort, Hands-on
  (2 days - 12 hours of class time)

  Course Description

  This class provides a rock solid foundation for the intrusion detection practitioner. It describes the background and basics of IDS/IPS, how they work, how they are commonly deployed, and such. It then uses extensive hands-on labs to demonstrate to the students how to install and configure the popular open source Snort IDS/IPS engine. Hands-on labs include attacking a Snort equipped virtual machine with commonly used attack tools and methods. The attacks include both operating system and application level methods. The Snort IDS is used to detect the attacks, the results of which are then checked and discussed. Students also learn how to create customized Snort rules. Lastly, common pitfalls and how to avoid them, along with practical tips for how to deploy an IDS network are discussed.

  ---

  Intended Audience

  The ideal student for this class is a hands-on IT security practitioner, with a solid working knowledge of TCP/IP networking and common operating systems.

  ---