Applied Cyber Security Training

Rating:
1 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 5
Loading...
Please Log in or register to rate

Applied Cyber Security Training

SEC-303

Applied Cyber Security course is intended for software developers. In this course we will have a hands-on journey of exploring and exploiting local and remote application code, complemented with topics in Operating System and compiler protection techniques for various programming languages.
The course targets the Secure application development and testing cycle, with emphasis on code reviewing, analyzing, testing, and hardening existing applications, to run in the organization’s currently deployed and prospective target operating systems. We will also discuss the relevant product managements aspects and prepare the engineers towards an effective participation in internal and external audits processes.

Notes:
• We will mostly deal with C/C++ and Java code over Linux.
• The course will be customized to the the client’s requirements.
• Course length may vary greatly according to the required certification levels. We would usually spend a week on training, and then a varying number of days creating a threat level for the organization and the organization for internal Penetration Testing all levels. Since this is extremely customized, and will involve different teams, on an ongoing process, we do not propose a general timeline for this follow-up activity.

Audience

Target Audience:
• Software developers
• System Administrator and Field Support Engineers with significant programming experience will also benefit from the course.

Prerequisites:
• Development experience

Course Topics
  • Introduction to Web security threats (Trojans/viruses/Worms/Social Engineering)
  • Code injections (Shellcodes, etc.)
  • DB injections (SQL injection)
  • XSS/XSRF/Client side vulnerabilities
  • Cryptography, recommended cyphers, server CSS compatibility list
  • Input filtering (at client side, at server side)
  • OS hardening (at server side) (e.g. sysfs params etc.)
  • Client hardening at client side
  • Code hardening, compiler flags, coding techniques
  • Auditing techniques
  • Rate limiting techniques, load balancing techniques
  • Preparation to external Penetration Testing (Do the maximum you can inhouse – before contacting others)
  • How to prepare and create threat modeling (STRIDE&DRED, CVSS, Trike and more)
  • Security control management and implementation (SIEM/SOC, Secured gateway, Secured mail, VPN, PKI, DLP, AV, IPS, FW, etc.)
  • DDOS attacks ( DDOS types and way to mitigate them)
Detailed Course Outline
© Copyright - Skilit - Site by Dweb