Security Training-as-a-Service (STr-aaS) Service Details & Features

Transcription

1 Security Training-as-a-Service (STr-aaS) Service Details & Features

2 Importance of Information Security Training There is only one way to keep your product plans safe and that is by having a trained, aware and a conscientious workforce. - Kevin Mitnick, The Art of Deception A major challenge within Information Security is the pace at which technologies change causing threats and attacks to emerge out of no-where. Security risk continue to affect all type and scale of businesses. People or Companies who loose sensitive information can result in risk of large losses, legal liabilities, bad reputation and future loss of earnings. Provided number of serious information security attacks and breaches, security training is the first line of defence required for all job roles from Employees to Executives, based upon the type of work they are indulged in. It plays a crucial role in safeguarding two cores of any organization, People and Data. Today, Companies invest heavily in ensuring Security by hiring professionals, develop and implement policies and infrastructure. Still, they are continuously falling victim to massive data breaches and cyber-attacks. In any organization, People or Users are often treated as weakest link of their Security Chain as we are more susceptible to security attacks due to our behaviour of trusting things easily. Security Training helps in strengthening this weakest link. If training is delivered through proper channel, then, one not only it can practically reduce chances of mishandled data and prevent unauthorized access but can also ensure compliance with state and federal laws and regulation, preserve customer trust and ensure company s reputation.

3 Security Training as-a-service (STr-aaS) Development of Security Awareness and Training program demands immense attention to detail and careful planning. At times, this can be quite challenging and frustrating. If the goals and objectives are not met, it can turn into a fruitless task as well. To avoid this, it is important to first determine and carefully follow the requirement set of your organization. We understand that every type of industry and product team have their own and unique requirement of Security Training. Some need security training from scratch like ensuring awareness amongst employees to implant seeds of security sense, while some need assistance from security point based on their existing process and technologies, while some need to deep-dive on specific tools. STr-aaS can assist in every cause using its unique fully customizable feature, which fulfils your exact security training requirement based on your working domain and technologies. Divided into customizable multiple levels and modes, H2S provides cost effective training solution as per every industry needs and requirements.

4 Unique Features Wide Range of Security topics across domains Multiple o Live Online, Classroom delivered via webinars o, Classroom based delivery o On-Demand, via pre-recorded, self-paced, 24x7 accessible videos* (* Limited Topics) Multiple Training Levels o Awareness, to implant seed of Security Thought process o Beginner, to provide security prospect on working technologies o Intermediate, to fuel integration of security with existing processes o Tools & Techniques, to deep-dive into specific security methods and measures o Advanced, to deep dive into security processes and techniques Cost Effective Customizable as per your business model, requirement and industry type How it Works Contact Us Client contact us with their unique training requirements Analysis Our Expert Team analyse and suggest on topics or training content as per request (and industry type) Review Client Review and suggest for changes, if any Delivery We deliver training as per pre-decided mode and schedule

5 Multiple Delivery Modes We provide multiple delivery modes to ensure customizable, cost effective and deep dive training sessions for Security topics across domains. Online (E-Learning) Today, Internet provides Easy, Convenient and Cost Effective option of Online Training to transfer skills and knowledge. These internet or web based classes can be Live or Recorded in advance for Self-paced option. It not only eliminates travel and venue cost but also provides option of customizable and flexible method of learning. This helps a person to be updated and knowledgeable without effecting much of their tight and productive schedule. Self-Paced, On-Demand Our dedicated online self-paced, 24x7 accessible training courses helps you to master number of vendor independent information security topics across domains ranging from Security basics to deep-dive into tools and technologies. o Self-Paced o 24x7 o Globally Accessible o Life Time Access o No Travel Required o Cost Effective Live Online is another mode of E-learning, which Hack2Secure provides specifically for its Corporate Client. These online training sessions are scheduled as per Client s convenience and are customizable as per business requirement. o Rich Virtual Learning Environment o Globally Accessible o Customizable o Scheduled as per Convenience o No Travel Required o Cost Effective Instructor Led Training is the traditional mode of delivery and have been around since beginning of training function. It allows students to interact and have face-to-face discussions with trainer and get real time resolution to their queries. These type of classroom programs are scheduled at client s premise as per requirement. Our training programs allow companies to have Cost-Effective, Focussed and Flexible option, where they can schedule training as per their convenient and optimized time minimizing impact on regular productive hours.

6 Multiple Training Levels Level 1: Awareness Level 2: Beginner Level 3: Intermediate Level 4: Tools & Techniques Level 5: Advanced

7 Level 1: Awareness This level provides basic understanding of Security fundamentals, best practices, common myths and real time use cases, which can assist in implanting seed of security requirement in minds of people. Target Audience: Anyone Topics: Internet & Computer Security Information Security Fundamentals Internet & Computer Security Security Awareness program providing overview on day-to-day security practices to be considered by a person using Internet and Computer Systems o Security Considerations for a Computer Systems o Security Practices considering o Creation of secure password o Identify and avoid Fake s, Web pages, Downloads etc o Secure Browsing, online transactions, Social Networking o Social Engineering o Data Network & Web Security etc Information Security Fundamentals Training program to provide overview on basic security concepts, terminologies and overview on Secure Software Design Considerations. o C.I.A Triad (Confidentiality, Integrity & Availability) o Overview on Cryptography, PKI, SSL/TLS, Digital Signatures o A.A.A. Concepts (Authentication, Authorization & Accountability) o Overview on Access Control, Password Security o Secure Design Principles etc Online Self-paced

8 Level 2: Beginner This level is specifically designed for someone who is involved in technical domain from any prospect and want to learn some insights on Information Security. Topics in this level provides basic understanding of Security attacks and measures to countermeasure them. Target Audience: Anyone involved in Technical Domain o Software Testers, Developers o Network & System Administrators o Security Administrators & Testers o Management (Technical decision makers) Topics: Web Security: Analysing OWASP Top10 Security Risk Network Security: Common Vulnerabilities & Attack Scenarios Cloud Security: Existing Risk & Vulnerabilities TLS/SSL: Protocol Overview & Testing Methods Introduction to Cryptography Web Security: Analysing OWASP Top10 Security Risk Training program to provide overview on Web Security concepts, attack scenarios involving OWASP Top10 Security Risk and possible countermeasures. o Overview on OWASP Top10 Security Risk & Attack Scenarios o Best practices and Countermeasures Network Security: Common Vulnerabilities & Attack Scenarios Training program to provide overview on common Network Security Attack scenarios and possible countermeasures. o Networking Fundamentals o Network Attack Scenarios o Best practices and Countermeasures

9 Cloud Security: Existing Risk & Vulnerabilities This training program delivers overview on Cloud Computing, existing Security Risk and Vulnerabilities causing main hindrance in its adoption. o Introduction to Cloud Computing o Secure Cloud Computing Architecture o Data Security in Cloud o Secure practices in Cloud TLS/SSL: Protocol overview and Effective Testing This training course provides details on TLS/SSL protocol, its workflow, overview on common and well known attacks, best practices and brief on testing tools and techniques. o About TLS/SSL protocol, Handshake process o Common attack scenarios & best practices o Testing Effective TLS/SSL functionality o Decrypting & Analysing TLS/SSL traffic with Wireshark Introduction to Cryptography This training program is to provide overview on Cryptography and Public Key Infrastructure (PKI), its usage in everyday life and common attack scenarios. o About Cryptography, processes and types o PKI, TLS/SSL o Hashing, Digital Signature o Cryptography in everyday life o Common attack scenarios

10 Level 3: Intermediate This level is specifically targeted for someone involved particularly with Security Domain in any manner. Topics provide details on different tools, procedures and techniques required from Security testing prospect. Target Audience: Anyone involved in Security Domain o Security Testing Engineers (QA), Developers o Security Administrators o Security Testers & Auditors o Management (Specifically Handling Security Team) Topics: Reconnaissance & Google Hacking Buffer Overflow: Attacks & Countermeasures Secure SDLC: Integrating Security in Software Development Life Cycle Essential Checks for Application Security Common Causes of Security Defects Reconnaissance and Google Hacking This training program provides details on different active and passive reconnaissance and information gathering tools and techniques along with usage of advanced google search operators for security testing. o Active and Passive Reconnaissance Tools, Tricks and Techniques o Insights to Google Search Operators for security testing o Overview to Recon Pentest process o Basic countermeasures and best practices to prevent information leakage Online Self-paced Buffer Overflow: Attacks & Countermeasures This training program deals with Buffer overflow concept and overview on possible mitigation methods. o About Buffer Overflow, Types o Format String Vulnerability o Mitigation methods

11 Secure SDLC: Integrating Security in Software Development LifeCycle This program deals with possible processes, tools and techniques required to address security in different phases of Software Development Life Cycle (SDLC). o Challenges in mapping Security with SDLC o Ensuring Secure Design and overview on Threat Modeling o Static Analysis for Secure Coding o Securing 3 rd party software, libraries and plugins o Performing Security testing and Vulnerability Assessment Essential Checks for Application Security This training program provides overview on minimum considerations, checks and test to ensure Security of any software or application. o Operating System & Platform Infrastructure o System Processes, Software and Configuration Management o Logging & Auditing, Authentication, Authorization etc o Locally Implemented protocols o TCP/IP Infrastructure, Session Management etc o Encryption o Forwarding Devices: Access Control List, Routers, Switches etc o Assurance and Process o Design Assumptions, 3 rd party Software, Static Analysis etc Common Causes of Security Defects This training program provides overview and testing guidelines for common vulnerabilities which are the primary cause of Security Flaw in any software/application. o OWASP Top10 Security Vulnerabilities o Flaws in AAA, information leakage, o Weak Data protection, Overflow problems, Race conditions etc

12 Level 4: Tools & Techniques This level specifically provide deep-dive into specific Security tools and techniques. One must have basic understanding of Security & networking concepts before taking these topics. Target Audience: Anyone involved in Security Testing o Security Administrators & Engineers o Security Testers & Auditors Topics: Using NMAP Effectively Network Packet Crafting with SCAPY Web Application Security with BURP SUITE Network Packet & Traffic Analysis with WIRESHARK Using NESSUS for Vulnerability Scanning Attacking Systems with METASPLOIT FRAMEWORK Using NMAP Effectively This training program is dedicated to in-depth working and features of NMAP as Security Testing Tool. o About NMAP and its Working o Different Ping and Scan type o Overview on NMAP Scripting Engine (NSE) o Using NMAP for Security Testing Network Packet Crafting with SCAPY This training program deals with tools and techniques to craft different types of Network Packets using SCAPY. o About SCAPY and usage details o Sniff, Filter and Re-Send packets with SCAPY o Protocol Security Testing with SCAPY o Using SCAPY in scripts

13 Web Application Security with BURP SUITE This course provides in-depth working and features of Burp Suite for Web Application Security Testing o About BURP SUITE and Configuration Overview o Exploring different option and Extensions in BURP o Advanced BURP SUITE Options Network Packet & Traffic Analysis with WIRESHARK This training program provides in-depth working and features of WIRESHARK as Network Sniffing and Traffic Analysis tool. o About WIRESHARK, Features and Functional Overview o Capture and Display Filters, Protocol dissections o Analysing Protocol traffic o Detecting common security Attacks from Captured Network Traffic Using NESSUS for Vulnerability Scanning This training program provides in-depth working and features of NESSUS vulnerability scanner, its policy configuration and overview on Nessus Attack Scripting Language (NASL). o About NESSUS and features overview o Creating Policy and Interpreting Results o Nessus Attack Scripting Language (NASL) Live Online Attacking Systems with METASPLOIT FRAMEWORK This training program provides in-depth working and features of METASPLOIT FRAMEWORK, Writing and Porting of Exploits and its usage in Security Testing o Metasploit Framework and its different components o Writing and Porting exploits to Metasploit o Usage in Security Testing

14 Level 5: Advanced This level provides deep-dive into Security testing process, tools and techniques. Topics in this level dig deep into security testing methodologies and scenarios to simulate attacks. Target Audience: Anyone, who wants to dig-deep in Security Methodologies o Security Engineers, Testers and Auditors o Security Office or Individuals involved in Risk and Threat Management Topics: Threat Modeling for Application Security Breaking Web Application Security Introducing Product Security Policy (PSP) Security Attacks & Incident Handling Threat Modeling for Application Security This training program provides overview on Threat Modeling, its design considerations, determining attributes and Analysing identified threats. o About Threat Model, its Goal and Scope o Steps to design Threat Model of a product o Threat Analysis and Countermeasures o Dummy project Breaking Web Application Security This training program provides in-depth understanding of Web Security flaws, tools and techniques to test them. o WWW Architecture o Attacking application from all ends o Authentication, Access controls, Session Management o Front-end & Back-end Attacks, Server & Client side Attacks o Logs, Storage & Source Code Security o Fuzzing, Overflow attacks etc

15 Introducing Product Security Policy (PSP) Product Security Policy provides minimum set of security testing requirements which any product needs to follow. This training program provides overview on different testing areas/components of PSP along with tools and techniques to test them o Test required to ensure o Confidentiality, Integrity and Availability o Authentication, Authorization and Accountability o Secure Design Principles o Web Security Essentials Test o Network Security Essentials Test o Cloud & Virtualization Security Essential Test o Must Have, Security Devices, Servers and Protocols Configuration Security Attacks and Incident Handling To stop a Hacker, you need to think like a hacker. This training program provides anatomy of number of Security Attack scenarios, working of different security tools and techniques along with overview on Incident Handling process. o Understanding of Incident Handling process and its Implementation o Different Security Attack structures and techniques across applications, Host and Network o In-depth exposure to number of Security tools and techniques etc Online Self-paced

16 Summary: Training Levels Level# Level1: Awareness Level2: Beginner Level3: Intermediate Level4: Tools & Techniques Level5: Advanced Topics Delivery Mode Online Self- Paced Online Live Internet & Computer Security Information Security Fundamentals Web Security: Analysing OWASP Top10 Security Risk Network Security: Common Vulnerabilities & Attack Scenarios Cloud Security: Existing Risk & Vulnerabilities TLS/SSL: Protocol Overview & Testing methods Introduction to Cryptography Reconnaissance & Google Hacking Buffer Overflow: Attacks & Countermeasures Secure SDLC: Integrating Security in Software Development Life Cycle Essential Checks for Application Security Common Causes of Security Defects Using NMAP Effectively Network Packet Crafting with SCAPY Web Application Security with BURP Suite Network Packet & Traffic Analysis with WIRESHARK Using NESSUS for Vulnerability Scanning Attacking Systems with METASPLOIT FRAMEWORK Threat Modeling for Application Security Breaking Web Application Security Introducing Product Security Policy (PSP) Security Attacks & Incident Handling

17 Security as-a-service (Sec-aaS) Framework Integrate & Implement Security as per your Need Security-as-a-service is a unique framework which act as a mould to address most of the Information Security service requirements for any organization, irrespective of Industry type and working domains. Its fully customizable modules based on environment and scenarios, addresses most of Security Service needs in the field of Training, Application Testing, Development and Analysis. Security Training as-a-service (STr-aaS) This module caters all Security Training Requirements at various Levels of expertise and act as an invaluable tool to gain insight into various information security concepts and a knowledge of real-time attack scenarios. Application Security as-a-service (AS-aaS) Application Security Testing as-a-service (ASTe-aaS) Threat Modeling as-a-service (TMo-aaS) This module helps in ensuring both Secure Software Design and Testing using our Threat Modeling and professional Application Security Testing Service Security Testing as-a-service (STe-aaS) Recon Pentest as-a-service (RPen-aaS) Vulnerability Assessment & Penetration Testing as-a-service (VAPT-aaS) This module services ensure professional Security Analysing for People, Data and Infrastructure.

18 About Hack2Secure The IT Industry has evolved from a standalone desktop and independent applications to a Complex Cloud environment. Today technology have become so advanced to reduce costs in terms of hardware, software, development and maintenance, however this has created an increased risk to SECURITY. Hack2Secure excels in Information Security Domain and offers customised IT Security programs, including Training, Services and Solutions. Our programs are designed by industry experts and tailored as per specific needs. We strive to serve with quality, efficiency, and timely delivery through our team of experienced and certified professionals in Information Security. We help students, professionals and companies with knowledge, tools and guidance required to be at forefront of a vital and rapidly changing IT industry. Security Training Hack2Secure excels in delivering intensive, immersion training sessions designed to master practical steps necessary for defending systems against the dangerous security threats like identity theft, phishing scams, virus and backdoors, loss of confidential information, hacking attacks etc. Our wide range of fully customizable training courses delivered via multiple modes allow individual to master different aspects of Information Security as per their industry requirement and convenience. These theoretical sessions incorporated with real time examples along with unique hands-on lab allows an individual to easily get ready for practice. Security Services Hack2Secure offers IT Security Professional Services to provide ways to stay ahead of Security Threats through proactive Software or Application Security Testing, Vulnerability Assessment, Penetration Testing, Threat Modeling and Consultation services. Our Services help clients to view IT Security from Attacker s prospect, leveraging real-time techniques to showcase risk, Vulnerabilities and Threats in their environment and also assess their implications on the business. Our unique Risk-based, Grey-box Security Testing Services by our team of expert, creative and experienced Subject Matter Experts, ensures costeffective, on-demand and thorough dynamic services to ensure security of product of an infrastructure using both Automated and Manual Security Testing processes.

19 Security as-a-service (Sec-aaS) Framework Security Training as-a-service (STr-aaS) Application Security Testing as-a-service (ASTe-aaS) Threat Modeling as-a-service (TMo-aaS) Recon Pentest as-a-service (RPen-aaS) Vulnerability Assessment & Penetration Testing as-a-service (VAPT-aaS) For any Enquiry related with Contact Us Security as-a-service (SaaS) Framework: General Enquiry: /Hack2Secure.India hack2secure