Information Security. Training

Transcription

1 Information Security Training

2 Importance of Information Security Training There is only one way to keep your product plans safe and that is by having a trained, aware and a conscientious workforce. - Kevin Mitnick, The Art of Deception A major challenge within Information Security is the pace at which technology changes, causing threats and attacks to emerge out of no-where. Security risks continue to affect all types and scales of businesses. People or Companies who loose sensitive information can result in risk of large losses, legal liabilities, bad reputation and future loss of earnings. Provided number of serious information security attacks and breaches, security training is the first line of defence required for all roles from Employees to Executives based on type of work they are indulged in.

3 How Organizations are benefited Reduces devaluation Organization s Risk profile Reduce Direct and Indirect costs Reduces technology leakage risk Build compline and Secure Product How Professionals are benefited Knowledge Development to stay on top of trends Job Security Better Career Growth and Opportunities Domain Specialization Strong Security Leadership How College Students are benefited Better Job Opportunities In-tune with Current and Upcoming trends Evidence of your Abilities

4 Why Hack2Secure for Information Security Training Hack2Secure excels in providing intensive, immersion training designed to master the practical steps necessary for defending systems against the dangerous security threats like identity theft, phishing scams, virus and backdoors, loss of confidential information, hacking attacks etc. We strive to scale up to highest benchmark standards established in the industry. Our wide range of courses cover various aspects of Information Security with hands-on training that allow an individual to easily get ready for the practice. Hack2Secure provides customized IT Security Training per specific requirements through a most suitable mode of delivery. One can choose to attend courses Online (On-demand or Live) or with our Instructor-Led-Training programs scheduled either at your premise or externally at pre-defined venue.

5 Customised Training Programs Customizable Security Training Programs based on client requirement. Security Tools & Techniques Security Processes & Policies Corporate Training College Training Program Summer Training Program Certificate Training Multiple Training Modes Different Training Levels Advance Level Intermediate Level Intermediate Level Self-Paced Training Live Online Training Instructor-Led

6 Beginner Level Training Programs Security Awareness Training Information Security Fundamentals Introduction to Cryptography Using Google Effectively for Security Testing OWASP Top10: Attacks & Countermeasures Buffer Overflow: Attacks & Countermeasures Performing Effective Application Security Testing Penetration Testing & Vulnerability Assessment Cloud Security: Existing Security Risk & Vulnerabilities Integrating Security in Software Development Lifecycle

7 Intermediate and Advance Level Training Programs Security Essentials Using NMAP Effectively Common causes of Security Defects Network Packet Crafting with SCAPY Web Application Security with BurpSuite Ensuring Application Security with TLS/SSL Network Packet & Traffic Analysis with WIRESHARK Breaking Web Software Security Using NESSUS for Vulnerability Scanning Essential checks for Application Security Threat Modeling for Application Security Attacking Systems with Metasploit Framework

8 Security Awareness Training Level # Beginner Objective: This Security Awareness program deals with day-to-day secure practices to be considered by a person using Internet and Computer Systems. Audience: Any Computer System User Pre-Requisites: Basic understanding of Computer Systems and Internet Security considerations for a Computer Systems How to create a Secure Password Identify and Avoid Fake s, Web Pages & Downloads Secure Browsing, E-Commerce & Bank Transactions Social Media Security, Social Engineering and Network Eavesdropping Data Security, Malicious Softwares & Backups Information Security Fundamentals Level # Beginner Objective: This course provides a walk-through in basic Security Concepts and Secure Software Design Considerations Audience: Who wants to learn basics of Information Security Pre-Requisites: Basic understanding of Computer Systems and Internet About CIA (Confidentiality, Integrity & Availability) & related attacks Overview on Cryptography, SSL/TLS, Certificates & Digital Signatures Authentication, Authorization & Accountability Overview on Access Control, Password Security Security Design Principles

9 Introduction to Cryptography Level # Beginner Objective: This course provides overview on Cryptography and Public key Infrastructure, its usage in everyday life and common possible attacks on same. Audience: Security Enthusiastic, Security Professionals Pre-Requisites: Basic understanding of Computer Systems and Internet What is Cryptography, Processes and Types Public Key infrastructure with SSL/TLS Cryptography in everyday life Attacks to Cryptography Using Google Effectively for Security Testing Level # Beginner Objective: This course provides deep-dive to Google usage as Search Engine and Information Gathering tools Audience: Security Enthusiastic, Security Professionals Pre-Requisites: Basic understanding of Computer Systems and Internet Using Google as Search engine, its Operators and Building Queries Google Cache, Directories and Traversal Data Mining & Document digging Finding Sensitive Data, Exploit Code and Executables

10 OWASP Top10: Attacks & Countermeasures Level # Beginner Objective: This course provides basic overview to OWASP Top 10 vulnerabilities and possible measures to avoid these. Audience: Security Enthusiastic & Professionals, Software Testers & Developers Pre-Requisites: Basic understanding of Web Technologies About OWASP OWASP Top10 Vulnerabilities o Injection Attacks, Broken Authentication & Session Management o Cross Site Scripting, Insecure direct object References o Security Misconfiguration, Sensitive data Exposure o Missing function level Access Control, Cross Site request forgery o Using Components with known vulnerabilities o Un-validated redirects and forwards Buffer Overflow: Attacks & Countermeasures Level # Beginner Objective: This course deals with Buffer overflow concepts and possible available mitigation methods Audience: Software Testers & Developers, Security Enthusiastic & Professionals Pre-Requisites: Basic Operating System Concepts About Buffer Overflow: Stack-based and Heap-based Format String Vulnerability Buffer Overflow Mitigation methods

11 Performing Effective Application Security Testing Level # Beginner Objective: This course deals with methodologies, process and scenarios for effective security testing. Audience: Software Testers, Security Enthusiastic & Professionals Pre-Requisites: Software Testing concepts, Working knowledge of Linux OS Importance of Security Testing, Security Principles Analysing product for Security Testing Security Testing o OWASP Top10 o Environment Binaries, Input checks, Data & Logic o Some more attack testing: Threat Modeling overview Penetration Testing & Vulnerability Assessment Level # Beginner Objective: This course deals with process, tools and techniques for Penetration Testing and Vulnerability Assessment Audience: Security Enthusiastic & Professionals Pre-Requisites: Working knowledge of Linux OS, Networking concepts About Ethical hacking, Penetration Testing and Vulnerability Assessment Information Gathering Scan, Sniff & Enumeration Vulnerability Assessment Exploit it!! Holding the fort & Cleaning-up the mess

12 Cloud Security: Existing Security Risk & Vulnerabilities Level # Beginner Objective: This course provides overview on Cloud Computing, Existing risk and vulnerabilities causing main hindrance in its adoption Audience: Software Engineers, Managers, Security Enthusiastic & Professionals Pre-Requisites: Basic Networking & Security concepts, Introduction to Cloud computing and Security Secure Cloud Computing Architecture Data security in Cloud Computing Secure Practices in Cloud Computing Integrating Security in Software Development Life Cycle Level # Beginner Objective: This course provides overview on integrating Security in Software Development Lifecycle Audience: Software Testers, Developers & Managers, Security Enthusiastic Pre-Requisites: Knowledge of Software Development Life Cycle Challenges in Software Security Mapping Security in Software Development Lifecycle Security Impact Assessment Ensuring Secure Design and Coding Methodology Static Analysis for Code Security Performing Vulnerability Testing

13 Security Essentials Level # Intermediate Objective: This course provides overview on Essential Security concepts, tools and techniques. Audience: Security Enthusiastic & Professionals Pre-Requisites: Basic Web and Networking concepts Security Concepts and Principles Network Security : Concepts and Attacks Network Security : Scanning and Sniffing Web Security : OWASP Top10 Vulnerabilities Using NMAP Effectively Level # Intermediate Objective: This course provides in-depth working and features of NMAP as Security Testing tool Audience: Security Enthusiastic & Professionals Pre-Requisites: Basic Networking & Operating System concepts About NMAP & How it Works NMAP Ping & Port Scans NMAP Scripting Engine (NSE) NMAP for Security Testing : Auditing, Vulnerability Assessment & Compliance testing Advance NMAP Options

14 Common causes of security Defects Level # Intermediate Objective: This course provides details and testing guidelines for vulnerabilities which are primary cause of Security flaw in any Software/Application. Audience: Software Tester & Developer, Security Enthusiastic & Professionals Pre-Requisites: Basic Web, Networking & Operating System concepts OWASP Top10 Vulnerabilities Flaws in Authentication, Authorization, Accountability Information leakage, Weak Data Protection Improper usage of SSL/TLS Overflow problems, Race conditions and more. Network Packet crafting with SCAPY Level # Intermediate Objective: This course provides in-depth working and features of SCAPY as Network packet crafting tool Audience: Security Enthusiastic & Professionals, Software Engineers Pre-Requisites: Basic Networking & Operating System concepts Limitations of Packet Crafting and Forging tools Scapy overview and usage details Sniff, Filter and Re-send packets with Scapy Advance Scapy options Protocol Security Testing o Ether, ARP, ICMP, IP, TCP, UDP o NTP, DNS, SNMP o IPv6, SSL

15 Web Application Security with Burp Suite Level # Intermediate Objective: This course provides in-depth working and features of Burp Suite for Web Application Security Testing Audience: Security Enthusiastic & Professionals, Software Engineers Pre-Requisites: Basic Web Application concepts About Burp Suite and configuration overview Using Burp Suite o Target, Scope and Proxy o Spider and Discover o Scanner and Intruder o Repeater and Sequencer o Decoder and Comparer Burp Suite Extensions Advance burp Suite Options Ensuring Application Security with TLS/SSL Level # Intermediate Objective: This course provides details on TLS/SSL protocol, Common Attacks and Testing tools and techniques Audience: Software Tester & Developers, Security Enthusiastic & Professionals Pre-Requisites: Basic Networking & Operating System concepts About TLS/SSL protocol, Handshake process Cryptographic Attacks, Improper usage of PKI Testing effective TLS/SSL functionality Decrypting TLS/SSL traffic with Wireshark

16 Network Packet & Traffic Analysis with WIRESHARK Level # Intermediate Objective: This course provides in-depth working and features of WIRESHARK as Network Sniffing and Traffic Analysis tool Audience: Security Enthusiastic & Professionals, Software Engineers Pre-Requisites: Basic Networking & Operating System concepts Methods & Requirements of Sniffing Network Packets About Wireshark, features and functional overview Capture and Display filters, Protocol dissection Analysing protocol traffic o ARP, ICMP, IP, TCP, UDP o DHCP, DNS, NTP o HTTP, SSL Analysing Common Security Attacks from captured network traffic Breaking Web Software Security Level # Advanced Objective: This course provides in-depth understanding of Web Security flaws and tools and techniques to test them Audience: Security Enthusiastic & Professionals, Software Engineers Pre-Requisites: Basic understanding of Web technologies and application WWW: Then & Now, Architecture Attacking application from all ends o Authentication, Access Controls, Session Management o Front-end & back-end Attacks, Server & Client side attacks o Logs, Storage and Source code Security o Fuzzing, Overflow attacks and much more

17 Using NESSUS for Vulnerability Scanning Level # Advanced Objective: This course provides in-depth working and features of NESSUS as Vulnerability Scanner, its policy configuration and overview on Nessus Attack Scripting Language. Audience: Security Enthusiastic & Professionals Pre-Requisites: Basic Networking & Operating System concepts About Nessus and Features overview Creating Policy & Interpreting Result Nessus Attack Scripting Language Essential checks for Application Security Level # Advanced Objective: This course provides overview on minimum considerations, checks and test to ensure Security of any product. Audience: Software Testers & Developers, Security Enthusiastic & Professionals Pre-Requisites: Basic Networking & Operating System concepts Operating System & Platform Infrastructure o System Processes, Software and Configuration Management o Logging & Auditing, Authentication, Authorization etc. Locally Implemented protocols o TCP/IP Infrastructure, Stream and Session Management, SNMP etc. Encryption & certificates Forwarding devices: Access Control List, Routers, Bridges etc. Assurance & Process o Design Assumptions, 3 rd party Softwares, Static Analysis etc. Miscellaneous

18 Threat Modeling for Application Security Level # Advanced Objective: This course provides overview on Threat Model, its design considerations, determining attributes and Analysing identified threats Audience: Security Enthusiastic & Professionals, Software Engineers Pre-Requisites: Basic understanding of different Security Principles, Vulnerabilities and Attack scenarios About threat Model, Goals & Scope Gathering Information about Target Determining attributes or Attack vectors Analysing threats and providing countermeasures Attacking Systems with Metasploit Framework Level # Advanced Objective: This course provides in-depth working and features of METASPLOIT FRAMEWORK, Writing and Porting exploits and its usage in Security testing Audience: Security Enthusiastic & Professionals Pre-Requisites: Basic understanding of different Security Principles, Vulnerabilities and Attack scenarios Metasploit Fundamentals: About exploits, Payloads & Auxiliary Using Payloads and Meterpreter Advance Metasploit usage Writing and Porting exploits to Metasploit Metasploit for Security Testing

19 Hack2Secure Certified Security Professional Program Audience: Security Enthusiastic & Professionals Duration: 10 Days Security Essentials Penetration Testing & Vulnerability Assessment Using Google Effectively for Security Testing Buffer overflow: Attacks & Countermeasures Using NMAP Effectively Network Packet Crafting with SCAPY Network Packet & Traffic Analysis with Wireshark Using NESSUS for Vulnerability Scanning Attacking Systems with METASPLOIT Framework

20 Hack2Secure College Training Program Our College training programs are designed especially to help students in getting better visibility in IT industry as an eligible and prospective candidate with domain specific skills. It helps colleges with better branding and positioning in area of IT and Education. The On-Campus Program is strongly focused on transforming any student into a responsible professional. This program is not only limited to technology but also involves Soft skills and other professional tips from our experienced faculty that will keep one stand out of crowd. Our Training and Workshops helps recruiters, be it on-campus or off-campus, to choose a right candidate with domain specific skills and real-time experience in core areas of IT. We minimize efforts required for any employer to up-scale any employee for boarding them live on project work.

21 College Programs offered Topics Program Details Duration (Hours) Information Security Concepts & Principles 2 1 Information Security 2 Virtualization and Cloud Data Center 3 Storage Network Security Concepts OWASP Top10 Web Security Risk Cloud Security Operating System Security Virtualization Overview Cloud Computing (SaaS, PaaS & IaaS) Datacenter Evolution and Architecture Datacenter over Cloud Storage Classification, Concepts and Protocol overview 4 Networking OSI Model, Protocols & Devices 3 5 Softskills Resume Writing, Interview Handling Skills, Presentation Skills

22 Information Security Awareness Information Security Training Corporate Training Application Security Testing Web Penetration Testing Network Penetration testing Vulnerability Assessment Threat Modeling Security Consultation Contact Us For Information Security Training Programs For Professional Security Services For General Enquiry Hack2Secure.India hack2secure