Learning Course Curriculum
|
|
- Aron Small
- 7 years ago
- Views:
Transcription
1 Learning Course Curriculum Security Compass Training Learning Curriculum. Copyright Security Compass. 1
2 It has long been discussed that identifying and resolving software vulnerabilities at an early stage is one of the best ways to reduce the costs, and risks present in any software application. Learning Curriculum. Copyright Security Compass. 2
3 Training Options At Security compass, we offer a variety of training options to meet your needs: On-site Instructor led training Live instructor on-site at your location delivering training to your staff Our instructors are seasoned pen-testers arming your staff with best practices to securing your information and the latest threat vectors Our instructors draw on scenarios that are relevant to your organization to help students connect with the risks in your own organization Ability for your staff to mingle, meet and embrace IT Security concepts as a team, fostering growth and networking with peers Training to address PCI compliance is offered with some of our courses Eligibility for CPE credits for students who have certifications (CISSP, CISA, etc.) Remote Instructor led training Training performed through a remote WebEx session with a live instructor Training courses are divided into 4 hour sessions to improve learning experience Access to the same Security Compass instructors that teach on-site Ability to have each student learn from the comfort of their own desk using collaboration tools Ease of planning, each student will be provided with an access to a WebEx portal to which they can join in and work with their colleagues, no infrastructure needed at your location Eligibility for CPE credits for students who have certifications (CISSP, CISA, etc.) Computer based training (CBT) Training module shipped to your organization for deployment into LMS or local student s desktop On demand training, take the course at your own pace and convenience Integrated Quiz options and certifications available Full narration by a real person, varying voices start-stop functionality. Fast forward, rewind, and resume sections as they desire and all our courses are fully SCORM compliant, making LMS integration a breeze. Training to address PCI compliance offered with some of our courses Learning Curriculum. Copyright Security Compass. 3
4 TrueLabs Hands-on Lab Exercises TrueLabs is Security Compass set of hands-on lab exercises for students. Depending on the course, our TrueLabs exercises allow students to better understand the security issues taught within the course. For instance, in our Exploiting and Defending Web Applications course, students have hands on exercises relating to common web application exploits. For our Mobile Hacking and Securing, students hack a vulnerable Android and iphone application. For our Securing Applications series, students see and learn to fix insure code. These exercises are all performed in a virtual machine provided to the students during the course. The following courses currently support TrueLabs: Exploiting and Defending Web Applications Securing Applications in.net Securing Applications in JAVA Securing Applications in C++ Mobile Hacking and Securing Truelabs. Students perform hands-on labs fixing insecure code in our JAVA TrueLabs VM. Learning Curriculum. Copyright Security Compass. 4
5 Security Learning Paths All our courses offer a certification track through Security Compass. Those that complete the required courses outlined below in their roles will receive a certificate of completion for their subject matter expertise. Some courses below will show the expected date of completion as we work hard to expand our course offerings and curriculum. Learning Curriculum. Copyright Security Compass. 5
6 Course Catalog Our focus is on application security. We aim to provide technically relevant courses and tools to help your staff understand secure development and defend your organizations applications. Learning Curriculum. Copyright Security Compass. 6
7 Available Courses Application Security for Managers Developers and security analysts are increasingly becoming involved in application security initiatives. Managers need to understand both the technical nature of their teams involvement with security initiatives as well as the business case for performing activities. This class arms managers with the knowledge necessary to make effective, risk-based decisions about application projects that balance business needs with security requirements. Length: 1 day Audience: Managers, CIO, Project Managers Key Concepts: The importance of application security vs. traditional security The most common application security vulnerabilities including the OWASP top 10 Understanding the risks to application security vulnerabilities Understanding and implementing a secure software development lifecycle (SDLC) Understanding the needs for secure design, development and testing Forming a business case for security Learning Curriculum. Copyright Security Compass. 7
8 Threat Model Express Threat modeling is gaining traction as a fundamental application security activity. In this class students learn about the attacks that their applications may face and then both formal and informal approaches to threat modeling. Using a fictional scenario, students perform all the activities of a threat model on a complex application including analyzing design documents and role-playing interviews. Students learn about the industry standard formal threat modeling process as well as Facilitated Application Threat Modeling: a 1-day approach to threat modeling pioneered by Security Compass. Days: 1 day Audience: Architects, Project Managers, Administrators Key Concepts: What is threat modeling and what does it achieve What the steps are to a traditional threat model How to gather useful information for a threat model including interviewing staff Establishing threats, vulnerabilities and countermeasures to your applications Ranking the threats based on its perceived risk to your application How to perform a quick 1-day threat model express with an in class exercise Learning Curriculum. Copyright Security Compass. 8
9 OWASP Top 10 Students will learn about the latest OWASP top 10 including how each of the vulnerabilities can impact your applications. We include a number of real-world examples where students discover the impacts to organization that have fallen victim to these vulnerabilities. Students will be able to describe best practices to defending against the OWASP Top 10 from a code agnostic standpoint and bring back this learning in to their organizations. CBT Available: Yes, 60 minutes Days: 1 day Audience: General Staff, Developers, Testers, Managers, Administrators Key Concepts: Understand common web application vulnerabilities (XSS, XSRF, SQL injection, Parameter manipulation, etc.) including the OWASP Top Describe how hackers exploit these weaknesses to take advantage of your users See real world examples of breaches and how these vulnerabilities have impacted organizations Describe best practices to defending against each of the OWASP Top 10 from a code agnostic perspective Learning Curriculum. Copyright Security Compass. 9
10 Exploiting and Defending Web Applications This course includes the OWASP Top 10 course and expands upon it to include a number of additional vulnerabilities commonly exploited in web applications today. It also introduces high level concepts of Authorization, Authentication, Data validation and Cryptography in the context of today s modern web applications. Students will perform hands on exercises to understand how exploits are performed and executed using our interactive TrueLabs solution. CBT Available: Yes, 90 minutes TrueLabs: Yes, both Instructor led and CBT Days: 3 days Audience: Developers, Architects, QA, Testers, Project Managers Key Concepts: Understand common web application vulnerabilities (XSS, XSRF, SQL injection, Parameter manipulation, etc.) including the OWASP Top 10 plus many more. Describe how hackers exploit these weaknesses to take advantage of your users Describe weaknesses in authentication, authorization, session management and data validation View examples of how hackers have breached systems using these vulnerabilities Perform TrueLabs exercises to see hands-on how hackers take advantage of these web application vulnerabilities Learning Curriculum. Copyright Security Compass. 10
11 Securing Web Applications in Java After taking this class students will be able to develop secure Java Enterprise Edition (J2EE) applications. Students will learn to define and identify secure code, differentiate between secure coding methods, employ secure code in practice and design and judge effectiveness of secure coding practice. The class focuses on learning by doing. Concepts are presented in short lecture-demonstration sessions, and then students are challenged in hands-on labs to make reasoned choices and implement secure code. Students are required to execute various real world solutions including fixing broken applications, adding security functionality, replacing poorly written code, finding vulnerabilities and doing runtime testing. CBT Available: Yes, 90 minutes TrueLabs: Yes, both Instructor led and CBT Days: 3 days Audience: Java Developers, Web Developers Key Concepts: Understand how to program Java securely to defend against common web application vulnerabilities Learn about libraries and techniques that can help developers protect their applications against insecure coding practices Identify best practices to secure Java programming for each of the OWASP top 10 by viewing bad insecure code examples vs. good secure code Hands-on TrueLabs exercises where students write real Java code to fix broken applications and defend against the OWASP Top 10 Learning Curriculum. Copyright Security Compass. 11
12 Securing Web Applications in.net Students will learn to define and identify secure.net 4.0 code, differentiate between secure coding methods, employ secure code in practice and design and judge effectiveness of secure coding practice. The class focuses on learning by doing. Concepts are presented in short lecture-demonstration sessions, and then students are challenged in hands-on labs to make reasoned choices and implement secure code. Students are required to execute various real world solutions including fixing broken applications, adding security functionality, replacing poorly written code, finding vulnerabilities and doing runtime testing. CBT Available: Yes, 90 minutes TrueLabs: Yes, both Instructor led and CBT Days: 3 days Audience:.NET Developers, Web Developers Key Concepts: Understand how to program.net securely to defend against common web application vulnerabilities with the latest techniques (.NET 4.0) Learn about libraries and techniques that can help developers protect their applications against insecure coding practices Identify best practices to secure.net programming for each of the OWASP top 10 by viewing bad insecure code examples vs. good secure code Hands-on TrueLabs exercises where students write real.net code to fix broken applications and defend against the OWASP Top 10 Learning Curriculum. Copyright Security Compass. 12
13 Securing C/C++ This class will prepare students to develop secure applications in C or C++. Students will learn to define and identify secure code, differentiate between secure coding methods, employ secure code in practice, and design and judge effectiveness of secure coding practice. Students completing this class will find their secure coding abilities materially sharpened. The course focuses on learning by demonstrations. Throughout the course, vulnerability categories are explained, followed by examples of real world examples in popular applications. Risk is analyzed, and defense techniques are identified for each vulnerability presented. CBT Available: Yes, 60 minutes TrueLabs: Yes, Instructor led only Day: 2 days Audience: Programmers, Code reviewers, QA Key Concepts: Hands-on TrueLabs exercises include performing a buffer overflow labs and how overflows can lead to exploited code execution. Understand secure allocation of memory, including memory organization and stacks. Discuss secure use of pointers, including pointer arithmetic and how incorrect use of pointers can cause vulnerability. Communicate how buffer overflows occur in addition to how they can get exploited by hackers. Learn about format string vulnerabilities and defenses to using format strings. Learn about best practices to defending against common C++ issues. Learning Curriculum. Copyright Security Compass. 13
14 Mobile Hacking and Securing Students will discover mobile hacking techniques for Android and iphone. They will understand the platform security models, device security models, app analysis, file system analysis and runtime analysis for these popular mobile operating systems. We will demonstrate insecure coding practices in Android and iphone environments. Students will perform hands-on TrueLabs exercises against our insecure app ExploitMe Mobile for both Android / iphone. They will learn to attack this vulnerable mobile application and learn about the pitfalls to mobile programming. Knowing this will arm them with the tools necessary to developing better, more secure mobile apps. TrueLabs: Yes, Instructor led Day: 1 day Audience: Mobile App Developers, Testers Key Concepts: Hands-on TrueLabs exercises include hacking a vulnerable mobile iphone and Android app we ve created called ExploitMe Mobile. Learn about the two popular iphone and Android device security architectures, and how they differ when it comes to their security Understand how hackers analyze mobile application protocols and reversing techniques Identify file storage issues including sensitive file storage and how to securely store data Perform decompilation of mobile apps to see the inner workings of the application itself Performing memory dumps and run-time analysis Learning Curriculum. Copyright Security Compass. 14
15 Free OWASP Top 10 Course We re happy to give back to the community by providing our OWASP Top 10 course free of charge (contains brief delays with promotions for our Training). The course will outline the fundamentals of the OWASP Top 10 and allows you to experience our high quality computer based training formats. If you are enjoy the course, contact us about the Premium version that can be hosted in your organization s LMS systems. Access the course immediately by signing up: Free CBT. Our OWASP Top 10 course is available online free of charge. Try it today. Learning Curriculum. Copyright Security Compass. 15
16 What can we do for you? We understand application security. We breathe it. We strive to provide you with the best training experience for your staff. Our experience helping our clients research and manage real world security risks allows us to drive our training material with the latest threats and vulnerabilities seen in every day engagements. What does that mean? It means that your staff is ready to respond to with forward thinking concepts to securing your business most sensitive applications. Here to help. Reach out to Security Compass advisors who can help. Oliver Ng Director of Training ext. 125 Sahba Kazerooni Director of Professional Services ext. 103 Learning Curriculum. Copyright Security Compass. 16
LEARNING CURRICULUM SECURITY COMPASS TRAINING 2015 Q3. Copyright 2015. Security Compass. 1
LEARNING CURRICULUM SECURITY COMPASS TRAINING 2015 Q3 Copyright 2015. Security Compass. 1 CONTENTS WHY SECURITY COMPASS...3 RECOMMENDED LEARNING PATHs...4 TECHNICAL LEARNING PATHS...4 BUSINESS / SUPPORT
More informationMobile Application Hacking for Android and iphone. 4-Day Hands-On Course. Syllabus
Mobile Application Hacking for Android and iphone 4-Day Hands-On Course Syllabus Android and iphone Mobile Application Hacking 4-Day Hands-On Course Course description This course will focus on the techniques
More informationInformation Security Services
Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual
More informationEnterprise Application Security Workshop Series
Enterprise Application Security Workshop Series Phone 877-697-2434 fax 877-697-2434 www.thesagegrp.com Defending JAVA Applications (3 Days) In The Sage Group s Defending JAVA Applications workshop, participants
More information90% of data breaches are caused by software vulnerabilities.
90% of data breaches are caused by software vulnerabilities. Get the skills you need to build secure software applications Secure Software Development (SSD) www.ce.ucf.edu/ssd Offered in partnership with
More informationKEN VAN WYK. Fundamentals of Secure Coding and how to break Software MARCH 19-23, 2007 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY)
TECHNOLOGY TRANSFER PRESENTS KEN VAN WYK Fundamentals of Secure Coding and how to break Software MARCH 19-23, 2007 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY) info@technologytransfer.it www.technologytransfer.it
More informationMobile Application Hacking for ios. 3-Day Hands-On Course. Syllabus
Mobile Application Hacking for ios 3-Day Hands-On Course Syllabus Course description ios Mobile Application Hacking 3-Day Hands-On Course This course will focus on the techniques and tools for testing
More informationelearning for Secure Application Development
elearning for Secure Application Development Curriculum Application Security Awareness Series 1-2 Secure Software Development Series 2-8 Secure Architectures and Threat Modeling Series 9 Application Security
More informationSecurity-as-a-Service (Sec-aaS) Framework. Service Introduction
Security-as-a-Service (Sec-aaS) Framework Service Introduction Need of Information Security Program In current high-tech environment, we are getting more dependent on information systems. This dependency
More informationKnow your enemy. Class Objectives Threat Model Express. and know yourself and you can fight a hundred battles without disaster.
Know your enemy and know yourself and you can fight a hundred battles without disaster. Sun Tzu Class Objectives Threat Model Express Create quick, informal threat models 2012 Security Compass inc. 2 1
More informationSECURITY EDUCATION CATALOGUE
SECURITY EDUCATION CATALOGUE i ii TABLE OF CONTENTS Introduction 2 Security Awareness Education 3 Security Awareness Course Catalogue 4 Security Awareness Course Builder 7 SAE Print Material 8 Secure Code
More informationApplication Security Testing
Tstsec - Version: 1 09 July 2016 Application Security Testing Application Security Testing Tstsec - Version: 1 4 days Course Description: We are living in a world of data and communication, in which the
More informationInfoSec Academy Application & Secure Code Track
Fundamental Courses Foundational Courses InfoSec Academy Specialized Courses Advanced Courses Certification Preparation Courses Certified Information Systems Security Professional (CISSP) Texas Security
More informationSecuring Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group
Securing Your Web Application against security vulnerabilities Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group Agenda Security Landscape Vulnerability Analysis Automated Vulnerability
More informationWhiteHat Security White Paper. Top 11 PCI DSS 3.0 Changes That Will Affect Your Application Security Program
WhiteHat Security White Paper Top 11 PCI DSS 3.0 Changes That Will Affect Your Application Security Program October 2015 The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information
More informationTEAM Academy Catalog. 187 Ballardvale Street, Wilmington, MA 01887 +1.978.694.1008 www.securityinnovation.com
TEAM Academy Catalog 187 Ballardvale Street, Wilmington, MA 01887 +1.978.694.1008 TEAM ACADEMY OVERVIEW 2 Table of Contents TEAM Academy Overview... 4 TEAM Professor Overview... 4 Security Awareness and
More informationMean Time to Fix (MTTF) IT Risk s Dirty Little Secret Joe Krull, CPP, CISSP, IAM, CISA, A.Inst.ISP, CRISC, CIPP
Mean Time to Fix (MTTF) IT Risk s Dirty Little Secret Joe Krull, CPP, CISSP, IAM, CISA, A.Inst.ISP, CRISC, CIPP Presentation Overview Basic Application Security (AppSec) Fundamentals Risks Associated With
More informationKASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com
KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global
More informationWeb Application Hacking (Penetration Testing) 5-day Hands-On Course
Web Application Hacking (Penetration Testing) 5-day Hands-On Course Web Application Hacking (Penetration Testing) 5-day Hands-On Course Course Description Our web sites are under attack on a daily basis
More informationCompliance. Review. Our Compliance Review is based on an in-depth analysis and evaluation of your organization's:
Security.01 Penetration Testing.02 Compliance Review.03 Application Security Audit.04 Social Engineering.05 Security Outsourcing.06 Security Consulting.07 Security Policy and Program.08 Training Services
More information3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management
What is an? s Ten Most Critical Web Application Security Vulnerabilities Anthony LAI, CISSP, CISA Chapter Leader (Hong Kong) anthonylai@owasp.org Open Web Application Security Project http://www.owasp.org
More informationEnterprise Application Security Program
Enterprise Application Security Program GE s approach to solving the root cause and establishing a Center of Excellence Darren Challey GE Application Security Leader Agenda Why is AppSec important? Why
More informationSecurity Training-as-a-Service (STr-aaS) Service Details & Features
Security Training-as-a-Service (STr-aaS) Service Details & Features Importance of Information Security Training There is only one way to keep your product plans safe and that is by having a trained, aware
More informationCyber Exploits: Improving Defenses Against Penetration Attempts
Cyber Exploits: Improving Defenses Against Penetration Attempts Mark Burnette, CPA, CISA, CISSP, CISM, CGEIT, CRISC, QSA LBMC Security & Risk Services Today s Agenda Planning a Cyber Defense Strategy How
More informationTable of Contents. Application Vulnerability Trends Report 2013. Introduction. 99% of Tested Applications Have Vulnerabilities
Application Vulnerability Trends Report : 2013 Table of Contents 3 4 5 6 7 8 8 9 10 10 Introduction 99% of Tested Applications Have Vulnerabilities Cross Site Scripting Tops a Long List of Vulnerabilities
More informationEffective Software Security Management
Effective Software Security Management choosing the right drivers for applying application security Author: Dharmesh M Mehta dharmeshmm@mastek.com / dharmeshmm@owasp.org Table of Contents Abstract... 1
More informationSAFECode Security Development Lifecycle (SDL)
SAFECode Security Development Lifecycle (SDL) Michael Howard Microsoft Matthew Coles EMC 15th Semi-annual Software Assurance Forum, September 12-16, 2011 Agenda Introduction to SAFECode Security Training
More informationTHE HACKERS NEXT TARGET
Governance and Risk Management THE HACKERS NEXT TARGET YOUR WEB AND SOFTWARE Anthony Lim MBA CISSP CSSLP FCITIL Director, Security, Asia Pacific Rational Software ISC2 CyberSecurity Conference 09 Kuala
More informationMobile Application Security. Helping Organizations Develop a Secure and Effective Mobile Application Security Program
Mobile Application Security Helping Organizations Develop a Secure and Effective Mobile Application Security Program by James Fox fox_james@bah.com Shahzad Zafar zafar_shahzad@bah.com Mobile applications
More informationProtect Your Organization With the Certification That Maps to a Master s-level Education in Software Assurance
Protect Your Organization With the Certification That Maps to a Master s-level Education in Software Assurance Sponsored by the U.S. Department of Homeland Security (DHS), the Software Engineering Institute
More informationCollege Training Program
College Training Program Importance of Information Security Training There is only one way to keep your product plans safe and that is by having a trained, aware and a conscientious workforce. - Kevin
More informationSecurity Innovation Application Security Education Curriculum. Courses to Help Build and Deploy more Secure Software and Information Systems
Security Innovation Application Security Education Curriculum Courses to Help Build and Deploy more Secure Software and Information Systems Table of Contents 1.0 Security Education Curriculum Map... 3
More informationOur Security Education Curriculum PREPARED FOR ASPE TECHNOLOGY BY SI, INC. www.aspetech.com toll-free: 877-800-5221
Our Security Education Curriculum PREPARED FOR ASPE TECHNOLOGY BY SI, INC www.aspetech.com toll-free: 877-800-5221 Security Training for Developers, Testers and Managers Security Innovation, Inc. 187 Ballardvale
More informationLearn the fundamentals of Software Development and Hacking of the iphone Operating System.
Course: Duration: 5 Day Hands-On Lab & Lecture Course Price: $ 3,495.00 Description: Learn the fundamentals of Software Development and Hacking of the iphone Operating System. provides an Instructor-led
More informationIf you know the enemy and know yourself, you need not fear the result of a hundred battles.
Rui Pereira,B.Sc.(Hons),CIPS ISP/ITCP,CISSP,CISA,CWNA/CWSP,CPTE/CPTC Principal Consultant, WaveFront Consulting Group ruiper@wavefrontcg.com 1 (604) 961-0701 If you know the enemy and know yourself, you
More informationIntroduction. Secure Software Development 9/03/2015. Matias starts. Daan takes over. Matias takes over. Who are we? Round of introductions
Matias starts Who are we? Applying Static Analysis Matias Madou and Daan Raman, Leuven, Feb 27, 2015 1 At NVISO, I m responsible for the software security practice. Next to the client work, I also leads
More informationTesting for Security
Testing for Security Kenneth Ingham September 29, 2009 1 Course overview The threat that security breaches present to your products and ultimately your customer base can be significant. This course is
More informationPenetration Testing //Vulnerability Assessment //Remedy
A Division Penetration Testing //Vulnerability Assessment //Remedy In Penetration Testing, part of a security assessment practice attempts to simulate the techniques adopted by an attacker in compromising
More informationHackers are here. Where are you?
1 2 What is EC-Council Certified Security Analyst Licensed Penetration Tester Program You are an ethical hacker. Your last name is Pwned. You dream about enumeration and you can scan networks in your sleep.
More informationAdobe Systems Incorporated
Adobe Connect 9.2 Page 1 of 8 Adobe Systems Incorporated Adobe Connect 9.2 Hosted Solution June 20 th 2014 Adobe Connect 9.2 Page 2 of 8 Table of Contents Engagement Overview... 3 About Connect 9.2...
More informationTECHNOLOGY TRANSFER PRESENTS KEN VAN WYK JUNE 8-9, 2015 JUNE 10-11, 2015 VISCONTI PALACE HOTEL - VIA FEDERICO CESI, 37 ROME (ITALY)
TECHNOLOGY TRANSFER PRESENTS KEN VAN WYK BREAKING AND FIXING WEB APPLICATIONS SECURITY PENETRATION TESTING IOS APPS JUNE 8-9, 2015 JUNE 10-11, 2015 VISCONTI PALACE HOTEL - VIA FEDERICO CESI, 37 ROME (ITALY)
More informationVOLUME 3. State of Software Security Report. The Intractable Problem of Insecure Software
VOLUME 3 State of Software Security Report The Intractable Problem of Insecure Software Executive Summary April 19, 2011 Executive Summary The following are some of the most significant findings in the
More informationDevelopment. Resilient Software. Secure and. Mark S. Merkow Lakshmikanth Raghavan. CRC Press. Taylor& Francis Croup. Taylor St Francis Group,
Secure and Resilient Software Development Mark S. Merkow Lakshmikanth Raghavan CRC Press Taylor& Francis Croup Boca Raton London New York CRC Press is an imprint of the Taylor St Francis Group, an Informs
More informationASP.NET MVC Secure Coding 4-Day hands on Course. Course Syllabus
ASP.NET MVC Secure Coding 4-Day hands on Course Course Syllabus Course description ASP.NET MVC Secure Coding 4-Day hands on Course Secure programming is the best defense against hackers. This multilayered
More informationPTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access
The Best First for Beginners who want to become Penetration Testers PTSv2 in pills: Self-paced, online, flexible access 900+ interactive slides and 3 hours of video material Interactive and guided learning
More informationProfessional Penetration Testing Techniques and Vulnerability Assessment ...
Course Introduction Today Hackers are everywhere, if your corporate system connects to internet that means your system might be facing with hacker. This five days course Professional Vulnerability Assessment
More informationFINAL DoIT 11.03.2015 - v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES
Purpose: The Department of Information Technology (DoIT) is committed to developing secure applications. DoIT s System Development Methodology (SDM) and Application Development requirements ensure that
More informationWEB APPLICATION SECURITY
WEB APPLICATION SECURITY Governance and Risk Management YOUR LAST LINE OF DEFENSE Aug 06 2009 ANSES RAH RAH Anthony Lim MBA CISSP CSSLP FCITIL Director, Security, Asia Pacific Rational Software Prolog
More informationPenetration Testing Guidelines For the Financial Industry in Singapore. 31 July 2015
For the Financial Industry in Singapore 31 July 2015 TABLE OF CONTENT 1. EXECUTIVE SUMMARY 3 2. INTRODUCTION 4 2.1 Audience 4 2.2 Purpose and Scope 4 2.3 Definitions 4 3. REQUIREMENTS 6 3.1 Overview 6
More informationWeb Application Security
Web Application Security Ng Wee Kai Senior Security Consultant PulseSecure Pte Ltd About PulseSecure IT Security Consulting Company Part of Consortium in IDA (T) 606 Term Tender Cover most of the IT Security
More informationETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001
001011 1100010110 0010110001 010110001 0110001011000 011000101100 010101010101APPLICATIO 0 010WIRELESS110001 10100MOBILE00010100111010 0010NETW110001100001 10101APPLICATION00010 00100101010WIRELESS110
More informationIntroduction to Web Application Security. Microsoft CSO Roundtable Houston, TX. September 13 th, 2006
Introduction to Web Application Security Microsoft CSO Roundtable Houston, TX September 13 th, 2006 Overview Background What is Application Security and Why Is It Important? Examples Where Do We Go From
More informationRational AppScan & Ounce Products
IBM Software Group Rational AppScan & Ounce Products Presenters Tony Sisson and Frank Sassano 2007 IBM Corporation IBM Software Group The Alarming Truth CheckFree warns 5 million customers after hack http://infosecurity.us/?p=5168
More informationStrategic Information Security. Attacking and Defending Web Services
Security PS Strategic Information Security. Attacking and Defending Web Services Presented By: David W. Green, CISSP dgreen@securityps.com Introduction About Security PS Application Security Assessments
More informationSYLLABUS MOBILE APPLICATION SECURITY AND PENETRATION TESTING. MASPT at a glance: v1.0 (28/01/2014) 10 highly practical modules
Must have skills in any penetration tester's arsenal. MASPT at a glance: 10 highly practical modules 4 hours of video material 1200+ interactive slides 20 Applications to practice with Leads to emapt certification
More informationHow To Ensure That Your Computer System Is Safe
Establishing a Continuous Process for PCI DSS Compliance Visa, MasterCard, American Express, and other payment card companies currently require all U.S. merchants accepting credit card payments to comply
More informationHow to Build a Trusted Application. John Dickson, CISSP
How to Build a Trusted Application John Dickson, CISSP Overview What is Application Security? Examples of Potential Vulnerabilities Strategies to Build Secure Apps Questions and Answers Denim Group, Ltd.
More informationCYBER SECURITY TRAINING SAFE AND SECURE
CYBER SECURITY TRAINING KEEPING YOU SAFE AND SECURE Experts in Cyber Security training. Hardly a day goes by without a cyber attack being reported. With this ever-increasing threat there is a growing need
More informationAndroid & ios Application Vulnerability Assessment & Penetration Testing Training. 2-Day hands on workshop on VAPT of Android & ios Applications
Android & ios Application Vulnerability Assessment & Penetration Testing Training 2-Day hands on workshop on VAPT of Android & ios Applications Course Title Workshop on VAPT of Android & ios Applications
More informationEC-Council Certified Security Analyst (ECSA)
EC-Council Certified Security Analyst (ECSA) v8 Eğitim Tipi ve Süresi: 5 Days VILT 5 Day VILT EC-Council Certified Security Analyst (ECSA) v8 Learn penetration testing methodologies while preparing for
More informationIoT Potential Risks and Challenges
IoT Potential Risks and Challenges GRIFES / GITI / EPFL Alumni Conference, Lausanne, May 7 th, 2015 Stefan Schiller, HP ESP Fortify Solution Architect D/A/CH IoT Potential Risks and Challenges Agenda IDC
More informationAdvanced ANDROID & ios Hands-on Exploitation
Advanced ANDROID & ios Hands-on Exploitation By Attify Trainers Aditya Gupta Prerequisite The participants are expected to have a basic knowledge of Mobile Operating Systems. Knowledge of programming languages
More informationwhite SECURITY TESTING WHITE PAPER
white SECURITY TESTING WHITE PAPER Contents: Introduction...3 The Need for Security Testing...4 Security Scorecards...5 Test Approach... 11 Framework... 16 Project Initiation Process... 17 Conclusion...
More informationYour Web and Applications
Governance and Risk Management Your Web and Applications The Hacker s New Target Anthony Lim MBA CISSP CSSLP FCITIL Director, Security, Asia Pacific Rational Software Social Engineering in the Business
More informationSecurity Training Why It Benefits Your Organization and How to Make Your Case to Management
Security Training Why It Benefits Your Organization and How to Make Your Case to Management Author: Nick Murison Senior Security Consultant Foundstone Professional Services Introduction A major challenge
More informationMobile Application Lifecycle Management
Mobile Application Lifecycle Management An InfoStretch White Paper October 2014 3200 Patrick Henry Drive, Suite 250 Santa Clara, CA 95054 408.727.1100 info@infostretch.com www.infostretch.com 2014 InfoStretch
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More informationOWASP Mobile Top Ten 2014 Meet the New Addition
OWASP Mobile Top Ten 2014 Meet the New Addition Agenda OWASP Mobile Top Ten 2014 Lack of Binary Protections added Why is Binary Protection important? What Risks Need to be Mitigated? Where to Go For Further
More informationThe Top Web Application Attacks: Are you vulnerable?
QM07 The Top Web Application Attacks: Are you vulnerable? John Burroughs, CISSP Sr Security Architect, Watchfire Solutions jburroughs@uk.ibm.com Agenda Current State of Web Application Security Understanding
More informationISSECO Syllabus Public Version v1.0
ISSECO Syllabus Public Version v1.0 ISSECO Certified Professional for Secure Software Engineering Date: October 16th, 2009 This document was produced by the ISSECO Working Party Syllabus Introduction to
More informationEC-Council E C S P.NET. EC-Council. EC-Council Certified Secure Programmer (.NET)
E C S P.NET (.NET) ECSP.NET Course Software defects, bugs, and flaws in the logic of the program are consistently the cause for software vulnerabilities. Analysis by software security professionals has
More informationInformation Security. Training
Information Security Training Importance of Information Security Training There is only one way to keep your product plans safe and that is by having a trained, aware and a conscientious workforce. - Kevin
More informationWeb App Security Audit Services
locuz.com Professional Services Web App Security Audit Services The unsecured world today Today, over 80% of attacks against a company s network come at the Application Layer not the Network or System
More informationAdobe ColdFusion. Secure Profile Web Application Penetration Test. July 31, 2014. Neohapsis 217 North Jefferson Street, Suite 200 Chicago, IL 60661
Adobe ColdFusion Secure Profile Web Application Penetration Test July 31, 2014 Neohapsis 217 North Jefferson Street, Suite 200 Chicago, IL 60661 Chicago Dallas This document contains and constitutes the
More informationASL IT SECURITY BEGINNERS WEB HACKING AND EXPLOITATION
ASL IT SECURITY BEGINNERS WEB HACKING AND EXPLOITATION V 2.0 A S L I T S e c u r i t y P v t L t d. Page 1 Overview: Learn the various attacks like sql injections, cross site scripting, command execution
More informationWeb Application security testing: who tests the test?
Web Application security testing: who tests the test? Ainārs Galvāns Application Penetration Tester www.exigenservices.lv About myself Functional testing Leading test group Reporting to client Performance
More informationTop Signs You re Prime for a Data Breach in 2014
Hacking Into Your Healthcare Systems Series Top Signs You re Prime for a Data Breach in 2014 PRESENTED BY: IronBox Data Protection Website: www.goironbox.com Email: contactus@goironbox.com About IronBox
More informationIntelligent Security Design, Development and Acquisition
PAGE 1 Intelligent Security Design, Development and Acquisition Presented by Kashif Dhatwani Security Practice Director BIAS Corporation Agenda PAGE 2 Introduction Security Challenges Securing the New
More informationWeb Application Security. Vulnerabilities, Weakness and Countermeasures. Massimo Cotelli CISSP. Secure
Vulnerabilities, Weakness and Countermeasures Massimo Cotelli CISSP Secure : Goal of This Talk Security awareness purpose Know the Web Application vulnerabilities Understand the impacts and consequences
More informationMobile Application Security Report 2015
Mobile Application Security Report 2015 BY Author : James Greenberg 1 P a g e Executive Summary Mobile Application Security Report 2015 The mobile application industry is growing exponentially at an explosive
More informationIBM Rational AppScan: Application security and risk management
IBM Software Security November 2011 IBM Rational AppScan: Application security and risk management Identify, prioritize, track and remediate critical security vulnerabilities and compliance demands 2 IBM
More informationBest Practices - Remediation of Application Vulnerabilities
DROISYS APPLICATION SECURITY REMEDIATION Best Practices - Remediation of Application Vulnerabilities by Sanjiv Goyal CEO, Droisys February 2012 Proprietary Notice All rights reserved. Copyright 2012 Droisys
More informationCenzic Product Guide. Cloud, Mobile and Web Application Security
Cloud, Mobile and Web Application Security Table of Contents Cenzic Enterprise...3 Cenzic Desktop...3 Cenzic Managed Cloud...3 Cenzic Cloud...3 Cenzic Hybrid...3 Cenzic Mobile...4 Technology...4 Continuous
More informationPenetration Testing in Romania
Penetration Testing in Romania Adrian Furtunǎ, Ph.D. 11 October 2011 Romanian IT&C Security Forum Agenda About penetration testing Examples Q & A 2 What is penetration testing? Method for evaluating the
More informationThe purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.
This sample report is published with prior consent of our client in view of the fact that the current release of this web application is three major releases ahead in its life cycle. Issues pointed out
More informationIntroduction to Penetration Testing Graham Weston
Introduction to Penetration Testing Graham Weston March 2014 Agenda Introduction and background Why do penetration testing? Aims and objectives Approaches Types of penetration test What can be penetration
More informationHow to Develop Cloud Applications Based on Web App Security Lessons
Applications Based on Before moving applications to the public cloud, it is important to implement security practices and techniques. This expert E-Guide provides guidance on how to develop secure applications
More informationHow to start a software security initiative within your organization: a maturity based and metrics driven approach OWASP
How to start a software security initiative within your organization: a maturity based and metrics driven approach Marco Morana OWASP Lead/ TISO Citigroup OWASP Application Security For E-Government Copyright
More informationHackers are here. Where are you?
1 2 What is EC-Council Certified Security Analyst Licensed Penetration Tester Program You are an ethical hacker. Your last name is Pwned. You dream about enumeration and you can scan networks in your sleep.
More informationSecurity Solutions & Training. Exploit-Me. Open Source Firefox Plug-Ins for Penetration Testing
Security Solutions & Training Exploit-Me Open Source Firefox Plug-Ins for Penetration Testing Introduction 2 Introduction 3 Agenda State of web application security XSS Really a Danger? Introducing XSS-Me
More informationWEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY
WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY www.alliancetechpartners.com WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY More than 70% of all websites have vulnerabilities
More informationPassing PCI Compliance How to Address the Application Security Mandates
Passing PCI Compliance How to Address the Application Security Mandates The Payment Card Industry Data Security Standards includes several requirements that mandate security at the application layer. These
More informationApplication Security and the SDLC. Dan Cornell Denim Group, Ltd. www.denimgroup.com
Application Security and the SDLC Dan Cornell Denim Group, Ltd. www.denimgroup.com Overview Background What is Application Security and Why is It Important? Specific Reference Examples Integrating Security
More informationQA Classroom and Online training from Yes-M Systems
QA Classroom and Online training from Yes-M Systems One of the best QA courses: Manual Testing Highlights 85+ hours to finish the course Experienced Instructors Recruiters help with Resume Preparation
More informationArcGIS Server Security Threats & Best Practices 2014. David Cordes Michael Young
ArcGIS Server Security Threats & Best Practices 2014 David Cordes Michael Young Agenda Introduction Threats Best practice - ArcGIS Server settings - Infrastructure settings - Processes Summary Introduction
More informationWHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats
WHITE PAPER FortiWeb and the OWASP Top 10 PAGE 2 Introduction The Open Web Application Security project (OWASP) Top Ten provides a powerful awareness document for web application security. The OWASP Top
More informationUniversities and Schools Under Cyber-Attack: How to Protect Your Institution of Excellence
Universities and Schools Under Cyber-Attack: How to Protect Your Institution of Excellence About ERM About The Speaker Information Security Expert at ERM B.S. Software Engineering and Information Technology
More informationWeb attacks and security: SQL injection and cross-site scripting (XSS)
Web attacks and security: SQL injection and cross-site scripting (XSS) License This work by Z. Cliffe Schreuders at Leeds Metropolitan University is licensed under a Creative Commons Attribution-ShareAlike
More informationPCI DSS in Essence Through practical examples. September, 2016 Septia Academy
PCI DSS in Essence Through practical examples September, 2016 Septia Academy PCI DSS in Essence Training program specification Introduction The Payment Card Industry Data Security Standard s requirements
More information