Secure by Design - Plan Szkolenia

Description:

This class is intended as intense and hard core exam preparation for ISACA’s Certified Information Systems Auditor (CRISC) Examination. The latest four (4) domains of ISACA’s CRISC syllabus will be covered with a big focus on the Examination. The Official ISACA CRISC Review Manual and Question, Answer and Explanation, (Q,A&E), supplements will ALSO be provided when attending. The Q,A&E is exceptional in helping delegates understand the ISACA style of questions, the type of answers ISACA are looking for and it helps rapid memory assimilation of the material.

The technical skills and practices that ISACA promotes and evaluates within the CRISC certification are the building blocks of success in the field. Possessing the CRISC certification demonstrates your skill within the profession. With a growing demand for professionals holding risk and control expertise, ISACA’s CRISC has positioned itself to be the preferred certification program by individuals and enterprises around the world. The CRISC certification signifies commitment to serving an enterprise and the chosen profession with distinction.

Objectives:

• To help you pass the CRISC examination first time.
• Possessing this certification will signify your commitment to serving an enterprise with distinction.
• The growing demand for professionals with risk and control skills will allow holders of this certification to command better positions and salary.

You will learn:

• To help enterprises accomplish business objectives by designing, implementing, monitoring and maintaining risk-based, efficient and effective IS controls.
• The technical skills and practices that CRISC promotes, which are the building blocks of success in the field.

IBM Qradar SIEM is a security analytic suite for gaining insight into critical threats. Using IBM Qradar SIEM, users can gain insights, identify threats, and automate security intelligence.

This instructor-led, live training (online or onsite) is aimed at security engineers who wish to use IBM Qradar SIEM to address pressing security use cases.

By the end of this training, participants will be able to:

• Gain visibility into enterprise data across on-premise and cloud environments.
• Automate security intelligence to hunt threats and to contain risks.
• Detect, identify, and prioritize threats.

Format of the Course

• Interactive lecture and discussion.
• Lots of exercises and practice.
• Hands-on implementation in a live-lab environment.

Course Customization Options

• To request a customized training for this course, please contact us to arrange.

This Introduction to Open Source Intelligence (OSINT) course will provide delegates with skills to become more efficient and effective at finding those key pieces of intelligence on the Internet and World Wide Web. The course is highly practical allowing delegates the time to explore and understand some of the hundreds of tools and websites available.
The next level with in-depth use of advanced tools that are vital for covert internet investigations and intelligence gathering. The course is highly practical allowing delegates the time to explore and understand the tools and resources covered."    
 

Open Source Intelligence (OSINT) refers to any information that can legally be gathered from free, public sources about an individual or organization. OSINT also refers to the process of collecting this data, analyzing it, and using it for intelligence purposes.

This instructor-led, live training (online or onsite) is aimed at persons who wish to carry out research on third parties while protecting themselves from the like.

By the end of this training, participants will be able to:

• Install and configure advanced tools for carrying out OSINT.
• Use advanced techniques to collect publicly available data relevant to an investigation.
• Analyze large amounts of data efficiently.
• Generate intelligence reports on findings.
• Leverage AI tools for facial recognition and sentiment analysis.
• Map out a strategy for defining the objective and directing efforts to the most relevant and actionable data.

Format of the Course

• Interactive lecture and discussion.
• Lots of exercises and practice.
• Hands-on implementation in a live-lab environment.

Course Customization Options

• To request a customized training for this course, please contact us to arrange.

Cyber Warfare is a growing problem for enterprises. As attackers employ more and more sophisticated technologies to launch their attacks, it is vital for companies to understand the nature of these attacks and the defense mechanisms needed to keep their organizations safe.

This instructor-led, live training (online or onsite) covers the different aspects of enterprise security, from AI to database security. It also includes coverage of the latest tools, processes and mindset needed to protect from attacks. 

Format of the Course

• Heavy emphasis on hands-on practice.
• Most of the concepts are learned through samples, exercises and hands-on development.

Course Customization Options

• To request a customized training for this course, please contact us to arrange.

Description:

This 2-day CCSK Plus course includes all content from the CCSK Foundation course, and expands on it with extensive hands-on labs in a second day of training. Students will learn to apply their knowledge by performing a series of exercises involving a scenario that brings a fictional organization securely into the cloud. After completing this training, students will be well prepared for the CCSK certification exam, sponsored by Cloud Security Alliance. This second day of training includes additional lecture, although students will spend most of their time assessing, building, and securing a cloud infrastructure during the exercises.

Objectives:

This is a two day class that begins with the CCSK- Basic training, followed by a second day of additional content and hands-on activities

Target Audience:

This class is geared towards security professionals, but is also useful for anyone looking to expand their knowledge of cloud security.

Autoryzowane szkolenie CCSK Foundation rozpoczyna się od podstaw, a następnie zwiększa poziom trudności, przechodząc przez wszystkie 16 domen CSA Security Guidance, zalecenia Agencji Unii Europejskiej ds. Bezpieczeństwa Sieci i Informacji (ENISA) oraz przegląd Cloud Controls Matrix.

Jest to autoryzowany kurs Cloud Security Alliance (CSA), NobleProg jest oficjalnym partnerem szkoleniowym CSA.

Kurs jest prowadzony przez autoryzowanych instruktorów CSA CCSK.

Wszyscy uczestnicy otrzymują:

• oficjalne certyfikaty kursu CSA CCSK Foundation
• oficjalne podręczniki dla studentów CCSK Foundation
• 1 voucher na egzamin CCSK i 1 voucher na ponowne podejście do egzaminu

Kurs obejmuje najnowszą wersję egzaminu CCSK - aktualnie 4.1.

The CCSK Plus builds on the foundation class with expanded material and offers extensive hands-on activities that reinforce classroom instruction. Students engage in a scenario of bringing a fictional organization securely into the cloud, which gives them the opportunity to apply their knowledge by performing a series of activities that would be required in a real-world environment.

The CCSK Plus Course includes all the modules in the CCSK Foundation course with additional material.

This is a Cloud Security Alliance (CSA) authorized course and NobleProg is an official CSA Training Partner.

This course is delivered by CSA Authorized CCSK Instructors. 

All attendees receive:

• official CSA CCSK Plus course certificates
• official CCSK Foundation Student Handbooks
• 1 CCSK exam voucher and 1 re-attempt exam voucher

This course covers the most current version of the CCSK exam - currently version 4.1.

The Combined SDL core training gives an insight into secure software design, development and testing through Microsoft Secure Development Lifecycle (SDL). It provides a level 100 overview of the fundamental building blocks of SDL, followed by design techniques to apply to detect and fix flaws in early stages of the development process.

Dealing with the development phase, the course gives an overview of the typical security relevant programming bugs of both managed and native code. Attack methods are presented for the discussed vulnerabilities along with the associated mitigation techniques, all explained through a number of hands-on exercises providing live hacking fun for the participants. Introduction of different security testing methods is followed by demonstrating the effectiveness of various testing tools. Participants can understand the operation of these tools through a number of practical exercises by applying the tools to the already discussed vulnerable code.

Participants attending this course will 

• Understand basic concepts of security, IT security and secure coding

• Get known to the essential steps of Microsoft Secure Development Lifecycle

• Learn secure design and development practices

• Learn about secure implementation principles

• Understand security testing methodology

• Get sources and further readings on secure coding practices

Audience

Developers, Managers

This three day course covers the basics of securing the C/C++ code against the malicious users who may exploit many vulnerabilities in the code with memory management and input handling, the course cover the principals of writing secure code.

Description

The Java language and the Runtime Environment (JRE) was designed to be free from the most problematic common security vulnerabilities experienced in other languages, like C/C++. Yet, software developers and architects should not only know how to use the various security features of the Java environment (positive security), but should also be aware of the numerous vulnerabilities that are still relevant for Java development (negative security).

The introduction of security services is preceded with a brief overview of the foundations of cryptography, providing a common baseline for understanding the purpose and the operation of the applicable components. The use of these components is presented through several practical exercises, where participants can try out the discussed APIs for themselves.

The course also goes through and explains the most frequent and severe programming flaws of the Java language and platform, covering both the typical bugs committed by Java programmers and the language- and environment-specific issues. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques.

Participants attending this course will

• Understand basic concepts of security, IT security and secure coding
• Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
• Learn to use various security features of the Java development environment
• Have a practical understanding of cryptography
• Learn about typical coding mistakes and how to avoid them
• Get information about some recent vulnerabilities in the Java framework
• Get sources and further readings on secure coding practices

Audience

Developers

Description

Beyond solid knowledge in using Java components, even for experienced Java programmers it is essential to have a deep knowledge in web-related vulnerabilities both on server and client side, the different vulnerabilities that are relevant for web applications written in Java, and the consequences of the various risks.

General web-based vulnerabilities are demonstrated through presenting the relevant attacks, while the recommended coding techniques and mitigation methods are explained in the context of Java with the most important aim to avoid the associated problems. In addition, a special focus is given to client-side security tackling security issues of JavaScript, Ajax and HTML5.

The course introduces security components of Standard Java Edition, which is preceded with the foundations of cryptography, providing a common baseline for understanding the purpose and the operation of the applicable components. The use of all components is presented through practical exercises, where participants can try out the discussed APIs and tools for themselves.

Finally, the course explains the most frequent and severe programming flaws of the Java language and platform. Besides the typical bugs committed by Java programmers, the introduced security vulnerabilities cover both language-specific issues and problems stemming from the runtime environment. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques.

Participants attending this course will

• Understand basic concepts of security, IT security and secure coding
• Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
• Learn client-side vulnerabilities and secure coding practices
• Learn to use various security features of the Java development environment
• Have a practical understanding of cryptography
• Learn about typical coding mistakes and how to avoid them
• Get information about some recent vulnerabilities in the Java framework
• Get practical knowledge in using security testing tools
• Get sources and further readings on secure coding practices

Audience

Developers

Nawet doświadczeni programiści Java nie opanowują w pełni różnych usług zabezpieczeń oferowanych przez Javę, i równie często nie są świadomi różnych podatności, które są istotne dla aplikacji internetowych napisanych w Javie.

Kurs, oprócz przedstawienia komponentów bezpieczeństwa Standardowej Edycji Javy, zajmuje się kwestiami bezpieczeństwa Java Enterprise Edition (JEE) oraz usług internetowych. Omówienie konkretnych usług poprzedza fundamenty kryptografii i bezpiecznej komunikacji. Różne zadania obejmują deklaratywne i programistyczne techniki zabezpieczeń w JEE, podczas gdy bezpieczeństwo warstwy transportowej i end-to-end usług internetowych jest omawiane. Wykorzystanie wszystkich komponentów jest prezentowane poprzez kilka praktycznych ćwiczeń, w których uczestnicy mogą samodzielnie wypróbować omawiane interfejsy API i narzędzia.

Kurs przechodzi również przez najczęstsze i najpoważniejsze błędy programistyczne języka Java oraz platformy, a także związane z siecią problemy bezpieczeństwa. Oprócz typowych błędów popełnianych przez programistów Javy, przedstawiane podatności bezpieczeństwa obejmują zarówno kwestie specyficzne dla języka, jak i problemy wynikające z środowiska wykonawczego. Wszystkie podatności i związane z nimi ataki są demonstrowane poprzez łatwe do zrozumienia ćwiczenia, a następnie przedstawiane są zalecane wytyczne kodowania i możliwe techniki łagodzenia.

Uczestnicy uczestniczący w tym kursie będą:

• Rozumieć podstawowe koncepcje zabezpieczeń, bezpieczeństwa informatycznego i bezpiecznego kodowania
• Poznać podatności internetowe poza pierwszą dziesiątką OWASP i wiedzieć, jak ich unikać
• Zrozumieć koncepcje bezpieczeństwa usług internetowych
• Nauczyć się korzystać z różnych funkcji zabezpieczeń środowiska programistycznego Javy
• Posiadać praktyczne zrozumienie kryptografii
• Zrozumieć rozwiązania bezpieczeństwa Java EE
• Dowiedzieć się o typowych błędach kodowania i jak ich unikać
• Uzyskać informacje na temat ostatnich podatności w frameworku Javy
• Posiąść praktyczną wiedzę w użyciu narzędzi do testowania bezpieczeństwa
• Otrzymać źródła i dalszą literaturę na temat praktyk bezpiecznego kodowania.

Grupa docelowa: Deweloperzy

Beyond solid knowledge in using Java components, even for experienced Java programmers it is essential to have a deep knowledge in web-related vulnerabilities both on server and client side, the different vulnerabilities that are relevant for web applications written in Java, and the consequences of the various risks.

General web-based vulnerabilities are demonstrated through presenting the relevant attacks, while the recommended coding techniques and mitigation methods are explained in the context of Java with the most important aim to avoid the associated problems. In addition, a special focus is given to client-side security tackling security issues of JavaScript, Ajax and HTML5.

The course introduces security components of Standard Java Edition, which is preceded with the foundations of cryptography, providing a common baseline for understanding the purpose and the operation of the applicable components. Security issues of Java Enterprise Edition are presented through various exercises explaining both declarative and programmatic security techniques in JEE.

Finally, the course explains the most frequent and severe programming flaws of the Java language and platform. Besides the typical bugs committed by Java programmers, the introduced security vulnerabilities cover both language-specific issues and problems stemming from the runtime environment. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques.

Participants attending this course will

• Understand basic concepts of security, IT security and secure coding
• Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
• Learn client-side vulnerabilities and secure coding practices
• Learn to use various security features of the Java development environment
• Have a practical understanding of cryptography
• Understand security concepts of Web services
• Understand security solutions of Java EE
• Learn about typical coding mistakes and how to avoid them
• Get information about some recent vulnerabilities in the Java framework
• Get practical knowledge in using security testing tools
• Get sources and further readings on secure coding practices

Audience

Developers

A number of programming languages are available today to compile code to .NET and ASP.NET frameworks. The environment provides powerful means for security development, but developers should know how to apply the architecture- and coding-level programming techniques in order to implement the desired security functionality and avoid vulnerabilities or limit their exploitation.

The aim of this course is to teach developers through numerous hands-on exercises how to prevent untrusted code from performing privileged actions, protect resources through strong authentication and authorization, provide remote procedure calls, handle sessions, introduce different implementations for certain functionality, and many more.

Introduction of different vulnerabilities starts with presenting some typical programming problems committed when using .NET, while the discussion of vulnerabilities of the ASP.NET also deals with various environment settings and their effects. Finally, the topic of ASP.NET-specific vulnerabilities not only deals with some general web application security challenges, but also with special issues and attack methods like attacking the ViewState, or the string termination attacks.

Participants attending this course will

• Understand basic concepts of security, IT security and secure coding
• Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
• Learn to use various security features of the .NET development environment
• Get practical knowledge in using security testing tools
• Learn about typical coding mistakes and how to avoid them
• Get information about some recent vulnerabilities in .NET and ASP.NET
• Get sources and further readings on secure coding practices

Audience

Developers