Ethical Hacking and Countermeasures - Plan Szkolenia

Overview

This Public Key Infrastructure – Implement and Manage course helps any individual to gain knowledge in managing robust PKI and having better understanding of topics surrounding public key infrastructure. Moreover, the PKI course is a preparation for the increasingly critical component – which ensures confidentiality, integrity, and authentication in an enterprise. Our PKI course provides the knowledge and skills necessary to select, design and deploy PKI, to secure existing and future applications within your organization. It also gives a deeper look into the foundations of cryptography and the working principles of the algorithms being used.

Throughout the whole course, participants will gain in-depth knowledge on the following topics:

• Legal aspects of a PKI
• Elements of a PKI
• PKI management
• Trust in a digital world
• Digital signature implementation
• Trust models

After completing the PKI course, each individual will be able to successfully design, setup, deploy, and manage a public key infrastructure (PKI).

This is a 3-day course is considered essential for anyone who needs to understand Public Key Infrastructure (PKI) and the issues surrounding its implementation. It covers the issues and technologies involved in PKI in-depth and gives hands-on practical experience of setting up and maintaining a variety of PKI solutions. Detailed knowledge of issues surrounding PKI helps to put recent attacks which have appeared in the news headlines into context and enable valid decisions to be made about their relevance to your organisation.

Objectives

To introduce the student to the theoretical aspects of the foundations and benefits of Public Key Infrastructure (PKI), including different types of encryption, digital signatures, digital certificates and Certificate Authorities.

To give students hands on experience of implementing and using PKI solutions with a variety of applications.

To give students an understanding of the concepts of evaluating and selecting PKI technologies

Audience

Anyone involved in Public Key Infrastructure | PKI decision-making, implementing and securing e-commerce and other Internet applications, including CIOs, Chief Security Officers, MIS Directors, Security Managers and Internal Auditors.

The Certified Digital Forensics Examiner vendor neutral certification is designed to train Cyber Crime and Fraud Investigators whereby students are taught electronic discovery and advanced investigation techniques. This course is essential to anyone encountering digital evidence while conducting an investigation.

The Certified Digital Forensics Examiner training teaches the methodology for conducting a computer forensic examination.  Students will learn to use forensically sound investigative techniques in order to evaluate the scene, collect and document all relevant information, interview appropriate personnel, maintain chain-of-custody, and write a findings report.

The Certified Digital Forensics Examiner course will benefit organizations, individuals, government offices, and law enforcement agencies interested in pursuing litigation, proof of guilt, or corrective action based on digital evidence.

Description:

This course will give the participants thorough understanding about security concepts, web application concepts and frameworks used by developers in order to be able to exploit and protect targeted application. In today’s world, that is changing rapidly and thus all the technologies used are also changed at a fast pace, web applications are exposed to hackers attacks 24/7. In order to protect the applications from external attackers one has to know all the bits and pieces that makes the web application, like frameworks, languages and technologies used in web application development, and much more than that. The problem is that attacker has to know only one way to break into the application and developer (or systems administrator) has to know all the possible exploits in order to prevent this from happening. Because of that it is really difficult to have a bullet proof secured web application, and in most of the cases web application is vulnerable to something. This is regularly exploited by cyber criminals and casual hackers, and it can be minimized by correct planning, development, web application testing and configuration.

Objectives:

To give you the skill and knowledge needed to understand and identify possible exploits in live web applications, and to exploit identified vulnerabilities. Because of the knowledge gained through the identification and exploitation phase, you should be able to protect the web application against similar attacks. After this course the participant will be able to understand and identify OWASP top 10 vulnerabilities and to incorporate that knowledge in web application protection scheme.

Audience:

Developers, Police and other law enforcement personnel, Defense and Military personnel, e-Business Security professionals, Systems administrators, Banking, Insurance and other professionals, Government agencies, IT managers, CISO’s, CTO’s.

Pisanie bezpiecznego kodu jest obowiązkiem każdego programisty.

Co by było, gdyby ktoś ci powiedział, że pomimo wszystkich twoich wysiłków, kod, który piszesz całą swoją karierę, jest pełen słabości, o których istnieniu nie wiedziałeś? Co jeśli, gdy to czytasz, hakerzy próbowali złamać twój kod? Jakie są szanse, że się im udało? Co jeśli mogliby ukraść twoją bazę danych i sprzedać ją na czarnym rynku?

Ten kurs bezpieczeństwa aplikacji internetowych zmieni sposób w jaki patrzysz na kod. Ma on warsztatową formę, podczas której nauczymy cię sztuczek hakerów i sposobów ich złagodzenia, pozostawiając Cię jedynie z pragnieniem dowiedzenia się jeszcze więcej.

Tylko od Ciebie zależy, czy chcesz być na czele grupy jako lider w walce z cyberprzestępczością.

Uczestnicy szkolenia poznają:

• Podstawowe pojęcia z zakresu bezpieczeństwa, bezpieczeństwa w IT i bezpiecznego kodowania
• Luki w sieci i jak ich unikać (OWASP i więcej)
• Luki w zabezpieczeniach klienta i dobre praktyki bezpiecznego kodowania
• Jak zabezpieczyć Nodejs
• Jak zabezpieczyć MongoDB
• Praktyczne zrozumienie kryptografii
• Podstawowe protokoły bezpieczeństwa
• Koncepcje bezpieczeństwa usług internetowych (Web services)
• Zabezpieczanie JSON
• Praktyczną wiedzę z zakresu technik i narzędzi testowania bezpieczeństwa
• Dowiedzą się, jak radzić sobie z lukami w używanych platformach, frameworkach i bibliotekach
• Uzyskają dodatkowe źródła i materiały dotyczące bezpiecznych metod kodowania

Opis
To prowadzone przez instruktora szkolenie na żywo przedstawia architekturę systemu, systemy operacyjne, kwestie związane z siecią, pamięcią masową i kryptografią, które należy wziąć pod uwagę przy projektowaniu bezpiecznych systemów wbudowanych.

Pod koniec tego kursu uczestnicy będą dobrze rozumieć zasady, obawy i technologie bezpieczeństwa. Co ważniejsze, uczestnicy zostaną wyposażeni w techniki potrzebne do tworzenia bezpiecznego oprogramowania wbudowanego.

Formuła kursu
Interaktywny wykład i dyskusja.
Dużo ćwiczeń i ćwiczeń.
Praktyczne wdrożenie w środowisku live-lab.

Język szkolenia
Polski

Interactive Application Security Testing (IAST) is a form of application security testing that combines Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) or Runtime Application Self-protection (RASP) techniques. IAST is able to report the specific lines of code responsible for a security exploit and replay the behaviors leading to and following such an exploit.

In this instructor-led, live training, participants will learn how to secure an application by instrumenting runtime agents and attack inducers to simulate application behavior during an attack.  

By the end of this training, participants will be able to:

• Simulate attacks against applications and validate their detection and protection capabilities
• Use RASP and DAST to gain code-level visibility into the data path taken by an application under different runtime scenarios
• Quickly and accurately fix the application code responsible for detected vulnerabilities
• Prioritize the vulnerability findings from dynamic scans
• Use RASP real-time alerts to protect applications in production against attacks.
• Reduce application vulnerability risks while maintaining production schedule targets
• Devise an integrated strategy for overall vulnerability detection and protection

Audience

• DevOps engineers
• Security engineers
• Developers

Format of the course

• Part lecture, part discussion, exercises and heavy hands-on practice

 

Target Audience would be - Network server administrators, firewall administrators, information security analysts, system administrators, and risk assessment professionals 

Kurs "Cyberbezpieczeństwo w praktyce dla początkujących" skupia się na aspektach bezpieczeństwa komputerowego w codziennym użytkowaniu. Zapewnia interaktywne wykłady, dyskusje oraz praktyczne ćwiczenia w środowisku na żywo. Omawiane zagadnienia obejmują bezpieczeństwo danych, ryzyko wycieku informacji osobistych, bezpieczeństwo płatności online, ochronę przed oszustwami internetowymi, bezpieczeństwo korzystania z Internetu, dobre praktyki związane z hasłami, oprogramowaniem antywirusowym, kopiami bezpieczeństwa, szyfrowaniem danych, aktualizacjami systemów oraz bezpieczeństwem pracy zdalnej.

PowerShell is a task management framework that allows systems administrators to configure and automate tasks using scripting language and command-line shells. PowerShell’s task automation capabilities enable users to manage and enhance Windows environment security across their organization.

This instructor-led, live training (online or onsite) is aimed at SysAdmins, systems engineers, security architects, and security analysts who wish to write, execute, and deploy PowerShell scripts and commands to automate Windows security management in their organization.

By the end of this training, participants will be able to:

• Write and execute PowerShell commands to streamline Windows security tasks.
• Use PowerShell for remote command execution to run scripts on thousands of systems across an organization.
• Configure and harden Windows Server and Windows Firewall to protect systems from malware and attacks.
• Manage certificates and authentication to control user access and activity.

Format of the Course

• Interactive lecture and discussion.
• Lots of exercises and practice.
• Hands-on implementation in a live-lab environment.

Course Customization Options

• To request a customized training for this course, please contact us to arrange.

Wraz z wzrostem popularności urządzeń mobilnych, coraz ważniejsze staje się zapewnienie odpowiedniego poziomu bezpieczeństwa przeznaczonych na nie aplikacji. Jakie wyzwania stawia przed twórcami aplikacji system Android? Jak skutecznie analizować aplikacje Androidowe w poszukiwaniu podatności?

Participants attending this course will

• Understand basic concepts of security, IT security and secure coding
• Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
• Learn client-side vulnerabilities and secure coding practices
• Have a practical understanding of cryptography
• Learn to use various security features of PHP
• Learn about typical coding mistakes and how to avoid them
• Be informed about recent vulnerabilities of the PHP framework
• Get practical knowledge in using security testing tools
• Get sources and further readings on secure coding practices
• Learn advanced concepts in PHP programming.
• Establish consistency and solve advanced problems using PHP programming.

Format of the course

• Part lecture, part discussion, exercises and heavy hands-on practice

Automotive cyber security refers to the securing of automotive electronic systems, communication networks, control algorithms, software, users, and underlying data from malicious attacks, damage, unauthorized access, or manipulation.

This instructor-led, live training (online or onsite) is aimed at engineers who wish to safeguard connected vehicles from cyber attacks.

By the end of this training, participants will be able to:

• Implement cybersecurity in automotive systems.
• Choose the most suitable technologies, tools, and approaches.

Format of the course

• Interactive lecture and discussion.
• Lots of exercises and practice.
• Hands-on implementation in a live-lab environment.

Course Customization Options

• To request a customized training for this course, please contact us to arrange.

This course is designed to help the attendee to build organizational resilience against a range of threats so that organizations can respond effectively to incidents, maintain the availability of business operations and safeguard its interests. 

BeyondCorp is an open source Zero Trust security framework that allows employees to work securely from any location without the need for a traditional VPN.

In this instructor-led, live training, participants will learn hands-on how to set up a Zero Security system as they set up and deploy BeyondCorop in a live-lab environment.

By the end of this training, participants will be able to:

• Assess their organization's existing security model.
• Shift access controls from the perimeter to individual devices and users.
• Deploy applications using a user and device-centric authentication and authorization workflow.
• Understand, plan and implement a Zero Trust network within their organization.

Audience

• Network engineers
• Cyber security professionals
• System architects
• IT managers

Format of the Course

• Part lecture, part discussion, exercises and heavy hands-on practice

Note

• To request a customized training for this course, please contact us to arrange.

Szkolenie "Bezpieczeństwo IT - wprowadzenie" to kompleksowy kurs obejmujący kluczowe zagadnienia cyberbezpieczeństwa. Uczestnicy zdobędą wiedzę z zakresu identyfikacji cyfrowej, bezpieczeństwa informacji oraz podstaw sieci komputerowych, protokołów i firewalli. Kurs obejmuje także narzędzia z zakresu testów penetracyjnych, praktyczne demonstracje i zagadnienia związane z zarządzaniem ryzykiem i reagowaniem na incydenty