Szkolenia Cyber Security
Lokalne, prowadzone przez instruktora szkolenia z zakresu Cyber Security (znane również jako Cybersecurity, Internet Security lub IT Security) demonstrują poprzez interaktywną dyskusję i praktyczne ćwiczenia, jak zrozumieć, zaplanować i wdrożyć strategię Cyberbezpieczeństwa w swojej organizacji Szczególną uwagę poświęcono ustanowieniu odpowiednich systemów i procedur potrzebnych do wykrywania i łagodzenia zagrożeń Kursy bezpieczeństwa w Internecie są dostępne jako interaktywne szkolenia, a wiele z nich zawiera komponent testujący i certyfikacyjny Szkolenie w zakresie cyberbezpieczeństwa jest dostępne jako "szkolenie na miejscu" lub "szkolenie na żywo" Szkolenie na żywo w siedzibie klienta może odbywać się lokalnie w siedzibie klienta w Polsce lub w centrach szkoleniowych korporacji NobleProg w Polsce Zdalne szkolenie na żywo odbywa się za pomocą interaktywnego, zdalnego pulpitu NobleProg Twój lokalny dostawca szkoleń.
Opinie uczestników
umiejętności komunikacyjne trenera
Flavio Guerrieri
Nazwa kursu: CISM - Certified Information Security Manager
Translated by
communication skills of the trainer
głęboka wiedza, prawdziwe przykłady, fakt, że trener jest również ćwiczącym 18 W
18 Wojskowy Oddział Gospodarczy
Nazwa kursu: CRISC - Certified in Risk and Information Systems Control
Translated by
deep knowledge, real examples, the fact that trainer is also a practicioner
knowledge,
18 Wojskowy Oddział Gospodarczy
Nazwa kursu: CRISC - Certified in Risk and Information Systems Control
Translated by
knowledge,
Wiedza, umiejętności.
Luis Miguel Lara - Blue Indico Investments, S.L.U.
Nazwa kursu: CCSK - Certificate of Cloud Security Knowledge - Plus
Translated by
Knowledge
Sposób, w jaki wyjaśnił nam podczas 2 dni i jego sposobu bycia, co sprawia, że nauka jest przyjemna.
Víctor Miguel Prado Saster - Blue Indico Investments, S.L.U.
Nazwa kursu: CCSK - Certificate of Cloud Security Knowledge - Plus
Translated by
The way in which he explained to us during the 2 days and his way of being, which makes learning enjoyable.
Wiedza nauczyciela.
Ariany Auxiliadora Pulido Gonzalez - Blue Indico Investments, S.L.U.
Nazwa kursu: CCSK - Certificate of Cloud Security Knowledge - Plus
Translated by
The teacher's knowledge
Trener był bardzo miły i dostępny. Doceniam jego wiedzę, umiejętności i przygotowanie na ten temat. Co więcej, zapewnił nam dodatkową treść o IoT, bardzo interesującą.
Giuseppe Fiorita - Blue Indico Investments, S.L.U.
Nazwa kursu: CCSK - Certificate of Cloud Security Knowledge - Plus
Translated by
The trainer was very nice and available. I appreciated his knowledge, skills and preparation about the subject. Furthermore, he provided us extra content about IoT, very interesting
Ahmed zawsze starał się o nas uważać.
Alberto Brezmes - Blue Indico Investments, S.L.U.
Nazwa kursu: CCSK - Certificate of Cloud Security Knowledge - Plus
Translated by
Ahmed always was trying to keep attention of us
Metody trenera, aby przyciągnąć naszą uwagę.
Antonio Osuna Sánchez - Blue Indico Investments, S.L.U.
Nazwa kursu: CCSK - Certificate of Cloud Security Knowledge - Plus
Translated by
The trainer methods to attract our attention.
Podkategorie
Plany Kursów
| Kod | Nazwa | Czas trwania | Charakterystyka kursu |
|---|---|---|---|
| pki | Public Key Infrastructure | 21 godz. | Szkolenie kierowane jest do wszystkich administratorów systemów operacyjnych, którzy planują wdrożenie infrastruktury kluczy publicznych opartej na MS Windows Server 2012 R2 oraz planują wykorzystanie kwalifikowanych certyfikatów podpisu elektronicznego. Uczestnicy szkolenia zapoznają się z podstawowymi zagadnieniami związanymi z implementacją infrastruktury kluczy publicznych, a także z ideą stosowania najnowszych rozwiązań kryptograficznych przy zabezpieczaniu systemów informatycznych. Na bazie systemu operacyjnego MS Windows Serwer 2012 R2 omawiane są możliwości wykorzystania usług certyfikacji na potrzeby przedsiębiorstwa. W trakcie szkolenia w środowisku wirtualnym instalowane jest kompletne centrum certyfikacji i omawiane są najważniejsze zagadnienia związane z zarządzaniem i administracją infrastrukturą kluczy publicznych w domenie Active Directory. Szkolenie obejmuje także wiedzę teoretyczną oraz praktyczną dotyczącą korzystania z podpisów elektronicznych wystawianych przez centra certyfikacji w Polsce zgodnie z „Ustawą o podpisie elektronicznym”. Omawiane są zagadnienia prawne, wymogi ustawowe, a także przykłady wykorzystania certyfikatów podpisu elektronicznego w Polsce. Uczestnicy szkolenia uzyskają wiedzę potrzebną do tworzenia elektronicznej korespondencji związanej z komunikacją z urzędami administracji publicznej oraz korzystania z innych usług, które umożliwiają lub wymagają użycia takiego typu identyfikacji tożsamości. |
| cism | CISM - Certified Information Security Manager | 28 godz. | Description:; CISM® is the most prestigious and demanding qualification for Information Security Managers around the globe today. This qualification provides you with a platform to become part of an elite peer network who have the ability to constantly learn and relearn the growing opportunities/ challenges in Information Security Management. Our CISM training methodology provides an in-depth coverage of contents across the Four CISM domains with a clear focus on building concepts and solving ISACA released CISM exam questions. The course is an intense training and hard-core exam preparation for ISACA’s Certified Information Security Manager (CISM®) Examination. We have delivered more than 100+ CISM training events in the United Kingdom and Europe. Our instructors encourage all attending delegates to go through the ISACA released CISM QA&E (Questions, Answers and Explanations) as exam preparation - you get this FREE as part of our course. The QA&E is exceptional in helping delegates understand the ISACA style of questions, approach to solving these questions and it helps rapid memory assimilation of the CISM concepts during live classroom sessions. All our trainers have extensive experience in delivering CISM training. We will thoroughly prepare you for the CISM examination. If you do not pass first time, then join us again for exam preparation free of charge. Goal: The ultimate goal is to pass your CISM examination first time. Objectives: Use the knowledge gained in a practical manner beneficial to your organisation Establish and maintain an Information security governance framework to achieve your organization goals and objectives Manage Information risk to an acceptable level to meet the business and compliance requirements Establish and maintain information security architectures (people, process, technology) Integrate information security requirements into contracts and activities of third parties/ suppliers Plan, establish and manage the capability to detect, investigate, respond to and recover from information security incidents to minimize business impact Target Audience: Security professionals with 3-5 years of front-line experience; Information security managers or those with management responsibilities; Information security staff, information security assurance providers who require an in-depth understanding of information security management including: CISO's, CIO's, CSO's, privacy officers, risk managers, security auditors and compliance personnel, BCP / DR personnel, executive and operational managers responsible for assurance functions. |
| cl-vip | Voice Over IP Security | 14 godz. | As voice over IP (VoIP) systems are vulnerable to the same threats as data networks – like viruses, identity theft, spam, fraud, privacy invasion, and denial of service attacks –, aim of this training is to teach programmers, software architects, network engineers and project managers to the VoIP security features, the various security issues of VoIP, and most importantly the best practices to support risk mitigation. VoIP security is introduced at the raw protocol level, concentrating on attack methodologies that are used against the most popular VoIP protocols. Participants will not only be able to choose and use the appropriate standards and best practices, but will also be prepared to fix the occurring vulnerabilities by applying the relevant countermeasures. Audience Professionals |
| cl-jwe | Advanced Java, JEE and Web Application Security | 28 godz. | Beyond a solid knowledge in using Java components, even for experienced Java programmers it is essential to have a deep knowledge in web-related vulnerabilities both on server and client side, the different vulnerabilities that are relevant for web applications written in Java, and the consequences of the various risks. General web-based vulnerabilities are demonstrated through presenting the relevant attacks, while the recommended coding techniques and mitigation methods are explained in the context of Java with the most important aim to avoid the associated problems. In addition, a special focus is given to client-side security tackling security issues of JavaScript, Ajax and HTML5. The course introduces security components of Standard Java Edition, which is preceded with the foundations of cryptography, providing a common baseline for understanding the purpose and the operation of the applicable components. Security issues of Java Enterprise Edition are presented through various exercises explaining both declarative and programmatic security techniques in JEE. Finally, the course explains the most frequent and severe programming flaws of the Java language and platform. Besides the typical bugs committed by Java programmers, the introduced security vulnerabilities cover both language-specific issues and problems stemming from the runtime environment. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques. Participants attending this course will Understand basic concepts of security, IT security and secure coding Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them Learn client-side vulnerabilities and secure coding practices Learn to use various security features of the Java development environment Have a practical understanding of cryptography Understand security concepts of Web services Understand security solutions of Java EE Learn about typical coding mistakes and how to avoid them Get information about some recent vulnerabilities in the Java framework Get practical knowledge in using security testing tools Get sources and further readings on secure coding practices Audience Developers |
| shiro | Apache Shiro: Securing your Java application | 7 godz. | Apache Shiro is a powerful Java security framework that performs authentication, authorization, cryptography, and session management. In this instructor-led, live training, participants will learn how to secure a web application with Apache Shiro. By the end of this training, participants will be able to: Use Shiro's API to secure various types of applications, including mobile, web and enterprise Enable logins from various data sources, including LDAP, JDBC, Active Directory, etc. Audience Developers Security engineers Format of the course Part lecture, part discussion, exercises and heavy hands-on practice |
| iottech | IoT (Internet of Things) - Technology Overview | 7 godz. | Internet of Things (IoT) jest koncepcją połączonej sieci obiektów (fizycznych urządzeń) - pojazdów, budynków, telefonów komórkowych itp. które poprzez wbudowaną elektronikę, oprogramowanie, czujniki oraz karty sieciowe, mogą komunikować się z sobą, wymieniać i gromadzić dane. IoT umożliwia wykrywanie i zdalne sterowanie urządzeniami za pomocą istniejącej infrastruktury sieciowej. Tworzy możliwość bardziej bezpośredniej integracji świata fizycznego z systemami komputerowymi, której wynikiem może być np. zwiększenie bezpieczeństwa, optymalizacja rozłożenia natęrzenia ruchu drogowego, inteligentne domy oraz mnóstwo innych wymiernych korzyści biznesowych. Szkolenie ma na celu przekazanie uczestnikom wiedzy o IoT, trendów rozwoju oraz pokazać jakie oraz jak gromadzić dane i do czego można je później wykorzystać. |
| cismp | CISMP - Certificate in Information Security Management Principles | 35 godz. | A thorough, practical, 5 day course designed to provide the knowledge and skills required to manage information security, information assurance or information risk based processes. The CISMP course is aligned with the latest national information assurance frameworks (IAMM), as well as ISO/IEC 27002 & 27001; the code of practice and standard for information security. This course is a CESG Certified Training (CCT) course. The course follows the latest BCS syllabus and prepares delegates for the 2 hour multiple choice BCS examination which is sat on the afternoon of the last day of the course. This qualification provides delegates with detailed knowledge of the concepts relating to information security; (confidentiality, integrity, availability, vulnerability, threats, risks and countermeasures), along with an understanding of current legislation and regulations which impact information security management. Award holders will be able to apply the practical principles covered throughout the course ensuring normal business processes become robust and more secure. |
| cl-pcr | Practical Cryptography for Software Engineers | 21 godz. | Implementing a secure networked application can be difficult, even for developers who may have used various cryptographic building blocks (such as encryption and digital signatures) beforehand. In order to make the participants understand the role and usage of these cryptographic primitives, first a solid foundation on the main requirements of secure communication – secure acknowledgement, integrity, confidentiality, remote identification and anonymity – is given, while also presenting the typical problems that may damage these requirements along with real-world solutions. After establishing the basics, the typical elements of cryptosystems and the most widely-used cryptographic algorithms in symmetric cryptography, hashing, asymmetric cryptography, and key agreement are detailed. Instead of presenting an in-depth mathematical background, these elements are discussed from a developer's perspective, showing typical use-case examples and practical considerations related to the use of crypto, such as public key infrastructures. Security protocols in many different areas of secure communication are introduced, with an in-depth discussion on the most widely-used protocol families such as IPSEC and SSL/TLS. Finally, typical crypto vulnerabilities are discussed – both related to certain crypto algorithms and cryptographic protocols, such as BEAST, CRIME, TIME, BREACH, FREAK, Logjam, Padding oracle, Lucky Thirteen, POODLE and similar, as well as the RSA timing attack. In each case, the practical considerations and potential consequences are described for each problem, again, without going into deep mathematical details. Participants attending this course will Understand basic concepts of security, IT security and secure coding Understand the requirements of secure communication Have a practical understanding of cryptography Understand essential security protocols Understand some recent attacks against cryptosystems Get information about some recent implementation problems Get sources and further readings on secure coding practices Audience Developers, Professionals |
| cl-jad | Advanced Java Security | 21 godz. | Even experienced Java programmers are not mastering by all means the various security services offered by Java, and are likewise not aware of the different vulnerabilities that are relevant for web applications written in Java. The course – besides introducing security components of Standard Java Edition – deals with security issues of Java Enterprise Edition (JEE) and web services. Discussion of specific services is preceded with the foundations of cryptography and secure communication. Various exercises deal with declarative and programmatic security techniques in JEE, while both transport-layer and end-to-end security of web services is discussed. The use of all components is presented through several practical exercises, where participants can try out the discussed APIs and tools for themselves. The course also goes through and explains the most frequent and severe programming flaws of the Java language and platform and web-related vulnerabilities. Besides the typical bugs committed by Java programmers, the introduced security vulnerabilities cover both language-specific issues and problems stemming from the runtime environment. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques. Participants attending this course will Understand basic concepts of security, IT security and secure coding Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them Understand security concepts of Web services Learn to use various security features of the Java development environment Have a practical understanding of cryptography Understand security solutions of Java EE Learn about typical coding mistakes and how to avoid them Get information about some recent vulnerabilities in the Java framework Get practical knowledge in using security testing tools Get sources and further readings on secure coding practices Audience Developers |
| indy | Blockchain: Hyperledger Indy for Identity Management | 14 godz. | Indy is a Hyperledger project for creating decentralized identity systems. It includes tools, libraries and reusable components for creating digital identities rooted in blockchains or other distributed ledgers. In this instructor-led, live training, participants will learn how to create an Indy-based decentralized identity system. By the end of this training, participants will be able to: Create and manage decentralized, self-sovereign identities using distributed ledgers. Enable interoperability of digital identities across domains, applications, and silos. Understand key concepts such as user-controlled exchange, revocation, Decentralized Identifiers (DIDs), off-ledger agents, data minimization, etc. Use Indy to enable identity owners to independently control their personal data and relationships. Audience Developers Format of the course Part lecture, part discussion, exercises and heavy hands-on practice |
| webap | WEBAP - Web Application Security | 28 godz. | Description: This course will give the participants thorough understanding about security concepts, web application concepts and frameworks used by developers in order to be able to exploit and protect targeted application. In today’s world, that is changing rapidly and thus all the technologies used are also changed at a fast pace, web applications are exposed to hackers attacks 24/7. In order to protect the applications from external attackers one has to know all the bits and pieces that makes the web application, like frameworks, languages and technologies used in web application development, and much more than that. The problem is that attacker has to know only one way to break into the application and developer (or systems administrator) has to know all of the possible exploits in order to prevent this from happening. Because of that it is really difficult to have a bullet proof secured web application, and in most of the cases web application is vulnerable to something. This is regularly exploited by cyber criminals and casual hackers, and it can be minimized by correct planning, development, web application testing and configuration. Objectives: To give you the skill and knowledge needed to understand and identify possible exploits in live web applications, and to exploit identified vulnerabilities. Because of the knowledge gained through the identification and exploitation phase, you should be able to protect the web application against similar attacks. After this course the participant will be able to understand and identify OWASP top 10 vulnerabilities and to incorporate that knowledge in web application protection scheme. Audience: Developers, Police and other law enforcement personnel, Defense and Military personnel, e-Business Security professionals, Systems administrators, Banking, Insurance and other professionals, Government agencies, IT managers, CISO’s, CTO’s. |
| cissp | CISSP - Certified Information Systems Security Professional | 35 godz. | Overview: Certified Information Systems Security Professional certification is recognised as a key qualification for developing a senior career in information security, audit and IT governance management. Held by over 30,000 qualified professionals worldwide, the Certified Information Systems Security Professional qualification shows proven knowledge and is the key to a higher earning potential in roles that include CISO, CSO and senior security manager. You will learn to: Use the knowledge gained in a practical manner beneficial to your organisation Protect your organisational assets using access control techniques and strengthen confidentiality and integrity controls from the world of cryptography Secure your network architecture and design (implement Cyber security) Achieve your organisational objectives such as legal & compliance, Information assurance, security and data governance Enhance IT services secure delivery via Security operations, architecture and design principles Implement business resiliency via Business Continuity Plan You will gain a thorough understanding of the 8 domains as prescribed by (ISC)2®. The Main Goal: To pass your CISSP examination first time. Target Audience: This training is intended for individuals preparing for the CISSP certification exam. |
| CL-CHS | Crypto Chip-Set Security | 14 godz. | The biggest challenge for professionals working on design and development of crypto chip-sets is to be continuously up-to-date regarding the attack methods and their mitigation. Serving them, this course explains various physical and logical attacks on security chips, possible countermeasures and best practices. Regarding physical attacks, the passive attacks are detailed through optical reverse engineering and various side channel analysis methods, while active attacks are discussed with special emphasis on fault injection, Focused Ion Beams and hardware Trojans. The very powerful passive and active combined attack (PACA) type is introduced through the practical example of RSA implementations. Discussion of logical attacks not only covers practical attacks against specific cryptographic algorithm implementations, but also the relevant programming bugs and mitigation techniques like buffer overflow or integer problems are introduced. Finally, a set of guidelines is assembled to follow by engineers working in this field, and the testing methods are presented that can help to find and avoid the discussed security flaws and vulnerabilities. Participants attending this course will Understand basic concepts of security, IT security and secure coding Understand the requirements of secure communication Have a practical understanding of cryptography Understand essential security protocols Audience Professionals |
| cl-jwa | Java and Web Application Security | 21 godz. | Description Beyond a solid knowledge in using Java components, even for experienced Java programmers it is essential to have a deep knowledge in web-related vulnerabilities both on server and client side, the different vulnerabilities that are relevant for web applications written in Java, and the consequences of the various risks. General web-based vulnerabilities are demonstrated through presenting the relevant attacks, while the recommended coding techniques and mitigation methods are explained in the context of Java with the most important aim to avoid the associated problems. In addition, a special focus is given to client-side security tackling security issues of JavaScript, Ajax and HTML5. The course introduces security components of Standard Java Edition, which is preceded with the foundations of cryptography, providing a common baseline for understanding the purpose and the operation of the applicable components. The use of all components is presented through practical exercises, where participants can try out the discussed APIs and tools for themselves. Finally, the course explains the most frequent and severe programming flaws of the Java language and platform. Besides the typical bugs committed by Java programmers, the introduced security vulnerabilities cover both language-specific issues and problems stemming from the runtime environment. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques. Participants attending this course will Understand basic concepts of security, IT security and secure coding Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them Learn client-side vulnerabilities and secure coding practices Learn to use various security features of the Java development environment Have a practical understanding of cryptography Learn about typical coding mistakes and how to avoid them Get information about some recent vulnerabilities in the Java framework Get practical knowledge in using security testing tools Get sources and further readings on secure coding practices Audience Developers |
| GDPR1 | GDPR Workshop | 7 godz. | This one-day course is for people looking for a brief outline of the GDPR – General Data Protection Regulations coming out May 25, 2018. This is ideal for managers, department heads, and employees who need to understand the basics of the GDPR. |
| crisc | CRISC - Certified in Risk and Information Systems Control | 21 godz. | Description: This class is intended as intense and hard core exam preparation for ISACA’s Certified Information Systems Auditor (CRISC) Examination. The five (5) domains of ISACA’s CRISC syllabus will be covered with a big focus on the Examination. The Official ISACA CIRSC Review Manual and Question, Answer and Explanation, (Q,A&E), supplements will ALSO be provided when attending. The Q,A&E is exceptional in helping delegates understand the ISACA style of questions, the type of answers ISACA are looking for and it helps rapid memory assimilation of the material. The technical skills and practices that ISACA promotes and evaluates within the CRISC certification are the building blocks of success in the field. Possessing the CRISC certification demonstrates your skill within the profession. With a growing demand for professionals holding risk and control expertise, ISACA’s CRISC has positioned itself to be the preferred certification program by individuals and enterprises around the world. The CRISC certification signifies commitment to serving an enterprise and the chosen profession with distinction. Objectives: To help you pass the CRISC examination first time possessing this certification will signify your commitment to serving an enterprise with distinction the growing demand for professionals with risk and control skills will allow holders of this certification to command better positions and salary You will learn: To help enterprises accomplish business objectives by designing, implementing, monitoring and maintaining risk-based, efficient and effective IS controls. The technical skills and practices that CRISC promotes, these are the building blocks of success in the field |
| gdpr | RODO / GDPR - zmiany prawne, wprowadzenie teoretyczne, praktyczne aspekty | 14 godz. | Dwudniowy kurs wprowadzający do GDPR (General Data Protection Regulation) czy jej polskiego odpowiednika RODO (Rozporządzenie o Ochronie Danych Osobowych) – najpoważniejszej od dwudziestu lat zmiany w ochronie danych osobowych. Szkolenie obejmie wszystkie zmiany wprowadzane przez GDPR, podstawy teoretyczne oraz omówienie praktycznego wymiaru zmian. Pozycja obowiązkowa dla kadry kierowniczej oraz osób odpowiedzialnych za bezpieczeństwo informacji w projektach informatycznych. |
| cl-beh | Beyond Ethical Hacking - Advanced Software Security | 35 godz. | Beyond a solid knowledge in using security solutions of the applied technologies, even for experienced programmers it is essential to have a deep understanding of the typical attack techniques that are possible due the various vulnerabilities, i.e. security-relevant programming mistakes. This course approaches secure coding from the stand point of the attack techniques, but with the same purpose as any other course of SCADEMY Secure Coding Academy: to learn software security best practices. General web-based vulnerabilities are demonstrated through presenting the relevant attacks, while the recommended coding techniques and mitigation methods are explained with the most important aim to avoid the associated problems. Besides server side issues (basically following the OWASP Top Ten), a special focus is given to client-side security tackling security issues of JavaScript, Ajax and HTML5, which is followed by discussing web services and XML security. A brief introduction to the foundations of cryptography provides a common practical baseline for understanding the purpose and the operation of various algorithms. Specifically for C and C++, we go into more details regarding the exploitation of buffer overflows on the stack and on the heap. After showing the attack techniques, we give an overview of practical protection methods that can be applied at different levels (hardware components, the operating system, programming languages, the compiler, the source code or in production) to prevent the occurrence of the various bugs, to detect them during development and before market launch, or to prevent their exploitation during system operation. Finally, we discuss counter attacks, and then counter-protection measures, highlighting the cat-and-mouse nature of hacking and protection. Finally, the course explains the most frequent and severe programming flaws in general, by bringing examples in Java, .NET, C and C++ languages and platforms. Besides the typical bugs committed by the programmers, the introduced security vulnerabilities cover both language-specific issues and problems stemming from the runtime environment or the used libraries. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques. Finally, we present security testing techniques and tools that can be applied to reveal the discussed vulnerabilities, along with the various techniques for reconnaissance, configuration and hardening of the environment. Participants attending this course will Understand basic concepts of security, IT security and secure coding Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them Learn client-side vulnerabilities and secure coding practices Understand security concepts of Web services Have a practical understanding of cryptography Realize the severe consequences of unsecure buffer handling Understand the architectural protection techniques and their weaknesses Learn about typical coding mistakes and how to exploit them Be informed about recent vulnerabilities in various platforms, frameworks and libraries Learn essential vulnerability analysis and testing techniques and tools Get sources and further readings on secure coding practices Audience Developers |
| cl-jsc | Standard Java Security | 14 godz. | Description The Java language and the Runtime Environment (JRE) was designed to be free from the most problematic common security vulnerabilities experienced in other languages, like C/C++. Yet, software developers and architects should not only know how to use the various security features of the Java environment (positive security), but should also be aware of the numerous vulnerabilities that are still relevant for Java development (negative security). The introduction of security services is preceded with a brief overview of the foundations of cryptography, providing a common baseline for understanding the purpose and the operation of the applicable components. The use of these components is presented through several practical exercises, where participants can try out the discussed APIs for themselves. The course also goes through and explains the most frequent and severe programming flaws of the Java language and platform, covering both the typical bugs committed by Java programmers and the language- and environment-specific issues. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques. Participants attending this course will Understand basic concepts of security, IT security and secure coding Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them Learn to use various security features of the Java development environment Have a practical understanding of cryptography Learn about typical coding mistakes and how to avoid them Get information about some recent vulnerabilities in the Java framework Get sources and further readings on secure coding practices Audience Developers |
| GDRPAd | GDPR Advanced | 21 godz. | This is more in-depth and would be for those working a great deal with the GDPR and who may be appointed to the GDPR team. This would be ideal for IT, human resources and marketing employees and they will deal extensively with the GDPR. |
| cdp | CDP - Certificate in Data Protection | 35 godz. | Description: There is a need to provide adequate training on the Data Protection Act 1998 "the Act" and its implications for both organisations and individuals. There are important differences between the Act and its predecessor, the Data Protection Act 1984. In particular, the Act contains important new obligations in relation to manual records and transborder data flows, a new notification system and amended principles. It is important to understand the Act in the European context. Those experienced in data protection issues, as well as those new to the subject, need to be trained so that their organisations are confident that legal compliance is continually addressed. It is necessary to identify issues requiring expert data protection advice in good time in order that organisational reputation and credibility are enhanced through relevant data protection policies and procedures. Objectives: The aim of the syllabus is to promote an understanding of how the data protection principles work rather than simply focusing on the mechanics of regulation. The syllabus places the Act in the context of human rights and promotes good practice within organisations. On attaining the certificate, award holders will possess: an appreciation of the broader context of the Act. an understanding of the way in which the Act and the Privacy and Electronic Communications (EC Directive) Regulations 2003 work a broad understanding of the way associated legislation relates to the Act an understanding of what has to be done to achieve compliance a recognised qualification in data protection Course Synopsis: The syllabus comprises three main parts, each with many sub-sections! Context - this will address the origins of and reasons for the Act together with consideration of privacy in general. Law – Data Protection Act - this will address the main concepts and elements of the Act and subordinate legislation. Application - this will consider how compliance is achieved and how the Act works in practice. |
| owasp | Web Security with the OWASP Testing Framework | 28 godz. | The Open Web Application Security Project is an online community which creates freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security. OWASP offers testing frameworks and tools for identifying vulnerabilities in web applications and services Audience This course is directed at Developers, Engineers and Architects seeking to secure their web apps and services |
| cl-jpw | Combined JAVA, PHP and Web Application Security | 28 godz. | Even experienced programmers do not master by all means the various security services offered by their development platforms, and are likewise not aware of the different vulnerabilities that are relevant for their developments. This course targets developers using both Java and PHP, providing them essential skills necessary to make their applications resistant to contemporary attacks through the Internet. Levels of Java security architecture are walked through by tackling access control, authentication and authorization, secure communication and various cryptographic functions. Various APIs are also introduced that can be used to secure your code in PHP, like OpenSSL for cryptography or HTML Purifier for input validation. On server side, best practices are given for hardening and configuring the operating system, the web container, the file system, the SQL server and the PHP itself, while a special focus is given to client-side security through security issues of JavaScript, Ajax and HTML5. General web vulnerabilities are discussed by examples aligned to the OWASP Top Ten, showing various injection attacks, script injections, attacks against session handling, insecure direct object references, issues with file uploads, and many others. The various Java- and PHP-specific language problems and issues stemming from the runtime environment are introduced grouped into the standard vulnerability types of missing or improper input validation, improper use of security features, incorrect error and exception handling, time- and state-related problems, code quality issues and mobile code-related vulnerabilities. Participants can try out the discussed APIs, tools and the effects of configurations for themselves, while the introduction of vulnerabilities are all supported by a number of hands-on exercises demonstrating the consequences of successful attacks, showing how to correct the bugs and apply mitigation techniques, and introducing the use of various extensions and tools. Participants attending this course will Understand basic concepts of security, IT security and secure coding Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them Learn client-side vulnerabilities and secure coding practices Learn to use various security features of the Java development environment Have a practical understanding of cryptography Learn to use various security features of PHP Understand security concepts of Web services Get practical knowledge in using security testing tools Learn about typical coding mistakes and how to avoid them Be informed about recent vulnerabilities in Java and PHP frameworks and libraries Get sources and further readings on secure coding practices Audience Developers |
| cl-csc | C/C++ Secure Coding | 14 godz. | Description The training explains in details the mechanisms underlying typical C/C++ security relevant programming bugs – the common security vulnerabilities. The root causes of the problems are explained through a number of easy-to-understand source code examples, which at the same time make clear how to find and correct these problems in practice. The real strength of the course lays in numerous hands-one exercises, which help the participants understand how easy it is to exploit these vulnerabilities by the attackers. The course also gives an overview of practical protection methods that can be applied at different levels (hardware components, the operating system, programming languages, the compiler, the source code or in production) to prevent the occurrence of the various bugs, to detect them during development and before market launch, or to prevent their exploitation during system operation. Through exercises specially tailored to these mitigation techniques participants can learn how simple – and moreover cheap – it is to get rid of various security problems. Participants attending this course will Understand basic concepts of security, IT security and secure coding Realize the severe consequences of unsecure buffer handling Understand the architectural protection techniques and their weaknesses Learn about typical coding mistakes and how to avoid them Be informed about recent vulnerabilities in various platforms, frameworks and libraries Get sources and further readings on secure coding practices Audience Developers |
| secana | Security Analyst | 35 godz. | Target Audience would be - Network server administrators, firewall administrators, information security analysts, system administrators, and risk assessment professionals |
| chfi | CHFI - Certified Digital Forensics Examiner | 35 godz. | The Certified Digital Forensics Examiner vendor neutral certification is designed to train Cyber Crime and Fraud Investigators whereby students are taught electronic discovery and advanced investigation techniques. This course is essential to anyone encountering digital evidence while conducting an investigation. The Certified Digital Forensics Examiner training teaches the methodology for conducting a computer forensic examination. Students will learn to use forensically sound investigative techniques in order to evaluate the scene, collect and document all relevant information, interview appropriate personnel, maintain chain-of-custody, and write a findings report. The Certified Digital Forensics Examiner course will benefit organizations, individuals, government offices, and law enforcement agencies interested in pursuing litigation, proof of guilt, or corrective action based on digital evidence. |
| cyberwarfare | Fundamentals of corporate cyberwarfare | 14 godz. | Audience Cyber security specialists System administrators Cyber security managers Cyber security auditors CIOs Format of the course Heavy emphasis on hands-on practice. Most of the concepts are learned through samples, exercises and hands-on development. |
| cl-cna | Combined C/C++/C#, ASP.NET and Web Application Security | 28 godz. | Serving teams that use managed code (.NET and ASP.NET typically written in C#) together with native code development (typically C/C++), this training gives a comprehensive overview of the security issues in both environments. Concerning C/C++, common security vulnerabilities are discussed, backed by practical exercises about the attacking methods that exploit these vulnerabilities, with the focus on the mitigation techniques that can be applied to prevent the occurrences of these dangerous bugs, detect them before market launch or prevent their exploitation. The course also covers both the various general (like web services) and specific security solutions and tools, and the most frequent and severe security flaws of managed code, dealing with both language-specific issues and the problems stemming from the runtime environment. The vulnerabilities relevant to the ASP.NET platform are detailed along with the general web-related vulnerabilities following the OWASP Top Ten list. The course consists of a number of exercises through which attendees can easily understand and execute attacks and protection methods. Participants attending this course will Understand basic concepts of security, IT security and secure coding Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them Learn client-side vulnerabilities and secure coding practices Learn to use various security features of the .NET development environment Have a practical understanding of cryptography Get information about some recent vulnerabilities in .NET and ASP.NET Realize the severe consequences of unsecure buffer handling in native code Understand the architectural protection techniques and their weaknesses Learn about typical coding mistakes and how to avoid them Get practical knowledge in using security testing tools Get sources and further readings on secure coding practices Audience Developers |
| cl-sdw | Web Application Security with SDL | 21 godz. | Description The course gives an insight into secure software design, development and testing through Microsoft Secure Development Lifecycle (SDL) with a focus on web application security. It provides a level 100 overview of the fundamental building blocks of SDL, followed by design techniques to apply to detect and fix flaws in early stages of the development process of web applications. Dealing with the development phase, the course gives an overview of the typical security relevant programming bugs in web applications. In this it follows the OWASP Top Ten, but also introduces some client-side issues tackling Javascript security, Ajax and HTML5. Attack methods are presented for the discussed vulnerabilities along with the associated mitigation techniques, all explained through a number of hands-on exercises providing live hacking fun for the participants. Introduction of different security testing methods is followed by demonstrating the effectiveness of various testing tools. Participants can understand the operation of these tools through a number of practical exercises by applying the tools to the already discussed vulnerable code. Participants attending this course will Understand basic concepts of security, IT security and secure coding Get known to the essential steps of Microsoft Secure Development Lifecycle Learn secure design and development practices Learn about secure implementation principles Learn client-side vulnerabilities and secure coding practices Understand security testing methodology Get sources and further readings on secure coding practices Audience Developers, Managers |
| ehcm | Ethical Hacking and Countermeasures | 35 godz. | Description: This class will immerse the students into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Students will begin by understanding how perimeter defences work and then be lead into scanning and attacking their own networks, no real network is harmed. Students then learn how Intruders escalate privileges and what steps can be taken to secure a system. Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation. Target Audience: This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure. |
Upcoming Courses
| Szkolenie | Data Kursu | Cena szkolenia [Zdalne / Stacjonarne] |
|---|---|---|
| CAS: Setting up an single-sign-on authentication server - Zakopane, ul. Jagiellońska 30 | wt., 2018-07-03 09:00 | 1000PLN / 1500PLN |
| NetNORAD - Rzeszów, Plac Wolności 13 | wt., 2018-07-03 09:00 | 1000PLN / 1500PLN |
| Public Key Infrastructure - Katowice ul. Opolska 22 | wt., 2018-07-03 09:00 | 2990PLN / 3990PLN |
| Shadowsocks: Set up a proxy server - Gdańsk, ul. Grodzka 19 | wt., 2018-07-03 09:00 | 1000PLN / 1500PLN |
| Network Security Administrator - Białystok, ul. Malmeda 1 | pon., 2018-07-16 09:00 | 4980PLN / 6480PLN |
Other regions
BiałystokBielsko-BiałaBydgoszczChorzówCzestochowadolnośląskieGdańskGdyniaGliwiceGorzów WielkopolskiKatowiceKielceKrakówkujawsko-pomorskielubelskieLublinlubuskiemazowieckiemałopolskieOlsztynOpoleopolskiepodkarpackiepodlaskiepomorskiePoznańRzeszówśląskieświętokrzyskieSzczecinTarnówToruńtrójmiastowarmińsko-mazurskieWarszawawielkopolskieWrocławZabrzezachodniopomorskieZakopaneZielona GóraŁódźłódzkie
Other countries
Konsultacje
Szkolenie Cyber Security, Cyber Security boot camp, Szkolenia Zdalne Cyber Security, szkolenie wieczorowe Cyber Security, szkolenie weekendowe Cyber Security, Kurs Cyber Security,Kursy Cyber Security, Trener Cyber Security, instruktor Cyber Security, kurs zdalny Cyber Security, edukacja zdalna Cyber Security, nauczanie wirtualne Cyber Security, lekcje UML, nauka przez internet Cyber Security, e-learning Cyber Security, kurs online Cyber Security, wykładowca Cyber Security