Filter background

Choose your method of learning

e-Learning

Online

Instructor-led

On-site or online
Audience
Any
Subject
Any
Platform
Any
Special topics
Any
Including keywords

Result: 40 courses

Audience

Python developers working on machine learning systems

Group size

12 participants

Labs

Hands-on

Description

Your machine learning application works as intended, so you are done, right? But did you consider somebody poisoning your model by training it with intentionally malicious samples? Or sending specially-crafted input – indistinguishable from normal input – to your model that will get completely misclassified? Feeding in too large samples – for example, an image of 16Gbs to crash the application? Because that’s what the bad guys will do. And the list is far from complete.

As a machine learning practitioner, you need to be paranoid just as any developer out there. Interest in attacking machine learning solutions is gaining momentum, and therefore protecting against adversarial machine learning is essential. This needs not only awareness, but also specific skills to protect your ML applications. The course helps you gain these skills by introducing cutting edge attacks and protection techniques from the ML domain.

Machine learning is software after all. That’s why in this course we also teach common secure coding skills and discuss security pitfalls of the Python programming language. Both adversarial machine learning and core secure coding topics come with lots of hands on labs and stories from real life, all to provide a strong emotional engagement to security and to substantially improve code hygiene.

So that you are prepared for the forces of the dark side.

So that nothing unexpected happens.

Nothing.

Outline

  • Cyber security basics
  • Machine learning security
  • Input validation
  • Security features
  • Time and state
  • Errors
  • Using vulnerable components
  • Cryptography for developers
  • Wrap up

What you will learn

  • Getting familiar with essential cyber security concepts
  • Learning about various aspects of machine learning security
  • Attacks and defense techniques in adversarial machine learning
  • Input validation approaches and principles
  • Identify vulnerabilities and their consequences
  • Learn the security best practices in Python
  • Correctly implementing various security features
  • Managing vulnerabilities in third party components
  • Understanding how cryptography supports security
  • Learning how to use cryptographic APIs correctly in Python

Audience

Developers working on networked applications

Group size

12 participants

Labs

Hands-on

Description

In our connected world, networked applications are more exposed to cyberattacks than ever – therefore, securing the communication between the system’s components is extremely important.

This course focuses on the “whys” and “hows” of secure communication. It provides foundational knowledge about essential cryptographic algorithms and their usage (hashing, encryption, digital signatures, PKI), and puts them into practice in a TCP/IP environment through practical exercises. Starting from the use of secure sockets and TLS certificate management, you’ll see a systematic overview of network attacks on each layer of the OSI model from data link to application. This includes classic attacks against IPv4 and IPv6 networks like ARP and NDP spoofing, DHCP starvation and SYN floods as well as more modern application-layer attacks such as DNS cache poisoning and Slowloris.

Of course the course also covers appropriate best practices and recommendations to prevent these attacks, from secure switch configuration to secure operating system settings and the proper use of secure protocols on each layer.

Because even if you don’t know about these attacks, the hackers certainly will!

Outline

  • Cyber security basics
  • Cryptography for developers
  • Network security
  • Denial of service
  • Security by design
  • Wrap up

What you will learn

  • Getting familiar with essential cyber security concepts
  • Understanding how cryptography supports security
  • Understanding the most common attacks from OSI Layer 2 to Layer 7
  • Using network traffic manipulation tools

Audience

Managers and developers working on Web applications in banking and finance

Group size

12 participants

Labs

Hands-on

Description

The course aligns PCI DSS Requirements 4.0 with foundational concepts of secure coding, and thus natively serves the compliance with secure coding training requirement (6.2.2).

The comprehensive journey starts with laying down the basics of security, cybersecurity and secure coding, as well as PCI DSS itself. Participants then delve deep into secure configuration, cryptography and protection against malicious software, aligned to the Requirements.

Requirement 6 specifically focuses on development and maintenance of secure systems and software, and the corresponding chapter is therefore the broadest one. Topics include bug categorization, secure design and implementation principles. Approaches to input validation are followed up by some specific issues, like integer handling, injection or XSS. We also discuss common software security weaknesses, like error handling or code quality, as well as security of some commonly used data structures like XML or JSON.

The curriculum continues with a thorough examination of authentication, authorization and accountability challenges, and concludes with security testing methodology and specific testing techniques.

The course goes beyond theory, providing hands-on labs and real-world case studies from the financial sector. Participants emerge with a heightened understanding of secure coding best practices, ensuring the development of applications that safeguard sensitive payment card data and comply with the stringent requirements of PCI DSS 4.0 on a yearly basis.

Outline

  • Cyber security basics
  • PCI DSS 4.0 introduction
  • Requirement 1
  • Requirement 2
  • Requirement 3 and 4
  • Requirement 5
  • Requirement 6
  • Requirement 7
  • Requirement 8
  • Requirement 9
  • Requirement 10
  • Requirement 11
  • Requirement 12
  • Wrap up

What you will learn

  • Getting familiar with essential cyber security concepts
  • Having essential understanding of PCI DSS requirements
  • Understanding how cryptography supports security
  • Input validation approaches and principles
  • Access control design and implementation guidelines
  • Understanding security testing methodology and approaches
  • Getting familiar with security testing techniques and tools

Audience

Java developers working on Web applications

Group size

12 participants

Labs

Hands-on

Description

Your Web application written in Java works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.

Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.

The curriculum goes through the common Web application security issues following the OWASP Top Ten but goes far beyond it both in coverage and the details.All this is put in the context of Java, and extended by core programming issues, discussing security pitfalls of the Java language and the runtime environment.

So that you are prepared for the forces of the dark side.

So that nothing unexpected happens.

Nothing.

Outline

  • Cyber security basics
  • The OWASP Top Ten 2021
  • Wrap up

What you will learn

  • Getting familiar with essential cyber security concepts
  • Understanding how cryptography supports security
  • Learning how to use cryptographic APIs correctly in Java
  • Understanding Web application security issues
  • Detailed analysis of the OWASP Top Ten elements
  • Putting Web application security in the context of Java
  • Going beyond the low hanging fruits
  • Managing vulnerabilities in third party components

Audience

Java developers working on Web applications

Labs

Online VM

Description

The course provides a comprehensive exploration of secure coding principles and practices tailored specifically for Java developers. Starting off from the foundations of cybersecurity, you will understand the consequences of insecure code by examining threats through the lens of the CIA triad.

In the main part of the material, you will systematically walk through the various vulnerabilities outlined in the OWASP Top Ten. As you progress through the modules investigating the intricacies of authentication and authorization, through realizing the practical aspects of cryptography, to tackling injection attacks, you will gain a deep understanding of both theoretical concepts and practical skills for securing Java web applications. Further subjects are aligned to some common software security weakness types, such as error handling, code quality or denial of service.

These modules go beyond just the theory. Not only do they identify vulnerabilities, show their consequences, and detail the best practices, but – through hands-on labs and real-world case studies – they offer practical experience in identifying, exploiting, and mitigating these security risks within Java-based web applications.

So that you are prepared for the forces of the dark side.

So that nothing unexpected happens in your code.

Nothing.

Outline

  • Cyber security basics
  • The OWASP Top Ten
  • A01 - Broken Access Control
  • A02 - Cryptographic Failures
  • Cryptography
  • A03 - Injection
  • A04 - Insecure Design
  • A05 - Security Misconfiguration
  • A06 - Vulnerable and Outdated Components
  • A07 - Identification and Authentication Failures
  • A08 - Software and Data Integrity Failures
  • A09 - Security Logging and Monitoring Failures
  • A10 - Server-Side Request Forgery
  • Wrap up

What you will learn

  • Getting familiar with essential cyber security concepts
  • Identify Web application vulnerabilities and their consequences
  • Learn the security best practices in C#
  • Input validation approaches and principles
  • Understanding Web application security issues
  • Detailed analysis of the OWASP Top Ten elements
  • Putting Web application security in the context of Java
  • Going beyond the low hanging fruits

Audience

Java developers working on Web applications

Group size

12 participants

Labs

Hands-on

Description

Your Web application written in Java works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.

Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.

The curriculum goes through the common Web application security issues following the OWASP Top Ten but goes far beyond it both in coverage and the details.All this is put in the context of Java, and extended by core programming issues, discussing security pitfalls of the Java language and the runtime environment.

So that you are prepared for the forces of the dark side.

So that nothing unexpected happens.

Nothing.

Outline

  • Cyber security basics
  • The OWASP Top Ten 2021
  • Wrap up

What you will learn

  • Getting familiar with essential cyber security concepts
  • Understanding how cryptography supports security
  • Learning how to use cryptographic APIs correctly in Java
  • Understanding Web application security issues
  • Detailed analysis of the OWASP Top Ten elements
  • Putting Web application security in the context of Java
  • Going beyond the low hanging fruits
  • Input validation approaches and principles
  • Managing vulnerabilities in third party components

Audience

Java developers working on Web applications

Group size

12 participants

Labs

Hands-on

Description

Your Web application written in Java works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.

Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.

The curriculum goes through the common Web application security issues following the OWASP Top Ten but goes far beyond it both in coverage and the details.All this is put in the context of Java, and extended by core programming issues, discussing security pitfalls of the Java language and the runtime environment.

So that you are prepared for the forces of the dark side.

So that nothing unexpected happens.

Nothing.

Outline

  • Cyber security basics
  • The OWASP Top Ten 2021
  • Security testing
  • Wrap up

What you will learn

  • Getting familiar with essential cyber security concepts
  • Understanding how cryptography supports security
  • Learning how to use cryptographic APIs correctly in Java
  • Understanding Web application security issues
  • Detailed analysis of the OWASP Top Ten elements
  • Putting Web application security in the context of Java
  • Going beyond the low hanging fruits
  • Input validation approaches and principles
  • Managing vulnerabilities in third party components
  • Getting familiar with security testing techniques and tools

Audience

Python developers working on Web applications

Group size

12 participants

Labs

Hands-on

Description

Your Web application written in Python works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.

Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.

The curriculum goes through the common Web application security issues following the OWASP Top Ten but goes far beyond it both in coverage and the details.All this is put in the context of Python, and extended by core programming issues, discussing security pitfalls of the programming language.

So that you are prepared for the forces of the dark side.

So that nothing unexpected happens.

Nothing.

Outline

  • Cyber security basics
  • The OWASP Top Ten 2021
  • Wrap up

What you will learn

  • Getting familiar with essential cyber security concepts
  • Understanding how cryptography supports security
  • Learning how to use cryptographic APIs correctly in Python
  • Understanding Web application security issues
  • Detailed analysis of the OWASP Top Ten elements
  • Putting Web application security in the context of Python
  • Going beyond the low hanging fruits
  • Managing vulnerabilities in third party components

Audience

Python developers working on Web applications

Labs

Online VM

Description

The course provides a comprehensive exploration of secure coding principles and practices tailored specifically for Python developers. Starting off from the foundations of cybersecurity, you will understand the consequences of insecure code by examining threats through the lens of the CIA triad.

In the main part of the material, you will systematically walk through the various vulnerabilities outlined in the OWASP Top Ten. As you progress through the modules investigating the intricacies of authentication and authorization, through realizing the practical aspects of cryptography, to tackling injection attacks, you will gain a deep understanding of both theoretical concepts and practical skills for securing Python web applications. Further subjects include error handling, code quality or denial of service, as well as XML and JSON security, and security considerations of the Python platform.

These modules go beyond just the theory. Not only do they identify vulnerabilities, show their consequences, and detail the best practices, but – through hands-on labs and real-world case studies – they offer practical experience in identifying, exploiting, and mitigating these security risks within Python-based web applications.

So that you are prepared for the forces of the dark side.

So that nothing unexpected happens in your code.

Nothing.

Outline

  • Cyber security basics
  • The OWASP Top Ten
  • A01 - Broken Access Control
  • A02 - Cryptographic Failures
  • Cryptography
  • A03 - Injection
  • A04 - Insecure Design
  • A05 - Security Misconfiguration
  • A06 - Vulnerable and Outdated Components
  • A07 - Identification and Authentication Failures
  • A08 - Software and Data Integrity Failures
  • A09 - Security Logging and Monitoring Failures
  • A10 - Server-Side Request Forgery
  • Wrap up

What you will learn

  • Getting familiar with essential cyber security concepts
  • Identify Web application vulnerabilities and their consequences
  • Learn the security best practices in C#
  • Input validation approaches and principles
  • Understanding Web application security issues
  • Detailed analysis of the OWASP Top Ten elements
  • Putting Web application security in the context of Python
  • Going beyond the low hanging fruits

Audience

Python developers working on Web applications

Group size

12 participants

Labs

Hands-on

Description

Your Web application written in Python works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.

Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.

The curriculum goes through the common Web application security issues following the OWASP Top Ten but goes far beyond it both in coverage and the details.All this is put in the context of Python, and extended by core programming issues, discussing security pitfalls of the programming language.

So that you are prepared for the forces of the dark side.

So that nothing unexpected happens.

Nothing.

Outline

  • Cyber security basics
  • The OWASP Top Ten 2021
  • Wrap up

What you will learn

  • Getting familiar with essential cyber security concepts
  • Understanding how cryptography supports security
  • Learning how to use cryptographic APIs correctly in Python
  • Understanding Web application security issues
  • Detailed analysis of the OWASP Top Ten elements
  • Putting Web application security in the context of Python
  • Going beyond the low hanging fruits
  • Input validation approaches and principles
  • Managing vulnerabilities in third party components

Audience

Python developers working on Web applications

Group size

12 participants

Labs

Hands-on

Description

Your Web application written in Python works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.

Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.

The curriculum goes through the common Web application security issues following the OWASP Top Ten but goes far beyond it both in coverage and the details.All this is put in the context of Python, and extended by core programming issues, discussing security pitfalls of the programming language.

So that you are prepared for the forces of the dark side.

So that nothing unexpected happens.

Nothing.

Outline

  • Cyber security basics
  • The OWASP Top Ten 2021
  • Security testing
  • Wrap up

What you will learn

  • Getting familiar with essential cyber security concepts
  • Understanding how cryptography supports security
  • Learning how to use cryptographic APIs correctly in Python
  • Understanding Web application security issues
  • Detailed analysis of the OWASP Top Ten elements
  • Putting Web application security in the context of Python
  • Going beyond the low hanging fruits
  • Input validation approaches and principles
  • Managing vulnerabilities in third party components
  • Getting familiar with security testing techniques and tools

Audience

C# developers working on Web applications

Group size

12 participants

Labs

Hands-on

Description

Your Web application written in C# works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.

Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.

The curriculum goes through the common Web application security issues following the OWASP Top Ten but goes far beyond it both in coverage and the details.All this is put in the context of C#, and extended by core programming issues, discussing security pitfalls of the C# language and the ASP.NET framework.

So that you are prepared for the forces of the dark side.

So that nothing unexpected happens.

Nothing.

Outline

  • Cyber security basics
  • The OWASP Top Ten 2021
  • Wrap up

What you will learn

  • Getting familiar with essential cyber security concepts
  • Understanding how cryptography supports security
  • Learning how to use cryptographic APIs correctly in C#
  • Understanding Web application security issues
  • Detailed analysis of the OWASP Top Ten elements
  • Putting Web application security in the context of C#
  • Going beyond the low hanging fruits
  • Managing vulnerabilities in third party components

Audience

C# developers working on Web applications

Group size

12 participants

Labs

Hands-on

Description

Your Web application written in C# works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.

Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.

The curriculum goes through the common Web application security issues following the OWASP Top Ten but goes far beyond it both in coverage and the details.All this is put in the context of C#, and extended by core programming issues, discussing security pitfalls of the C# language and the ASP.NET framework.

So that you are prepared for the forces of the dark side.

So that nothing unexpected happens.

Nothing.

Outline

  • Cyber security basics
  • The OWASP Top Ten 2021
  • Wrap up

What you will learn

  • Getting familiar with essential cyber security concepts
  • Understanding how cryptography supports security
  • Learning how to use cryptographic APIs correctly in C#
  • Understanding Web application security issues
  • Detailed analysis of the OWASP Top Ten elements
  • Putting Web application security in the context of C#
  • Going beyond the low hanging fruits
  • Input validation approaches and principles
  • Managing vulnerabilities in third party components

Audience

C# developers working on Web applications

Group size

12 participants

Labs

Hands-on

Description

Your Web application written in C# works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.

Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.

The curriculum goes through the common Web application security issues following the OWASP Top Ten but goes far beyond it both in coverage and the details.All this is put in the context of C#, and extended by core programming issues, discussing security pitfalls of the C# language and the ASP.NET framework.

So that you are prepared for the forces of the dark side.

So that nothing unexpected happens.

Nothing.

Outline

  • Cyber security basics
  • The OWASP Top Ten 2021
  • Security testing
  • Wrap up

What you will learn

  • Getting familiar with essential cyber security concepts
  • Understanding how cryptography supports security
  • Learning how to use cryptographic APIs correctly in C#
  • Understanding Web application security issues
  • Detailed analysis of the OWASP Top Ten elements
  • Putting Web application security in the context of C#
  • Going beyond the low hanging fruits
  • Input validation approaches and principles
  • Managing vulnerabilities in third party components
  • Getting familiar with security testing techniques and tools

Audience

C/C++ developers

Labs

Online VM

Description

The ARM variant of the comprehensive C and C++ e-learning course provides a structured approach to understanding and addressing various aspects of secure coding in C and C++. After a primer on ARM assembly and memory operations, the curriculum addresses critical security issues related to memory management. The effects of various toolchain-level protection techniques you can apply to defend against such vulnerabilities (such as SSP, ASLR and NX) are also explained.

The secure coding modules are aligned to common software security weaknesses in all major categories: input validation, improper use of security features, code quality, error handling, time and state, and denial of service. The course also provides practical skills related to cryptography that every developer should understand (such as hashing, encryption, digital signatures, PKI), showing how to use these in OpenSSL. Finally, we give an overview of security testing tools and how to use them to find vulnerabilities in your code.

Through hands-on labs and real-world case studies, you will explore best practices to get the appropriate skills and master the secure coding mindset.

So that you are prepared for the forces of the dark side.

So that nothing unexpected happens in your code.

Nothing.

Outline

  • Cyber security basics
  • Assembly basics and calling conventions
  • Memory management vulnerabilities
  • Memory management hardening
  • Improper use of security features
  • Code quality
  • Input validation
  • Wrap up

What you will learn

  • Getting familiar with essential cyber security concepts
  • Identify vulnerabilities and their consequences
  • Learn the security best practices in C and C++
  • Input validation approaches and principles

Audience

C/C++ developers

Labs

Online VM

Description

The x64 variant of the comprehensive C and C++ e-learning course provides a structured approach to understanding and addressing various aspects of secure coding in C and C++. After a primer on x64 assembly and memory operations, the curriculum addresses critical security issues related to memory management. The effects of various toolchain-level protection techniques you can apply to defend against such vulnerabilities (such as SSP, ASLR and NX) are also explained.

The secure coding modules are aligned to common software security weaknesses in all major categories: input validation, improper use of security features, code quality, error handling, time and state, and denial of service. The course also provides practical skills related to cryptography that every developer should understand (such as hashing, encryption, digital signatures, PKI), showing how to use these in OpenSSL. Finally, we give an overview of security testing tools and how to use them to find vulnerabilities in your code.

Through hands-on labs and real-world case studies, you will explore best practices to get the appropriate skills and master the secure coding mindset.

So that you are prepared for the forces of the dark side.

So that nothing unexpected happens in your code.

Nothing.

Outline

  • Cyber security basics
  • Assembly basics and calling conventions
  • Memory management vulnerabilities
  • Memory management hardening
  • Improper use of security features
  • Code quality
  • Input validation
  • Wrap up

What you will learn

  • Getting familiar with essential cyber security concepts
  • Identify vulnerabilities and their consequences
  • Learn the security best practices in C and C++
  • Input validation approaches and principles

Audience

C/C++ developers

Group size

12 participants

Labs

Hands-on

Description

Your application written in C and C++ works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.

Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.

All this is put in the context of C and C++, and extended by core programming issues, discussing security pitfalls of these languages.

So that you are prepared for the forces of the dark side.

So that nothing unexpected happens.

Nothing.

Outline

  • Cyber security basics
  • Memory management vulnerabilities
  • Memory management hardening
  • Common software security weaknesses
  • Wrap up

What you will learn

  • Getting familiar with essential cyber security concepts
  • Correctly implementing various security features
  • Identify vulnerabilities and their consequences
  • Learn the security best practices in C and C++
  • Input validation approaches and principles

Audience

C/C++ developers

Group size

12 participants

Labs

Hands-on

Description

Your application written in C and C++ is tested functionally, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.

Testing for security needs a remarkable software security expertise and a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life.

A special focus is given to finding all discussed issues during testing, and an overview is provided on security testing methodology, techniques and tools.

So that you are prepared for the forces of the dark side.

So that nothing unexpected happens.

Nothing.

Outline

  • Cyber security basics
  • Memory management vulnerabilities
  • Memory management hardening
  • Common software security weaknesses
  • Cryptography for developers
  • Security testing
  • Wrap up

What you will learn

  • Getting familiar with essential cyber security concepts
  • Identify vulnerabilities and their consequences
  • Learn the security best practices in C and C++
  • Understanding how cryptography supports security
  • Learning how to use cryptographic APIs correctly in C and C++
  • Input validation approaches and principles
  • Understanding security testing methodology and approaches
  • Getting familiar with security testing techniques and tools

Audience

C/C++ developers

Group size

12 participants

Labs

Hands-on

Description

Your application written in C and C++ works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.

To date vehicles become highly connected – not only between the internal components, but also to the outside worlds. Todays cars are already running millions of lines of source code, and this introduces a new set of risks to the industry that is historically concerned about safety. Even though some of the attacks are still theoretical, many of the standards already started introducing security considerations.

Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.

So that you are prepared for the forces of the dark side.

So that nothing unexpected happens.

Nothing.

Outline

  • Cyber security basics
  • Memory management vulnerabilities
  • Memory management hardening
  • Common software security weaknesses
  • Wrap up

What you will learn

  • Getting familiar with essential cyber security concepts
  • Learning about security specialties of the automotive sector
  • Correctly implementing various security features
  • Identify vulnerabilities and their consequences
  • Learn the security best practices in C and C++
  • Input validation approaches and principles

Audience

C/C++ developers developing medical devices

Group size

12 participants

Labs

Hands-on

Description

Your application written in C and C++ works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.

The most important concern in the healthcare industry is naturally safety. However, once isolated medical devices became highly connected to date, which poses new kinds of security risks: from exposing sensitive patient information to denial of service. And remember, there is no safety without security!

Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.

All this is put in the context of medical devices developed in C and C++, and extended by core programming issues, discussing security pitfalls of these languages.

So that you are prepared for the forces of the dark side.

So that nothing unexpected happens.

Nothing.

Outline

  • Cyber security basics
  • Memory management vulnerabilities
  • Memory management hardening
  • Common software security weaknesses
  • Wrap up

What you will learn

  • Getting familiar with essential cyber security concepts
  • Learning about security specialties of the healthcare sector
  • Correctly implementing various security features
  • Identify vulnerabilities and their consequences
  • Learn the security best practices in C and C++
  • Input validation approaches and principles

Audience

C/C++ developers

Group size

12 participants

Labs

Hands-on

Description

Your application written in C and C++ works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.

Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.

All this is put in the context of C and C++, and extended by core programming issues, discussing security pitfalls of these languages.

So that you are prepared for the forces of the dark side.

So that nothing unexpected happens.

Nothing.

Outline

  • Cyber security basics
  • Memory management vulnerabilities
  • Memory management hardening
  • Common software security weaknesses
  • Wrap up

What you will learn

  • Getting familiar with essential cyber security concepts
  • Correctly implementing various security features
  • Identify vulnerabilities and their consequences
  • Learn the security best practices in C and C++
  • Input validation approaches and principles

Audience

C/C++ developers

Group size

12 participants

Labs

Hands-on

Description

Your application written in C and C++ is tested functionally, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.

Testing for security needs a remarkable software security expertise and a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life.

A special focus is given to finding all discussed issues during testing, and an overview is provided on security testing methodology, techniques and tools.

So that you are prepared for the forces of the dark side.

So that nothing unexpected happens.

Nothing.

Outline

  • Cyber security basics
  • Memory management vulnerabilities
  • Memory management hardening
  • Common software security weaknesses
  • Cryptography for developers
  • Security testing
  • Wrap up

What you will learn

  • Getting familiar with essential cyber security concepts
  • Identify vulnerabilities and their consequences
  • Learn the security best practices in C and C++
  • Understanding how cryptography supports security
  • Learning how to use cryptographic APIs correctly in C and C++
  • Input validation approaches and principles
  • Understanding security testing methodology and approaches
  • Getting familiar with security testing techniques and tools

Audience

C/C++ developers

Group size

12 participants

Labs

Hands-on

Description

Embark on a comprehensive exploration of cybersecurity and secure coding practices in this intensive three-day course. It is primarily focusing on C++, but also integrates some C concepts. Based on a primer on machine code, assembly, and memory overlay (Intel and ARM versions available), the curriculum addresses critical security issues related to memory management. Various protection techniques on the level of source code, compiler, OS or hardware are discussed – such as stack smashing protection, ASLR or the non-execution bit – to understand how they work and make clear what we can and what we can’t expect from them.

The various secure coding subjects are aligned to common software security weakness categories, such as security features, error handling or code quality. Many of the weaknesses are, however, linked to missing or improper input validation. In this category you’ll learn about injection, the surprising world of integer overflows, and about handling file names correctly to avoid path traversal.

Through hands-on labs and real-world case studies, you will navigate the details of secure coding practices to get essential approaches and skills in cybersecurity.

So that you are prepared for the forces of the dark side.

So that nothing unexpected happens.

Nothing.

Outline

  • Cyber security basics
  • Memory management vulnerabilities
  • Memory management hardening
  • Common software security weaknesses
  • Wrap up

What you will learn

  • Getting familiar with essential cyber security concepts
  • Correctly implementing various security features
  • Identify vulnerabilities and their consequences
  • Learn the security best practices in C and C++
  • Input validation approaches and principles

Audience

Node developers working on Web applications

Group size

12 participants

Labs

Hands-on

Description

Your Web application written in JS/TS works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.

Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.

The curriculum goes through the common Web application security issues following the OWASP Top Ten but goes far beyond it both in coverage and the details.All this is put in the context of Node, and extended by core programming issues, discussing security pitfalls of the JS and TS language.

So that you are prepared for the forces of the dark side.

So that nothing unexpected happens.

Nothing.

Outline

  • Cyber security basics
  • The OWASP Top Ten 2021
  • Wrap up

What you will learn

  • Getting familiar with essential cyber security concepts
  • Understanding how cryptography supports security
  • Learning how to use cryptographic APIs correctly in JS/TS
  • Understanding Web application security issues
  • Detailed analysis of the OWASP Top Ten elements
  • Putting Web application security in the context of JS/TS
  • Going beyond the low hanging fruits
  • Managing vulnerabilities in third party components

Audience

Web developers

Group size

12 participants

Labs

Hands-on

Description

Your application written in any programming language works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.

Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.

The curriculum goes through the common Web application security issues following the OWASP Top Ten but goes far beyond it both in coverage and the details.All this is put in the context of Java, and extended by core programming issues, discussing security pitfalls of the Java language.

So that you are prepared for the forces of the dark side.

So that nothing unexpected happens.

Nothing.

Outline

  • Cyber security basics
  • The OWASP Top Ten 2021
  • Wrap up

What you will learn

  • Getting familiar with essential cyber security concepts
  • Understanding how cryptography supports security
  • Understanding Web application security issues
  • Detailed analysis of the OWASP Top Ten elements
  • Putting Web application security in the context of any programming language
  • Going beyond the low hanging fruits
  • Managing vulnerabilities in third party components

Audience

Web developers

Group size

12 participants

Labs

Hands-on

Description

Your application written in any programming language works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.

Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.

The curriculum goes through the common Web application security issues following the OWASP Top Ten but goes far beyond it both in coverage and the details.All this is put in the context of Java, and extended by core programming issues, discussing security pitfalls of the Java language.

So that you are prepared for the forces of the dark side.

So that nothing unexpected happens.

Nothing.

Outline

  • Cyber security basics
  • The OWASP Top Ten 2021
  • Wrap up

What you will learn

  • Getting familiar with essential cyber security concepts
  • Understanding how cryptography supports security
  • Understanding Web application security issues
  • Detailed analysis of the OWASP Top Ten elements
  • Putting Web application security in the context of any programming language
  • Going beyond the low hanging fruits
  • Input validation approaches and principles
  • Managing vulnerabilities in third party components

Audience

Web developers

Group size

12 participants

Labs

Hands-on

Description

Your application written in any programming language works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.

Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.

The curriculum goes through the common Web application security issues following the OWASP Top Ten but goes far beyond it both in coverage and the details.All this is put in the context of Java, and extended by core programming issues, discussing security pitfalls of the Java language.

So that you are prepared for the forces of the dark side.

So that nothing unexpected happens.

Nothing.

Outline

  • Cyber security basics
  • The OWASP Top Ten 2021
  • Security testing
  • Wrap up

What you will learn

  • Getting familiar with essential cyber security concepts
  • Understanding how cryptography supports security
  • Understanding Web application security issues
  • Detailed analysis of the OWASP Top Ten elements
  • Putting Web application security in the context of any programming language
  • Going beyond the low hanging fruits
  • Input validation approaches and principles
  • Managing vulnerabilities in third party components
  • Getting familiar with security testing techniques and tools

Audience

Java developers working on desktop applications

Group size

12 participants

Labs

Hands-on

Description

Your application written in Java works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.

Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.

All this is put in the context of Java, and extended by core programming issues, discussing security pitfalls of the Java language and the runtime environment.

So that you are prepared for the forces of the dark side.

So that nothing unexpected happens.

Nothing.

Outline

  • Cyber security basics
  • Input validation
  • Security features
  • Time and state
  • Errors
  • Cryptography for developers
  • Common software security weaknesses
  • Wrap up

What you will learn

  • Getting familiar with essential cyber security concepts
  • Input validation approaches and principles
  • Identify vulnerabilities and their consequences
  • Learn the security best practices in Java
  • Correctly implementing various security features
  • Understanding how cryptography supports security
  • Learning how to use cryptographic APIs correctly in Java

Audience

Python developers working on desktop applications

Group size

12 participants

Labs

Hands-on

Description

Your application written in Python works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.

Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.

All this is put in the context of Python, and extended by core programming issues, discussing security pitfalls of the programming language.

So that you are prepared for the forces of the dark side.

So that nothing unexpected happens.

Nothing.

Outline

  • Cyber security basics
  • Input validation
  • Security features
  • Using vulnerable components
  • Cryptography for developers
  • Common software security weaknesses
  • Wrap up

What you will learn

  • Getting familiar with essential cyber security concepts
  • Input validation approaches and principles
  • Identify vulnerabilities and their consequences
  • Learn the security best practices in Python
  • Correctly implementing various security features
  • Managing vulnerabilities in third party components
  • Understanding how cryptography supports security
  • Learning how to use cryptographic APIs correctly in Python

Audience

C# developers working on desktop applications

Group size

12 participants

Labs

Hands-on

Description

Your application written in C# works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.

Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.

All this is put in the context of C#, and extended by core programming issues, discussing security pitfalls of the C# language and the .NET framework.

So that you are prepared for the forces of the dark side.

So that nothing unexpected happens.

Nothing.

Outline

  • Cyber security basics
  • Input validation
  • Security features
  • Errors
  • Denial of service
  • Cryptography for developers
  • Common software security weaknesses
  • Wrap up

What you will learn

  • Getting familiar with essential cyber security concepts
  • Input validation approaches and principles
  • Identify vulnerabilities and their consequences
  • Learn the security best practices in C#
  • Correctly implementing various security features
  • Understanding how cryptography supports security
  • Learning how to use cryptographic APIs correctly in C#

Audience

Java developers and testers working on Web applications

Group size

12 participants

Labs

Hands-on

Description

Your Web application written in Java is tested functionally, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.

Testing for security needs a remarkable software security expertise and a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life.

The curriculum goes through the common Web application security issues following the OWASP Top Ten but goes far beyond it both in coverage and the details.A special focus is given to finding all discussed issues during testing, and an overview is provided on security testing methodology, techniques and tools.

So that you are prepared for the forces of the dark side.

So that nothing unexpected happens.

Nothing.

Outline

  • Cyber security basics
  • The OWASP Top Ten 2021
  • Security testing
  • Wrap up

What you will learn

  • Getting familiar with essential cyber security concepts
  • Understanding Web application security issues
  • Detailed analysis of the OWASP Top Ten elements
  • Putting Web application security in the context of Java
  • Going beyond the low hanging fruits
  • Input validation approaches and principles
  • Understanding security testing methodology and approaches
  • Getting familiar with security testing techniques and tools

Audience

Python developers and testers working on Web applications

Group size

12 participants

Labs

Hands-on

Description

Your Web application written in Python is tested functionally, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.

Testing for security needs a remarkable software security expertise and a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life.

The curriculum goes through the common Web application security issues following the OWASP Top Ten but goes far beyond it both in coverage and the details.A special focus is given to finding all discussed issues during testing, and an overview is provided on security testing methodology, techniques and tools.

So that you are prepared for the forces of the dark side.

So that nothing unexpected happens.

Nothing.

Outline

  • Cyber security basics
  • The OWASP Top Ten 2021
  • Security testing
  • Wrap up

What you will learn

  • Getting familiar with essential cyber security concepts
  • Understanding Web application security issues
  • Detailed analysis of the OWASP Top Ten elements
  • Putting Web application security in the context of Python
  • Going beyond the low hanging fruits
  • Input validation approaches and principles
  • Understanding security testing methodology and approaches
  • Managing vulnerabilities in third party components
  • Getting familiar with security testing techniques and tools

Audience

C# developers and testers working on Web applications

Group size

12 participants

Labs

Hands-on

Description

Your Web application written in C# is tested functionally, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.

Testing for security needs a remarkable software security expertise and a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life.

The curriculum goes through the common Web application security issues following the OWASP Top Ten but goes far beyond it both in coverage and the details.A special focus is given to finding all discussed issues during testing, and an overview is provided on security testing methodology, techniques and tools.

So that you are prepared for the forces of the dark side.

So that nothing unexpected happens.

Nothing.

Outline

  • Cyber security basics
  • The OWASP Top Ten 2021
  • Security testing
  • Wrap up

What you will learn

  • Getting familiar with essential cyber security concepts
  • Understanding Web application security issues
  • Detailed analysis of the OWASP Top Ten elements
  • Putting Web application security in the context of C#
  • Going beyond the low hanging fruits
  • Input validation approaches and principles
  • Understanding security testing methodology and approaches
  • Getting familiar with security testing techniques and tools

Audience

C/C++ developers and testers

Group size

12 participants

Labs

Hands-on

Description

Your application written in C and C++ is tested functionally, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.

Testing for security needs a remarkable software security expertise and a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life.

A special focus is given to finding all discussed issues during testing, and an overview is provided on security testing methodology, techniques and tools.

So that you are prepared for the forces of the dark side.

So that nothing unexpected happens.

Nothing.

Outline

  • Cyber security basics
  • Memory management vulnerabilities
  • Memory management hardening
  • Security testing
  • Common software security weaknesses
  • Wrap up

What you will learn

  • Getting familiar with essential cyber security concepts
  • Understanding security testing methodology and approaches
  • Correctly implementing various security features
  • Identify vulnerabilities and their consequences
  • Learn the security best practices in C and C++
  • Input validation approaches and principles
  • Getting familiar with security testing techniques and tools

Audience

Java developers working on Web applications and AWS

Group size

12 participants

Labs

Hands-on

Description

Your cloud application written in Java works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.

The cloud has become a critical aspect of online services. No matter which model you’re using (SaaS, PaaS, IaaS), part of your service is now operated by someone else. This may look like a net positive, but it also greatly expands the attack surface and brings in several new risks that may not be obvious. Have you configured all security settings correctly? Are you prepared for supply chain attacks? How can you protect the confidentiality of user data in the cloud? And most importantly: can the bad guys use your exposure to their advantage?

Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.

The curriculum goes through the common Web application security issues following the OWASP Top Ten but goes far beyond it both in coverage and the details.All this is put in the context of Java, and extended by core programming issues, discussing security pitfalls of the Java language and the AWS cloud platform.

So that you are prepared for the forces of the dark side.

So that nothing unexpected happens.

Nothing.

Outline

  • Cyber security basics
  • The OWASP Top Ten 2021
  • Cloud security
  • Input validation
  • Wrap up

What you will learn

  • Understand cloud security specialties
  • Getting familiar with essential cyber security concepts
  • Understanding how cryptography supports security
  • Learning how to use cryptographic APIs correctly in Java
  • Understanding Web application security issues
  • Detailed analysis of the OWASP Top Ten elements
  • Putting Web application security in the context of Java
  • Going beyond the low hanging fruits
  • Managing vulnerabilities in third party components
  • Learn to deal with cloud infrastructure security
  • Input validation approaches and principles
  • Identify vulnerabilities and their consequences
  • Learn the security best practices in Java

Audience

Python developers working on Web applications and AWS

Group size

12 participants

Labs

Hands-on

Description

Your cloud application written in Python works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.

The cloud has become a critical aspect of online services. No matter which model you’re using (SaaS, PaaS, IaaS), part of your service is now operated by someone else. This may look like a net positive, but it also greatly expands the attack surface and brings in several new risks that may not be obvious. Have you configured all security settings correctly? Are you prepared for supply chain attacks? How can you protect the confidentiality of user data in the cloud? And most importantly: can the bad guys use your exposure to their advantage?

Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.

The curriculum goes through the common Web application security issues following the OWASP Top Ten but goes far beyond it both in coverage and the details.All this is put in the context of Python, and extended by core programming issues, discussing security pitfalls of the programming language and the AWS cloud platform.

So that you are prepared for the forces of the dark side.

So that nothing unexpected happens.

Nothing.

Outline

  • Cyber security basics
  • The OWASP Top Ten 2021
  • Cloud security
  • Input validation
  • Wrap up

What you will learn

  • Understand cloud security specialties
  • Getting familiar with essential cyber security concepts
  • Understanding how cryptography supports security
  • Learning how to use cryptographic APIs correctly in Python
  • Understanding Web application security issues
  • Detailed analysis of the OWASP Top Ten elements
  • Putting Web application security in the context of Python
  • Going beyond the low hanging fruits
  • Managing vulnerabilities in third party components
  • Learn to deal with cloud infrastructure security
  • Input validation approaches and principles
  • Identify vulnerabilities and their consequences
  • Learn the security best practices in Python

Audience

Java and C# developers working on Web applications

Group size

12 participants

Labs

Hands-on

Description

Your application written in Java and C# works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.

Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.

The curriculum goes through the common Web application security issues following the OWASP Top Ten but goes far beyond it both in coverage and the details.All this is put in the context of the discussed programming languages, and extended by core programming issues, discussing security pitfalls of the used frameworks.

So that you are prepared for the forces of the dark side.

So that nothing unexpected happens.

Nothing.

Outline

  • Cyber security basics
  • The OWASP Top Ten 2021
  • Wrap up

What you will learn

  • Getting familiar with essential cyber security concepts
  • Understanding how cryptography supports security
  • Learning how to use cryptographic APIs correctly in Java and C#
  • Understanding Web application security issues
  • Detailed analysis of the OWASP Top Ten elements
  • Putting Web application security in the context of Java and C#
  • Going beyond the low hanging fruits
  • Input validation approaches and principles
  • Managing vulnerabilities in third party components

Audience

C# developers working on Web applications and Azure

Group size

12 participants

Labs

Hands-on

Description

Your cloud application written in C# works as intended, so you are done, right? But did you consider feeding in incorrect values? 16Gbs of data? A null? An apostrophe? Negative numbers, or specifically -1 or -2^31? Because that’s what the bad guys will do – and the list is far from complete.

The cloud has become a critical aspect of online services. No matter which model you’re using (SaaS, PaaS, IaaS), part of your service is now operated by someone else. This may look like a net positive, but it also greatly expands the attack surface and brings in several new risks that may not be obvious. Have you configured all security settings correctly? Are you prepared for supply chain attacks? How can you protect the confidentiality of user data in the cloud? And most importantly: can the bad guys use your exposure to their advantage?

Handling security needs a healthy level of paranoia, and this is what this course provides: a strong emotional engagement by lots of hands-on labs and stories from real life, all to substantially improve code hygiene. Mistakes, consequences, and best practices are our blood, sweat and tears.

The curriculum goes through the common Web application security issues following the OWASP Top Ten but goes far beyond it both in coverage and the details.All this is put in the context of C#, and extended by core programming issues, discussing security pitfalls of the C# language and the Azure cloud platform.

So that you are prepared for the forces of the dark side.

So that nothing unexpected happens.

Nothing.

Outline

  • Cyber security basics
  • The OWASP Top Ten 2021
  • Cloud security
  • Input validation
  • Wrap up

What you will learn

  • Understand cloud security specialties
  • Getting familiar with essential cyber security concepts
  • Understanding how cryptography supports security
  • Learning how to use cryptographic APIs correctly in C#
  • Understanding Web application security issues
  • Detailed analysis of the OWASP Top Ten elements
  • Putting Web application security in the context of C#
  • Going beyond the low hanging fruits
  • Managing vulnerabilities in third party components
  • Learn to deal with cloud infrastructure security
  • Input validation approaches and principles
  • Identify vulnerabilities and their consequences
  • Learn the security best practices in C#

Audience

Java architects, developers and testers

Group size

12 participants

Labs

Hands-on

Description

The course provides an in-depth exploration of security concerns and best practices tailored specifically for DevOps engineers working on Java software on the AWS cloud platform. Starting off from the foundations of cybersecurity, you will understand the consequences of insecure code by examining threats through the lens of the CIA triad.

In the main part of the material, you will go through the various security issues outlined in the OWASP Top Ten with a focus on DevSecOps issues – identity management in microservice and cloud environments, secure AWS configuration, securing CI / CD build processes, secrets management, and logging and monitoring. Finally, you’ll explore cloud security with a focus on security automation and tooling in AWS, the security of containers and container orchestration (Docker, Kubernetes), microservices, and Infrastructure as Code tools (CloudFormation, Terraform), and security testing tools relevant for DevSecOps.

These modules go beyond just theory. Not only do they show vulnerabilities, their consequences, and corresponding best practices, but – through hands-on labs and real-world case studies – they offer practical experience in identifying, exploiting, and mitigating these security risks.

So that you are prepared for the forces of the dark side.

So that nothing unexpected happens.

Nothing.

Outline

  • Cyber security basics
  • The OWASP Top Ten 2021
  • Cloud security
  • Security testing
  • Wrap up

What you will learn

  • Getting familiar with essential cyber security concepts
  • Understanding Web application security issues
  • Detailed analysis of the OWASP Top Ten elements
  • Putting Web application security in the context of Java
  • Going beyond the low hanging fruits
  • Managing vulnerabilities in third party components
  • Learn to deal with cloud infrastructure security
  • Understand cloud security specialties
  • Understanding security testing methodology and approaches
  • Getting familiar with security testing techniques and tools

Audience

C# architects, developers and testers working on web applications and Azure

Group size

12 participants

Labs

Hands-on

Description

The course provides an in-depth exploration of security concerns and best practices tailored specifically for DevOps engineers working on C# software on the Azure cloud platform. Starting off from the foundations of cybersecurity, you will understand the consequences of insecure code by examining threats through the lens of the CIA triad.

In the main part of the material, you will go through the various security issues outlined in the OWASP Top Ten with a focus on DevSecOps issues – identity management in microservice and cloud environments, secure Azure configuration, securing CI / CD build processes, secrets management, and logging and monitoring. Finally, you’ll explore cloud security with a focus on security automation and tooling in Azure, the security of containers and container orchestration (Docker, Kubernetes), microservices, and Infrastructure as Code tools (Azure Resource Manager, Terraform), and security testing tools relevant for DevSecOps.

These modules go beyond just theory. Not only do they show vulnerabilities, their consequences, and corresponding best practices, but – through hands-on labs and real-world case studies – they offer practical experience in identifying, exploiting, and mitigating these security risks.

So that you are prepared for the forces of the dark side.

So that nothing unexpected happens.

Nothing.

Outline

  • Cyber security basics
  • The OWASP Top Ten 2021
  • Cloud security
  • Security testing
  • Wrap up

What you will learn

  • Getting familiar with essential cyber security concepts
  • Understanding Web application security issues
  • Detailed analysis of the OWASP Top Ten elements
  • Putting Web application security in the context of C#
  • Going beyond the low hanging fruits
  • Managing vulnerabilities in third party components
  • Learn to deal with cloud infrastructure security
  • Understand cloud security specialties
  • Understanding security testing methodology and approaches
  • Getting familiar with security testing techniques and tools