A 2-to-3 days training
Cybersecurity Training
This 2-3 days seminar is designed for developers, testers, QA, project managers, database admins, system and network administrators.
The cybersecurity training covers areas that help IT professionals understand more detailed aspects of the weaknesses, attacks, and defenses used to attack or protect critical infrastructure.
Here’s what your team will get
Customized training for your exact needs
This training is full of real-life examples, findings from studies and practical approaches your team will find useful to know in order to protect their code and applications.
Get familiar with cybersecurity
They will learn about the methods and tools used by malicious attackers to target IT systems (networks, servers, websites)
Gain essential know-how
Have high level overview of the steps needed to prevent, detect and mitigate cyber threats.
A deeper understanding of cybersecurity
Give a starting point for sysadmins, web developers and testers in addressing security within the projects they are involved in moving forward.
Full slides and additional resources
After the seminar they will get access to all the slides presented. They will also get some extra resources: materials and tools to put your knowledge into practice.
Ask the expert
During the training, they will be able to ask questions from our security expert with over 10 years of experience in the field of security.
Meet the Trainer
Tudor Damian
Microsoft Cloud and Datacenter Management MVP
Certified Ethical Hacker
As an IT consultant with more than 10 years of experience in managing complex IT infrastructures, Tudor is a Certified Ethical Hacker, a Microsoft Cloud and Datacenter Management MVP and a technical speaker at local and regional community events.
He often talks about the latest technologies and trends with themes including cloud and hybrid networking & security, virtualization technologies, social engineering and information security awareness, web application security, white-hat hacking and penetration testing techniques.
Testimonials
“
Well organized materials, a perfect introduction to security.
Gabriel Musteata
PHP TeamLeader
“
In my position working on pre-sales and projects specifications I came across clients and security requests every day and the general knowledge from here will be very helpful.
Dan Tudorache
Technical Consultant
“
I think this is a course that should be consider by all developers and IT specialists.
Iulia Chitan
Ruby developer
Agenda
Security landscape overview:
Industry trends, the “Browser Wars”, relevant information sources and keeping up-to-date
The need for Security Analysis:
Industry Trends, Security Testing Methodologies (OSSTMM), Planning and Scheduling
Foundations of Security:
Footprinting, Reconnaissance, Scanning, Enumeration, Sniffing, System Hacking, Trojans/Viruses/Worms, Cryptography, Denial of Service, Hacking Wireless Networks, Social Engineering, Cloud Security
MITRE Overview:
CVE & CVSS, CWE & CWSS, CAPEC, OVAL, MAEC, OASIS
SANS CWE Top 25
OWASP Mobile & IoT Top 10 Overview
Attack Detection and Mitigation:
Mitigation Techniques specific to OWASP Top 10 (A1-A10), Developing Secure Code, Static Code Analysis, Security Reviews, SDLC & Microsoft SDL
Vulnerability Assessments & Tools:
OWASP ASVS, White / Grey / Black-box Pentesting, Risk Assessments and Risk Management
Other Noteworthy Vulnerabilities:
Denial of Service, Malicious File Execution, Information Leakage and Improper Error Handling, Insufficient Anti-Automation, Clickjacking, Concurrency Flaws, Lack of Intrusion Detection and Response, etc.
Attacking Web Servers & Web Applications:
Footprinting the Web Infrastructure, Defense in Depth, Attacking Web Servers, Analyzing Web Applications, Authentication Mechanisms, Authorization Schemes, Session Management, Injection Attacks, Man-in-the-Middle Attacks, Data Connectivity, Web App Clients, Web Services
OWASP Web Top 10:
Injection (A1), Broken Authentication and Session Management (A2), XSS/Cross-Site Scripting(A3), Insecure Direct Object References (A4), Security Misconfiguration (A5), Sensitive Data Exposure (A6), Missing Function Level Access Control (A7), CSRF/Cross-Site Request Forgery (A8), Using Known Vulnerable Components (A9), Unvalidated Redirects and Forwards (A10)
Who is this cybersecurity training for?
This cyber security training is indispensable for all IT professionals.
This cyber security training will help them learn critical techniques necessary to defend against network attacks, cyber security breaches, as well as ways to protect their technology or solution through cryptography, intrusion detection and more.
Why should your company care about cybersecurity training?
Recent IT security studies show that it takes 200 days on average to detect a security breach, and another 80 days to recover from it.
Mastering a set of techniques necessary to defend against network attacks, cybersecurity breaches, as well as ways to protect their technology or solution through cryptography, intrusion detection and other vulnerabilities is essential for every business.
Essential Topics Covered
Everything you need for a solid foundation on cybersecurity
This cybersecurity training helps people in the IT field get familiar with many aspects of IT security. We start by looking at the current security trends in the industry, then go through a high-level overview of testing methodologies like the OSSTMM (Open Source Security Testing Methodology Manual).
During the 2-3 days of the course, we will cover the most important aspects of security. These includes Footprinting, Reconnaissance, Scanning, Enumeration, Sniffing, System Hacking, Trojans/Viruses/Worms, Cryptography, Denial of Service, Hacking Wireless Networks, Social Engineering, Cloud Security.
We’ll also address the MITRE CWE/CWSS and CVE/CVSS lists and rating methods for weaknesses and vulnerabilities.
The last part of the seminar covers both vulnerability assessments and tools (OWASP ASVS, OWASP Testing Guide & Code Review Guide, White/Grey/Black-box Pentesting, Risk Assessments and Risk Management), as well as attack detection and mitigation techniques.
This will help you get a good overview of IT Security in general and Web Security in particular.
Testimonials
“
It achieved what I was hoping it would: give a great introduction into the fantastic world of cyber-security. Now I know, in the context of security, what questions to ask and where to look for the answers.
Radu Murzea
Backend PHP Developer
“
In my position working on pre-sales and projects specifications I came across clients and security requests every day and the general knowledge from here will be very helpful.
Dan Tudorache
Technical Consultant
“
I think this is a course that should be consider by all developers and IT specialists.
Iulia Chitan
Ruby developer
Prerequisites
Time for action
Defend against attacks and protect your business
Maximize your company investment by building the best-customized training that meets the professional development needs of your team.