Book Your Free Consultation
How Mature Is Your DevSecOps?
Begin Your Assessment

Security Training

Book Your Free Consultation

Security knowledge to help your team make better decisions

Humans are the end-users and builders of computer systems, and they can often be the weakest link. Our expert instructors can teach your team how to apply the right security at the right time and place.

Explore Our Course Offerings

Application Threat Modelling

Building Secure Web Applications by Design

Building Secure Mobile Applications by Design

Hunting for Low-Hanging Fruit in Web Apps

GraphQL Security with AutoGQL

General Security Awareness

Application Threat Modelling

Incorporating threat modeling into the development process promotes the concept of “security by design.” It means that security considerations are an integral part of the application development lifecycle from the very beginning, rather than being tacked on as an afterthought.

The threat modelling workshop helps developers understand how to identify security issues early on and address them in design to avoid costly mistakes down the road.

Enroll Now

Audience

  • Application developers
  • Application architects
  • DBAs, QA, and BAs
  • Other IT and technical personnel
    involved with the mobile
    application

Training Outline

  • Threat and risk terminology
  • Threat modeling overview (using a physical example)
  • Threat modeling exercise (using an application example)

Format

The training will be a 2 hour instructor lead session. Although up to 100 attendees can be accommodated, it is recommended to keep the audience smaller (close to 20) to encourage move active participation.

Building Secure Web Applications by Design

Many of the top attacks can be mitigated through good application design, following secure development best practices, building security into the application and doing so at an early stage in the development life cycle. As such, it is important for all development staff to receive the required training to build security into the software they develop, and be mindful of their impact on the security of the organization and its most important asset, data. This training provides an overview of key application security design principles and industry best practices, as well as the top web application vulnerabilities faced by development teams today.

Enroll Now

Audience

  • Application developers
  • Application architects
  • DBAs and Bas
  • Other IT and technical personnel involved with the web application

Training Outline

  • Introduction: why we need application Security
  • Security by Design Principles: high level overview of the key security design principles
  • OWASP Top 10: most common web application security issues
  • Security SDLC: Integrating security into the development lifecycle for a Microsoft based environment

Format

The training session will be delivered by one of our expert Application Security instructors using slides covering the topics outlined above. Examples and simple knowledge testing questions will be included to assist with better understanding and retention of the subject matter by attendees.

This will be a 3 hour instructor lead session. Although up to 100 attendees can be accommodated, it is recommended to keep the audience smaller (close to 20) to encourage more active participation.

Building Secure Mobile Applications by Design

All those involved in the Software Development Lifecycle (SDLC) play a key role in delivering secure systems and helping avoid data loss. This training provides an overview of key mobile application security design principles and industry best practices, as well as the top mobile application vulnerabilities faced by development teams today.

Enroll Now

Audience

  • Mobile Application developers
  • Mobile Application architects
  • Other IT personnel involved with the mobile applications

Training Outline

  • Introduction
  • Security by Design Principles: high level overview of the security design

Format

The training will involve a presentation on application security with a mobile focus, delivered in presentation format covering the topics outlined above. Examples and knowledge testing questions will be included to assist with retention of the subject matter by attendees.

Each session is 2 hours and can accommodate up to 20 participants.

Hunting for Low-Hanging Fruit in Web Apps

Developers without a good grasp of basic security issues are known to make the same mistakes time and time again. These can result in vulnerabilities that are used to attack the application and impact the business. Many of the issues are “low-hanging fruit” and can be avoided if the developers put themselves in the attacker’s shoes to observe, learn, and appreciate the importance of application security.

As such, it is important for all development staff to receive hands-on training to better understand common vulnerabilities such as those published by OWASP Top 10.

Enroll Now

Audience

  • Application developers
  • Application architects
  • Other IT and technical personnel involved with the application development

Training Outline

  • Prior knowledge and experience assessment
  • Hands-on and interactive challenges
  • Each challenge will have the following:
    • Introduction
    • Timeboxed exercise
    • Demonstration of the hack
    • Explaining mitigation and prevention

Format

This is a hands-on workshop where team members use OWASP’s JuiceShop to learn about common web application security vulnerabilities. Juice Shop is a modern web application with REST APIs, written in Node.js, Express and Angular. Participants are required to explore and solve hacking challenges of varying difficulty where the user is supposed to exploit the underlying vulnerabilities.

The duration of the session is 3-hours and can accommodate up to 20 participants. Attendees will be broken up into smaller groups each led by an Application Security subject matter expert
who will work closely with the individuals in that group.

GraphQL Security with AutoGQL

Pentesters often face challenges when testing GraphQL endpoints for security vulnerabilities because new technologies require new skillsets and it can be more time-consuming than the more common REST architecture. To address this issue, AutoGQL offers a comprehensive and automated solution for identifying vulnerabilities in any GraphQL endpoint.

This hands-on workshop is designed to equip developers with the latest strategies and best practices in GraphQL security, enabling teams to allocate their time to discover more unique vulnerabilities.

Enroll Now

Audience

  • Penetration testers
  • Web security professionals
  • Developers with prior knowledge in GraphQL

Training Outline

  • Identifying limitations of manual GraphQL security testing
  • How to utilize AutoGQL
  • Hands-on and interactive challenges
    • Note: AutoGQL can be used with the free version of Burp Suite up to a certain point, but for its complete feature set, a pro license is required.

Format

This hands-on workshop is focused on using AutoGQL to automate GraphQL security testing. AutoGQL is a specialized tool designed to identify and secure GraphQL vulnerabilities, making it an essential addition to the toolkit of penetration testers and security professionals.

The duration of the session is 2 hours, and it is recommended to have a smaller audience for increased interactivity and participation, ideally around 20 participants.

General Security Awareness

Information is one of the most important assets of an organization. Although technical security controls play an important role in reducing the security risk to these assets, the human factor plays a significant role and it is often the weakest link. As such, all members of the organization should learn about Cybersecurity best practices and how to use it in a secure manner in accordance with applicable standards and regulatory requirements.

Enroll Now

Audience

  • All members of the organization

Training Outline

  • Threats overview: malware, phishing, social engineering
  • Password Safety
  • Internet Protection
  • Email Protection
  • Preventive Measures

Format

The training will involve a presentation on Cybersecurity awareness, delivered in-person using slides covering the topics outlined above.

Each session is 90 minutes and can accommodate up to 40 participants.

Security Starts with Awareness: Book Your Security Training Session Today

Invest in the safety and security of your company by scheduling a security awareness training session with our expert team. By raising awareness and fostering a security-conscious culture, you can protect your data, assets, and reputation.

If you have different preferences in mind, we can create a tailored curriculum to meet your organization’s needs.

Contact Us Today

Get Our Best Insights Delivered to Your Inbox

Stay informed about the latest news, trends, and insights in the world of application and cloud security. Sign up and start receiving content right in your inbox.
This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy. We won't track your information when you visit our site. But in order to comply with your preferences, we'll have to use just one tiny cookie so that you're not asked to make this choice again. Privacy Policy