Security Training

Information is one of the most important assets of an organization. Although technical security controls play an important role in reducing the security risk to these assets, the human factor plays a significant role and it is often the weakest link. As such, all members of the organization should learn about Cybersecurity best practices and how to use IT in a secure manner in accordance with applicable standards and regulatory requirements

Audience: All members of the organization

Training outline:

• Threats overview: malware, phishing, social engineering
• Password Safety
• Internet Protection
• Email Protection
• Preventive Measures

Format: The training will involve a presentation on Cybersecurity awareness, delivered in-person using slides covering the topics outlined above. Each session is 90 minutes and can accommodate up to 40 participants.

Many of the most common attacks can be mitigated through good application design, following secure development best practices to build security into the application. Ensuring your development team has the knowledge they need to build web application security into their everyday practices allows them to be mindful of their impact to the security of the organization and its most important asset, data. This training provides an overview of key application security design principles and industry best practices, as well as the top web application vulnerabilities faced by development teams today, frequently identified through web application pentesting.

Audience: Application developers, Application architects, DBAs and BAs, and other IT personnel involved with web applications

Training outline:

• Introduction: why we need application security
• Security by Design Principles: high level overview of the key security design principles
• OWASP Top 10: most common web application security issues
• Security SDLC: Integrating security into the development lifecycle for a Microsoft based environment
• Threat modelling workshop: How to identify and address security issues early

Format: The training session will be delivered by one of our expert Application Security instructors in presentation format covering the topics outlined above. Examples and knowledge testing questions will be included to assist with retention of the subject matter by attendees. This will be a 3-hour session and can accommodate up to 20 participants.

All those involved in the Software Development Lifecycle (SDLC) play a key role in delivering secure systems and helping avoid data loss. This training provides an overview of key mobile application security design principles and industry best practices, as well as the top mobile application vulnerabilities faced by development teams today.

Audience: Mobile Application developers, Mobile Application architects, and other IT personnel involved with the mobile applications

Training outline:

• Introduction
• Security by Design Principles: high level overview of the security design principles
• OWASP Top 10: this will cover topics such as insecure data storage, communication, authentication, authorization, cryptography, and other mobile related issues aligned with OWASP Mobile Security Project and other industry sources.

Format: The training will involve a presentation on application security with a mobile focus, delivered in presentation format covering the topics outlined above. Examples and knowledge testing questions will be included to assist with retention of the subject matter by attendees. Each session is 2 hours and can accommodate up to 20 participants.