Executive Cyber Security Awareness Training Course

This instructor-led, live training in Slovakia (online or onsite) is aimed at sysadmins who wish to use 389 Directory Server to configure and manage LDAP-based authentication and authorization.

By the end of this training, participants will be able to:

• Install and configure 389 Directory Server.
• Understand the features and architecture of 389 Directory Server.
• Learn how to configure the directory server using the web console and CLI.
• Set up and monitor replication for high availability and load balancing.
• Manage LDAP authentication using SSSD for faster performance.
• Integrate 389 Directory Server with Microsoft Active Directory.

This instructor-led, live training in Slovakia (online or onsite) is aimed at system administrators who wish to use Microsoft Active Directory to manage and secure data access.

By the end of this training, participants will be able to:

• Set up and configure Active Directory.
• Set up a domain and define access rights of users and devices.
• Manage users and machines through Group Policies.
• Control access to file servers.
• Set up a Certificate Service and manage certificates.
• Implement and manage services such as encryption, certificates, and authentication.

This three-day course delves into the fundamentals of securing C/C++ code to protect against malicious users who might exploit various vulnerabilities related to memory management and input handling. The course covers the principles of writing secure code.

Even experienced Java programmers do not always fully grasp the various security services provided by Java, nor are they necessarily aware of the different vulnerabilities relevant to web applications written in Java.

This course, in addition to introducing the security components of Standard Java Edition, delves into the security issues surrounding Java Enterprise Edition (JEE) and web services. Before discussing specific services, it covers the fundamentals of cryptography and secure communication. Various exercises focus on declarative and programmatic security techniques in JEE, while both transport-layer and end-to-end security for web services are explored. The use of all components is demonstrated through practical exercises, allowing participants to experiment with the discussed APIs and tools.

The course also examines and explains the most frequent and severe programming flaws associated with the Java language and platform, as well as web-related vulnerabilities. It addresses both typical bugs made by Java programmers and security issues specific to the runtime environment. All vulnerabilities and corresponding attacks are illustrated through straightforward exercises, followed by recommended coding guidelines and mitigation techniques.

Participants attending this course will

• Understand fundamental concepts of security, IT security, and secure coding
• Learn about web vulnerabilities beyond the OWASP Top Ten and how to prevent them
• Comprehend the security principles of web services
• Acquire knowledge on using various security features in the Java development environment
• Gain a practical understanding of cryptography
• Understand the security solutions offered by Java EE
• Learn about common coding mistakes and how to avoid them
• Receive information on recent vulnerabilities in the Java framework
• Obtain practical knowledge in using security testing tools
• Get resources and further reading materials on secure coding practices

Audience

Developers

Description

The Java language and the Runtime Environment (JRE) were designed to be free from the most problematic common security vulnerabilities experienced in other languages, such as C/C++. However, software developers and architects should not only know how to utilize the various security features of the Java environment (positive security), but they should also be aware of the numerous vulnerabilities that are still relevant for Java development (negative security).

Before delving into security services, the course provides a brief overview of cryptography fundamentals, establishing a common baseline for understanding the purpose and operation of applicable components. The use of these components is demonstrated through several practical exercises, allowing participants to try out the discussed APIs firsthand.

The course also covers and explains the most frequent and severe programming flaws in the Java language and platform, including both typical bugs committed by Java programmers and issues specific to the language and environment. All vulnerabilities and relevant attacks are illustrated through easy-to-understand exercises, followed by recommended coding guidelines and possible mitigation techniques.

Participants attending this course will

• Understand fundamental concepts of security, IT security, and secure coding
• Learn about Web vulnerabilities beyond the OWASP Top Ten and how to avoid them
• Learn to use various security features of the Java development environment
• Gain a practical understanding of cryptography
• Learn about typical coding mistakes and how to avoid them
• Receive information about recent vulnerabilities in the Java framework
• Get sources and further readings on secure coding practices

Audience

Developers

Today, a variety of programming languages are available to compile code for the .NET and ASP.NET frameworks. These environments offer robust tools for security development; however, developers need to understand how to apply architectural and coding techniques effectively to implement the required security features and mitigate vulnerabilities or limit their exploitation.

The primary goal of this course is to equip developers with practical, hands-on exercises that demonstrate how to prevent untrusted code from executing privileged actions, secure resources through robust authentication and authorization mechanisms, facilitate remote procedure calls, manage sessions, explore different implementations for specific functionalities, and much more.

The introduction to various vulnerabilities begins by highlighting typical programming issues that arise when using .NET. The discussion on ASP.NET vulnerabilities also covers a range of environmental settings and their impacts. Additionally, the course delves into ASP.NET-specific vulnerabilities, addressing both general web application security challenges and unique issues such as ViewState attacks and string termination attacks.

Participants attending this course will

• Gain an understanding of fundamental security concepts, IT security, and secure coding practices
• Learn about Web vulnerabilities beyond the OWASP Top Ten and how to prevent them
• Become proficient in using various security features provided by the .NET development environment
• Acquire practical skills in utilizing security testing tools
• Identify common coding mistakes and learn strategies to avoid them
• Stay informed about recent vulnerabilities in .NET and ASP.NET
• Access resources and further reading on secure coding practices

Audience

Developers

The comprehensive SDL core training offers an in-depth look into the design, development, and testing of secure software using Microsoft's Secure Development Lifecycle (SDL). It starts with a foundational overview of SDL's key components at level 100, followed by practical design techniques aimed at identifying and rectifying flaws early in the development process.

During the development phase, the course covers common security-related programming errors found in both managed and native code. It presents various attack methods for these vulnerabilities along with corresponding mitigation strategies, all illustrated through interactive exercises that provide a hands-on hacking experience for participants. The course also introduces different security testing approaches and demonstrates the effectiveness of various testing tools. Participants can gain insight into how these tools operate by applying them to previously discussed vulnerable code in practical exercises.

By attending this course, participants will:

Grasp fundamental concepts of security, IT security, and secure coding

Familiarize themselves with the critical steps of Microsoft’s Secure Development Lifecycle

Acquire knowledge of secure design and development practices

Learn principles for secure implementation

Understand methodologies for security testing

• Receive resources and additional reading materials on secure coding practices

Audience

Developers, Managers

After gaining an understanding of vulnerabilities and attack methods, participants will delve into the general approach and methodology for security testing, along with the techniques that can uncover specific vulnerabilities. Security testing should commence with information gathering about the system (ToC, i.e., Target of Evaluation), followed by a thorough threat modeling process to identify and rate all potential threats, leading to a risk analysis-driven test plan.

Security evaluations can be conducted at various stages of the Software Development Life Cycle (SDLC). Therefore, we will explore design reviews, code reviews, reconnaissance, and information gathering about the system. We will also cover testing the implementation and securing the environment for deployment. The course introduces a range of security testing techniques in detail, such as taint analysis, heuristic-based code review, static code analysis, dynamic web vulnerability testing, and fuzzing. Various tools are presented to automate the security evaluation of software products, with numerous exercises demonstrating how to use these tools to analyze previously discussed vulnerable code. Real-life case studies enhance the understanding of various vulnerabilities.

This course equips testers and QA staff with the necessary skills to effectively plan and execute security tests, select and utilize the most appropriate tools and techniques to uncover even hidden security flaws. Participants will gain practical knowledge that can be applied immediately in their work.

Participants attending this course will

• Grasp fundamental concepts of security, IT security, and secure coding
• Learn about web vulnerabilities beyond the OWASP Top Ten and how to prevent them
• Understand client-side vulnerabilities and secure coding practices
• Comprehend security testing approaches and methodologies
• Acquire practical knowledge in using security testing techniques and tools
• Access sources and further readings on secure coding practices

Audience

Developers, Testers

This instructor-led, live training in Slovakia (online or onsite) is aimed at system administrators who wish to use FreeIPA to centralize the authentication, authorization and account information for their organization's users, groups, and machines.

By the end of this training, participants will be able to:

• Install and configure FreeIPA.
• Manage Linux users and clients from a single central location.
• Use FreeIPA's CLI, Web UI and RPC interface to set up and manage permissions.
• Enable Single Sign On authentication across all systems, services and applications.
• Integrate FreeIPA with Windows Active Directory.
• Backup, replicate and migrate an FreeIPA server.

In this instructor-led, live training in Slovakia (online or onsite), participants will learn how to create an Indy-based decentralized identity system.

By the end of this training, participants will be able to:

• Create and manage decentralized, self-sovereign identities using distributed ledgers.
• Enable interoperability of digital identities across domains, applications, and silos.
• Understand key concepts such as user-controlled exchange, revocation, Decentralized Identifiers (DIDs), off-ledger agents, data minimization, etc.
• Use Indy to enable identity owners to independently control their personal data and relationships.

This instructor-led, live training in Slovakia (online or onsite) is aimed at system administrators who wish to use Okta for identity and access management.

By the end of this training, participants will be able to:

• Configure, integrate, and manage Okta.
• Integrate Okta into an existing application.
• Implement security with multi-factor authentication.

This instructor-led, live training in Slovakia (online or onsite) is aimed at intermediate-level system administrators and IT professionals who wish to install, configure, manage, and secure LDAP directories using OpenLDAP.

By the end of this training, participants will be able to:

• Understand the structure and operation of LDAP directories.
• Install and configure OpenLDAP for various deployment environments.
• Implement access control, authentication, and replication mechanisms.
• Use OpenLDAP with third-party services and applications.

This instructor-led, live training in Slovakia (online or onsite) is aimed at system administrators who wish to use OpenAM to manage identity and access controls for web applications.

By the end of this training, participants will be able to:

• Set up the necessary server environment to start configuring authentication and access controls using OpenAM.
• Implement single sign-on (SSO), multi-factor authentication (MFA), and user self-service features for web applications.
• Use federation services (OAuth 2.0, OpenID, SAML v2.0, etc.) to extend identity management securely across different systems or applications.
• Access and manage authentication, authorization, and identity services through REST APIs.

This instructor-led, live training in Slovakia (online or onsite) is aimed at system administrators who wish to use OpenDJ to manage their organization's user credentials in a production environment.

By the end of this training, participants will be able to:

• Install and configure OpenDJ.
• Maintain an OpenDJ server, including monitoring, troubleshooting, and optimizing for performance.
• Create and manage multiple OpenDJ databases.
• Backup and migrate an OpenDJ server.