CYBERSECURE CODER (CSC) Training Course

Advances in computing and engineering are driving technological progress, from blockchain and AI to gene editing and IoT, offering opportunities for productivity and human well-being. Yet, these innovations also bring new risks, as recent scandals highlight. Technology professionals face increasing pressure to address ethical concerns, balancing privacy, accuracy, fairness, and safety. This course provides practical tools to manage ethical risks in emerging data-driven technologies, drawing from theory, regulations, and industry practices. Learners will gain skills to navigate ethical dilemmas in their roles and organizations.

This course delves into network defense and incident response methods, tactics, and procedures, aligning with industry frameworks such as NIST 800-61 r.2 (Computer Security Incident Handling), US-CERT’s NCISP (National Cyber Incident Response Plan), and Presidential Policy Directive (PPD) 41 on Cyber Incident Coordination Policy. It is particularly suitable for professionals responsible for monitoring and detecting security incidents in information systems and networks, as well as executing standardized responses to these incidents. The course introduces tools, tactics, and procedures to manage cybersecurity risks, identify various types of common threats, evaluate the organization's security, collect and analyze cybersecurity intelligence, and remediate and report incidents as they occur. This comprehensive methodology is designed for individuals tasked with defending their organization’s cybersecurity.

This course is tailored to help students prepare for the CertNexus CyberSec First Responder (Exam CFR-310) certification examination. The knowledge and skills gained in this course can significantly contribute to your preparation. Additionally, this course and subsequent certification (CFR-310) meet all requirements for personnel needing DoD directive 8570.01-M position certification baselines:

• CSSP Analyst

• CSSP Infrastructure Support

• CSSP Incident Responder

• CSSP Auditor

Course Objectives: In this course, you will gain an understanding of security threats and learn to operate a system and network security analysis platform. You will:

• Compare and contrast various threats and classify threat profiles

• Explain the purpose and use of attack tools and techniques

• Explain the purpose and use of post-exploitation tools and tactics

• Explain the purpose and use of social engineering tactics

• Given a scenario, perform ongoing threat landscape research and use data to prepare for incidents

• Explain the purpose and characteristics of various data sources

• Given a scenario, use appropriate tools to analyze logs

• Given a scenario, use regular expressions to parse log files and locate meaningful data

• Given a scenario, use Windows tools to analyze incidents

• Given a scenario, use Linux-based tools to analyze incidents

• Summarize methods and tools used for malware analysis

• Given a scenario, analyze common indicators of potential compromise

• Explain the importance of best practices in preparation for incident response

• Given a scenario, execute the incident response process

• Explain the importance of concepts unique to forensic analysis

• Explain general mitigation methods and devices

Target Student: This course is primarily designed for cybersecurity practitioners who are preparing for or currently performing job functions related to protecting information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. It is ideal for professionals within federal contracting companies and private sector firms whose mission or strategic objectives require the execution of Defensive Cyber Operations (DCO) or DoD Information Network (DODIN) operation and incident handling. This course focuses on the knowledge, abilities, and skills necessary to defend information systems in a cybersecurity context, including protection, detection, analysis, investigation, and response processes.

In addition, the course ensures that all members of an IT team—regardless of size, rank, or budget—understand their role in cyber defense, incident response, and incident handling processes.

Android is an open platform designed for mobile devices like smartphones and tablets. It offers a wide range of security features to facilitate the development of secure software, although it lacks some security aspects found in other mobile platforms. This course provides a thorough overview of these features, highlighting the most critical shortcomings related to the underlying Linux system, file management, the general environment, and the use of permissions and other Android development components.

Common security pitfalls and vulnerabilities are discussed for both native code and Java applications, along with recommendations and best practices to avoid and mitigate them. Many issues are illustrated with real-life examples and case studies. Additionally, we provide a brief overview of how to use security testing tools to identify any programming errors that could impact security.

Participants attending this course will

• Understand fundamental concepts of security, IT security, and secure coding
• Learn about the security solutions available on Android
• Discover how to use various security features of the Android platform
• Gain insights into recent vulnerabilities in Java on Android
• Understand typical coding mistakes and how to avoid them
• Learn about native code vulnerabilities on Android
• Realize the severe consequences of insecure buffer handling in native code
• Comprehend architectural protection techniques and their limitations
• Access sources and further readings on secure coding practices

Audience

Professionals

This three-day course provides an overview of securing C/C++ code to protect against malicious users who might exploit various vulnerabilities related to memory management and input handling. The course focuses on the principles of writing secure code.

Even experienced Java programmers often do not fully grasp the various security services provided by Java, nor are they always aware of the different vulnerabilities that can affect web applications written in Java.

This course covers more than just the security components of Standard Java Edition; it delves into the security challenges of Java Enterprise Edition (JEE) and web services. Before discussing specific services, the course lays a foundation in cryptography and secure communication. Practical exercises focus on declarative and programmatic security techniques in JEE, as well as transport-layer and end-to-end security for web services. Through hands-on exercises, participants can explore the discussed APIs and tools firsthand.

The course also examines and explains the most common and severe programming flaws in the Java language and platform, along with web-related vulnerabilities. It covers both language-specific issues and problems arising from the runtime environment. All vulnerabilities and associated attacks are demonstrated through straightforward exercises, followed by recommended coding guidelines and mitigation techniques.

Participants attending this course will

• Understand fundamental concepts of security, IT security, and secure coding
• Learn about web vulnerabilities beyond the OWASP Top Ten and how to avoid them
• Comprehend the security principles of web services
• Learn to utilize various security features in the Java development environment
• Gain a practical understanding of cryptography
• Understand the security solutions provided by Java EE
• Learn about typical coding mistakes and how to avoid them
• Receive information on recent vulnerabilities in the Java framework
• Acquire practical knowledge in using security testing tools
• Get resources and further readings on secure coding practices

Audience

Developers

Description

The Java language and the Runtime Environment (JRE) were designed to be free from the most problematic common security vulnerabilities often encountered in languages like C/C++. However, software developers and architects should not only know how to leverage the various security features of the Java environment for positive security but should also be aware of the numerous vulnerabilities that remain relevant for Java development, which pertain to negative security.

Before delving into security services, a brief overview of cryptography fundamentals is provided to establish a common understanding of their purpose and operation. The use of these components is explored through several practical exercises where participants can experiment with the discussed APIs firsthand.

The course also covers and explains the most frequent and severe programming flaws in the Java language and platform. This includes both typical bugs made by Java programmers and issues specific to the language and environment. All vulnerabilities and relevant attacks are demonstrated through easy-to-understand exercises, followed by recommended coding guidelines and possible mitigation techniques.

Participants attending this course will

• Understand basic concepts of security, IT security, and secure coding
• Learn about Web vulnerabilities beyond the OWASP Top Ten and how to avoid them
• Gain proficiency in using various security features of the Java development environment
• Acquire a practical understanding of cryptography
• Identify typical coding mistakes and learn how to avoid them
• Receive information about recent vulnerabilities in the Java framework
• Access sources and further readings on secure coding practices

Audience

Developers

A variety of programming languages are available today for compiling code to the .NET and ASP.NET frameworks. The environment offers robust tools for security development, but developers must understand how to apply architectural and coding-level techniques to implement effective security measures and minimize vulnerabilities or their exploitation.

This course aims to teach developers through numerous hands-on exercises how to prevent untrusted code from performing privileged actions, protect resources with strong authentication and authorization, facilitate remote procedure calls, manage sessions, explore different implementations for specific functionalities, and more.

The discussion on various vulnerabilities begins by highlighting typical programming issues that arise when using .NET. The examination of ASP.NET vulnerabilities also covers a range of environment settings and their impacts. Additionally, the course delves into ASP.NET-specific vulnerabilities, addressing both general web application security challenges and unique issues like attacking the ViewState or string termination attacks.

Participants attending this course will

• Understand fundamental concepts of security, IT security, and secure coding
• Learn about Web vulnerabilities beyond the OWASP Top Ten and how to mitigate them
• Gain knowledge in utilizing various security features of the .NET development environment
• Acquire practical skills in using security testing tools
• Identify common coding mistakes and learn how to avoid them
• Stay informed about recent vulnerabilities in .NET and ASP.NET
• Access resources and further readings on secure coding practices

Audience

Developers

This course equips PHP developers with the essential skills needed to protect their applications from modern internet-based attacks. It delves into web vulnerabilities using PHP-based examples, extending beyond the OWASP Top Ten to cover a wide range of injection attacks, script injections, session handling issues, insecure direct object references, file upload problems, and more. The course categorizes PHP-related vulnerabilities into standard types such as missing or improper input validation, incorrect error and exception handling, misuse of security features, and time- and state-related issues. Specific examples include open_basedir circumvention, denial-of-service through magic float, and hash table collision attacks. Participants will learn the most effective techniques and functions to mitigate these risks.

A significant focus is placed on client-side security, addressing JavaScript, Ajax, and HTML5 vulnerabilities. The course introduces several PHP extensions for cryptography (hash, mcrypt, OpenSSL) and input validation (Ctype, ext/filter, HTML Purifier). Best practices for hardening PHP configuration (php.ini), Apache, and the server in general are also covered. Additionally, an overview of various security testing tools and techniques is provided, including security scanners, penetration testing kits, sniffers, proxy servers, fuzzing tools, and static source code analyzers.

Both vulnerability introduction and configuration practices are reinforced with hands-on exercises that demonstrate the consequences of successful attacks, show how to apply mitigation techniques, and introduce the use of various extensions and tools.

Participants attending this course will

• Understand fundamental concepts of security, IT security, and secure coding
• Learn about web vulnerabilities beyond the OWASP Top Ten and how to prevent them
• Gain knowledge on client-side vulnerabilities and secure coding practices
• Develop a practical understanding of cryptography
• Learn to utilize various security features of PHP
• Become aware of common coding mistakes and how to avoid them
• Stay informed about recent vulnerabilities in the PHP framework
• Acquire practical knowledge in using security testing tools
• Receive sources and further readings on secure coding practices

Audience

Developers

The Combined SDL core training provides an in-depth look into secure software design, development, and testing through the Microsoft Secure Development Lifecycle (SDL). It offers a foundational overview of the key components of SDL, followed by design techniques to help identify and rectify vulnerabilities at the early stages of the development process.

During the development phase, the course covers common security-related programming errors found in both managed and native code. It presents various attack methods for these vulnerabilities, along with corresponding mitigation strategies. These concepts are reinforced through numerous hands-on exercises that offer participants a live hacking experience. The training also introduces different security testing methods and demonstrates the effectiveness of various testing tools. Participants will gain practical understanding by using these tools on previously discussed vulnerable code.

Participants attending this course will

Gain an understanding of basic concepts in security, IT security, and secure coding.

Become familiar with the essential steps of the Microsoft Secure Development Lifecycle.

Learn about secure design and development practices.

Understand secure implementation principles.

Grasp the methodology behind security testing.

• Receive sources and further readings on secure coding practices.

Audience

Developers, Managers

After gaining an understanding of vulnerabilities and attack methods, participants will explore the general approach and methodology for security testing, along with techniques to uncover specific vulnerabilities. Security testing should begin with gathering information about the system (ToC, i.e., Target of Evaluation), followed by comprehensive threat modeling to identify and assess all potential threats, leading to a risk analysis-driven test plan.

Security evaluations can occur at various stages of the Software Development Life Cycle (SDLC). Therefore, we cover design reviews, code reviews, reconnaissance and information gathering about the system, testing the implementation, and securing the environment for deployment. Detailed introductions to numerous security testing techniques are provided, such as taint analysis, heuristic-based code review, static code analysis, dynamic web vulnerability testing, and fuzzing. Various tools are discussed that can automate the security evaluation of software products, supported by practical exercises where these tools are used to analyze previously discussed vulnerable code. Real-life case studies enhance the understanding of different vulnerabilities.

This course equips testers and QA staff with the necessary skills to effectively plan and execute security tests, choose and use appropriate tools and techniques to identify even hidden security flaws, providing essential practical knowledge that can be applied immediately in their work.

Participants attending this course will

• Understand fundamental concepts of security, IT security, and secure coding
• Learn about Web vulnerabilities beyond the OWASP Top Ten and how to mitigate them
• Gain knowledge on client-side vulnerabilities and secure coding practices
• Comprehend different approaches and methodologies for security testing
• Acquire practical skills in using security testing techniques and tools
• Receive sources and further reading materials on secure coding practices

Audience

Developers, Testers

Ensuring the security of web applications requires well-prepared professionals who are constantly aware of current attack methods and trends. A wide range of technologies and environments exist that facilitate the development of web applications. It is essential not only to be familiar with the security issues relevant to these platforms but also to understand general vulnerabilities that apply regardless of the development tools used.

This course provides an overview of applicable security solutions in web applications, with a particular emphasis on understanding the most important cryptographic solutions to implement. Various web application vulnerabilities are discussed, both on the server side (following the OWASP Top Ten) and the client side, demonstrated through relevant attacks. The recommended coding techniques and mitigation methods to avoid these issues are also covered. The topic of secure coding is concluded by discussing typical security-related programming mistakes in areas such as input validation, improper use of security features, and code quality.

Testing plays a crucial role in ensuring the security and robustness of web applications. Different approaches—from high-level auditing to penetration testing and ethical hacking—can be used to identify various types of vulnerabilities. However, to go beyond the easily discoverable issues, security testing must be well-planned and properly executed. It is important to remember that while security testers should ideally find all bugs to protect a system, adversaries need only find one exploitable vulnerability to gain access.

Practical exercises will help participants understand web application vulnerabilities, programming mistakes, and most importantly, the mitigation techniques. Hands-on trials of various testing tools, from security scanners through sniffers, proxy servers, fuzzing tools, to static source code analyzers, will provide essential practical skills that can be applied immediately in the workplace.

Participants attending this course will

• Understand basic concepts of security, IT security, and secure coding
• Learn about web vulnerabilities beyond the OWASP Top Ten and how to avoid them
• Understand client-side vulnerabilities and secure coding practices
• Gain a practical understanding of cryptography
• Comprehend security testing approaches and methodologies
• Acquire practical knowledge in using security testing techniques and tools
• Stay informed about recent vulnerabilities in various platforms, frameworks, and libraries
• Receive sources and further readings on secure coding practices

Audience

Developers, Testers

The Internet of Things (IoT) offers a broad array of benefits for various sectors, including industry, energy and utility companies, municipalities, healthcare, and consumers. It enables the collection of vast amounts of detailed data on almost anything worth measuring, such as public health and safety, environmental conditions, industrial and agricultural production, energy usage, and utility services. Advanced data analysis tools have been developed to handle the massive volumes of data generated by IoT, facilitating swift and well-informed decision-making.

However, implementing IoT systems can be complex and fraught with challenges. Solutions often involve devices and technologies from multiple vendors, necessitating a thorough understanding of software and hardware integration. Additionally, there are significant risks associated with security, privacy, and the safety of individuals whose environments are managed by these systems.

IT professionals typically have limited experience working with embedded systems, sensor networks, actuators, real-time systems, and other IoT components. This course provides a foundational understanding of how these components interact with more familiar IT systems, such as networks, cloud computing, and applications running on servers, desktops, and mobile devices.

In this course, students will explore general strategies for planning, designing, developing, implementing, and maintaining an IoT system through various case studies. They will also assemble and configure an IoT device to function within a sensor network. Students will create an IoT device based on the ESP8266 microcontroller, incorporating common IoT features like analog and digital sensors, a web-based interface, MQTT messaging, and data encryption.

Course Objectives: This course aims to teach students how to apply Internet of Things technologies to solve real-world problems. By the end of the course, you will be able to:

• Plan an IoT implementation.
• Construct and program an IoT device.
• Communicate with an IoT device using both wired and wireless connections.
• Process sensor input and control actuators on an IoT device.
• Manage security, privacy, and safety risks in IoT projects.
• Manage an IoT prototyping and development project throughout its lifecycle.

Target Student: This course is designed for IT professionals with basic skills in computer hardware, software support, and development who wish to learn how to design, develop, implement, operate, and manage Internet of Things devices and related systems. The student should be interested in gaining deeper knowledge about embedded systems, microcontroller programming, IoT security, and the development lifecycle for IoT projects.

While students will gain hands-on experience assembling a prototype IoT device and using software development tools, these activities are closely guided. Therefore, prior experience in electronics assembly and programming is not required. This course also prepares students to take the CertNexus Certified Internet of Things (IoT) Practitioner (Exam ITP-110).

Artificial intelligence (AI) and machine learning (ML) have become essential tools for many organizations. When used effectively, these technologies provide actionable insights that drive critical decisions and enable the creation of exciting, new, and innovative products and services. This course will guide you through applying various approaches and algorithms to solve business problems using AI and ML, following a systematic workflow to develop robust solutions. You will learn to use open-source tools for developing, testing, and deploying these solutions while ensuring user privacy is protected. The course includes practical activities for each topic area.

Course Objectives: In this course, you will implement AI techniques to solve business problems. Specifically, you will:

• Define a general approach to solving a given business problem using applied AI and ML.
• Gather and refine datasets to prepare them for training and testing.
• Train and fine-tune a machine learning model.
• Finalize a machine learning model and present the results to the appropriate audience.
• Develop linear regression models.
• Create classification models.
• Build clustering models.
• Construct decision trees and random forests.
• Develop support-vector machines (SVMs).
• Build artificial neural networks (ANNs).
• Promote data privacy and ethical practices within AI and ML projects.

Target Student: This course is designed for individuals whose skills intersect software development, applied math and statistics, and business analysis. The target audience may be strong in one or two of these areas and looking to enhance their capabilities in the others, so they can effectively apply artificial intelligence (AI) systems, particularly machine learning models, to business problems.

For example, a programmer may want to develop additional skills to apply machine learning algorithms to business challenges, while a data analyst with strong math and statistics skills might seek to build technology expertise in machine learning. A typical student should have several years of experience with computing technology and some programming aptitude. This course also prepares students for the CertNexus® Certified Artificial Intelligence (AI) Practitioner (Exam AIP-110) certification.

This course is tailored for professionals aiming to showcase a vendor-neutral, cross-industry skill set that will empower them to design, implement, operate, and manage a secure IoT ecosystem.

Target Student: This course is intended for IoT practitioners who wish to enhance their skills and knowledge in IoT security and privacy. It is also suitable for students seeking the CertNexus Certified Internet of Things Security Practitioner (CIoTSP) certification and looking to prepare for Exam ITS-110.

Objectives:

In this course, you will identify many of the common risks involved in using conventional end-user technology, as well as ways to use it safely, to protect yourself from those risks.

You will:

• Identify security compliance measures.
• Address social engineering attempts.
• Secure devices such as desktops, laptops, tablets, smartphones, and more.
• Use the Internet securely.

Target Student

This course is designed for you as a non-technical end user of computers, mobile devices, networks, and the Internet, to enable you to use technology more securely to minimize digital risks.

This course is also designed for you to prepare for the Certified CyberSAFE credential. You can obtain your Certified CyberSAFE certificate by completing the Certified CyberSAFE credential process on the CHOICE platform following the course presentation.