CYBERSECURE CODER (CSC) Training Course

Upon completing this training, participants will be capable of:

• Explaining application security and potential vulnerabilities
• Describing ABAP programming best practices and the handling of SY-SUBRC
• Understanding injection vulnerabilities
• Describing security testing tools
• Explaining ATC and CVA

Course Format

• Interactive lectures and discussions
• Extensive exercises and practical work
• Hands-on implementation in a live-lab environment

This course addresses the essential secure coding topics pertinent to a wide range of web application developers. It instructs students on the principles of secure programming by examining specific code snippets, identifying security vulnerabilities, and implementing corrective measures.

Participants will observe demonstrations of real-world attacks and learn effective prevention strategies, building confidence as they work to enhance their applications' security.

Duration: 3 days
Who Should Attend: Developers seeking to expand their expertise in secure coding.

Upon Completion
• Students will gain knowledge in:
• Web Application Security.
• Common Web Application Risks.
• Demo Web Application Penetration Testing.
• Data Validation.
• Authentication.
• Session Management.
• Secure SDLC.

Computing and engineering advancements are propelling technological progress—from blockchain and AI to gene editing and IoT—creating opportunities for enhanced productivity and human well-being. However, as recent scandals underscore, these innovations also introduce new risks. Technology professionals are under growing pressure to address ethical concerns, striking a balance between privacy, accuracy, fairness, and safety. This course equips learners with practical tools to manage ethical risks in emerging data-driven technologies, drawing on theory, regulations, and industry best practices. Participants will develop the skills needed to navigate ethical dilemmas within their roles and organizations.

This course explores network defense and incident response methodologies, tactics, and procedures, aligning them with established industry frameworks such as NIST 800-61 r.2 (Computer Security Incident Handling), US-CERT’s NCISP (National Cyber Incident Response Plan), and Presidential Policy Directive (PPD) 41 on Cyber Incident Coordination Policy. It is specifically designed for professionals responsible for monitoring and detecting security incidents within information systems and networks, as well as executing standardized response protocols. The curriculum introduces essential tools, tactics, and procedures to manage cybersecurity risks, identify common threats, evaluate organizational security posture, collect and analyze cybersecurity intelligence, and remediate and report incidents in real-time. By providing a comprehensive methodology, this course empowers individuals tasked with defending their organization’s cybersecurity.

Designed to support candidates preparing for the CertNexus CyberSec First Responder (Exam CFR-310) certification, the knowledge and practical skills gained here form a significant component of your exam preparation. Furthermore, completing this course and obtaining the subsequent CFR-310 certification satisfies all personnel requirements for DoD Directive 8570.01-M position certification baselines, including:

• CSSP Analyst

• CSSP Infrastructure Support

• CSSP Incident Responder

• CSSP Auditor

Course Objectives: Upon completion, you will be able to understand, assess, and respond to security threats while operating a system and network security analysis platform. Specifically, you will:

• Compare and contrast various threats and classify threat profiles

• Explain the purpose and application of attack tools and techniques

• Explain the purpose and application of post-exploitation tools and tactics

• Explain the purpose and application of social engineering tactics

• Conduct ongoing threat landscape research and utilize data to prepare for incidents in given scenarios

• Explain the purpose and characteristics of various data sources

• Apply appropriate tools to analyze logs in given scenarios

• Use regular expressions to parse log files and identify meaningful data in given scenarios

• Utilize Windows tools to analyze incidents in given scenarios

• Utilize Linux-based tools to analyze incidents in given scenarios

• Summarize methods and tools used for malware analysis

• Analyze common indicators of potential compromise in given scenarios

• Explain the importance of best practices in preparing for incident response

• Execute the incident response process in given scenarios

• Explain the importance of concepts unique to forensic analysis

• Explain general mitigation methods and devices

Target Audience: This course is primarily intended for cybersecurity practitioners who are preparing for or currently performing job functions related to protecting information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. It is particularly suitable for roles within federal contracting companies and private sector firms whose mission or strategic objectives require executing Defensive Cyber Operations (DCO) or managing DoD Information Network (DODIN) operations and incident handling. The course focuses on the knowledge, skills, and abilities necessary to defend information systems in a cybersecurity context, covering protection, detection, analysis, investigation, and response processes.

Additionally, the course ensures that all IT team members—regardless of team size, rank, or budget—understand their role in cyber defense, incident response, and incident handling.

Android serves as an open platform for mobile devices, including smartphones and tablets. While it offers a wide array of security features designed to facilitate the development of secure software, it also lacks certain security aspects found in other handheld platforms. This course provides a comprehensive overview of these features and highlights critical shortcomings related to the underlying Linux system, the file system, and the general environment, as well as those associated with permissions and other Android software development components.

Common security pitfalls and vulnerabilities are explained for both native code and Java applications, accompanied by recommendations and best practices to prevent and mitigate these issues. The topics discussed are often supported by real-life examples and case studies. Finally, the course briefly covers how to utilize security testing tools to identify security-related programming bugs.

Participants attending this course will

• Understand the fundamental concepts of security, IT security, and secure coding
• Learn about security solutions on Android
• Learn to use various security features of the Android platform
• Gain information about recent Java vulnerabilities on Android
• Learn about typical coding mistakes and how to avoid them
• Understand native code vulnerabilities on Android
• Recognize the severe consequences of insecure buffer handling in native code
• Understand architectural protection techniques and their weaknesses
• Access sources and further readings on secure coding practices

Audience

Professionals

Developing a secure networked application is challenging, even for developers familiar with cryptographic building blocks like encryption and digital signatures. To help participants grasp the role and application of these cryptographic primitives, the course establishes a solid foundation on the core requirements of secure communication: secure acknowledgment, integrity, confidentiality, remote identification, and anonymity. It also highlights common threats to these requirements and presents real-world solutions.

Given that cryptography is a critical component of network security, the course examines the most important cryptographic algorithms in symmetric cryptography, hashing, asymmetric cryptography, and key agreement. Rather than focusing on complex mathematical theories, these topics are approached from a developer’s perspective, featuring typical use-case examples and practical considerations such as public key infrastructures. The course introduces security protocols used in various areas of secure communication, with an in-depth exploration of widely adopted protocol families like IPSEC and SSL/TLS.

Typical cryptographic vulnerabilities are discussed, both concerning specific algorithms and protocols. Examples include BEAST, CRIME, TIME, BREACH, FREAK, Logjam, Padding oracle, Lucky Thirteen, POODLE, and RSA timing attacks. For each issue, practical implications and potential consequences are explained without delving into deep mathematical details.

Finally, as XML technology is central to data exchange in networked applications, the course covers XML security. This includes the use of XML in web services and SOAP messages, alongside protection mechanisms like XML signature and XML encryption. The course also addresses weaknesses in these protection measures and XML-specific security issues such as XML injection, XML external entity (XXE) attacks, XML bombs, and XPath injection.

Participants attending this course will

• Understand basic concepts of security, IT security, and secure coding
• Understand the requirements of secure communication
• Learn about network attacks and defenses at different OSI layers
• Gain a practical understanding of cryptography
• Understand essential security protocols
• Understand some recent attacks against cryptosystems
• Get information about some recent related vulnerabilities
• Understand security concepts of Web services
• Get sources and further readings on secure coding practices

Audience

Developers, Professionals

This three-day course provides an overview of securing C/C++ code against malicious actors who may exploit vulnerabilities related to memory management and input handling. The course emphasizes the core principles of writing secure code.

Even seasoned Java developers often do not fully master the diverse security services provided by Java, and may remain unaware of the various vulnerabilities pertinent to web applications built with Java.

Beyond introducing the security components of Standard Java Edition, this course addresses security challenges in Java Enterprise Edition (JEE) and web services. Discussions on specific services are preceded by foundational knowledge of cryptography and secure communication. A range of hands-on exercises explores both declarative and programmatic security techniques within JEE, while also covering transport-layer and end-to-end security for web services. Participants will gain practical experience by applying the discussed APIs and tools through multiple real-world scenarios.

The course further examines the most common and critical programming flaws inherent to the Java language and platform, as well as web-related vulnerabilities. In addition to typical coding mistakes made by Java developers, the introduced security issues encompass language-specific problems and those arising from the runtime environment. Each vulnerability and associated attack vector is illustrated through clear, easy-to-follow exercises, followed by recommended coding practices and effective mitigation strategies.

Participants attending this course will

• Grasp fundamental concepts of security, IT security, and secure coding
• Learn about web vulnerabilities beyond the OWASP Top Ten and understand how to prevent them
• Comprehend security concepts specific to web services
• Learn how to leverage various security features within the Java development environment
• Acquire practical knowledge of cryptography
• Understand security solutions available in Java EE
• Identify typical coding errors and learn how to avoid them
• Gain insight into recent vulnerabilities affecting the Java framework
• Develop practical skills in using security testing tools
• Access resources and further reading materials on secure coding practices

Audience

Developers

Description

While the Java language and its Runtime Environment (JRE) were engineered to avoid many of the common security vulnerabilities found in languages like C/C++, developers and architects must still master both the positive aspects (utilizing Java's built-in security features) and the negative aspects (recognizing and avoiding persistent vulnerabilities specific to Java).

The course begins with a concise overview of cryptographic foundations to establish a common understanding of how key security components work. This theoretical knowledge is reinforced through practical exercises, allowing participants to explore and apply the relevant APIs hands-on.

Additionally, the curriculum thoroughly examines the most frequent and critical programming flaws within the Java ecosystem. It addresses typical errors made by Java developers as well as issues unique to the language and its runtime environment. Each vulnerability and its corresponding attack vector are demonstrated via accessible exercises, followed by recommended coding guidelines and effective mitigation strategies.

Participants attending this course will

• Grasp fundamental concepts of IT security and secure coding principles
• Identify web vulnerabilities beyond the OWASP Top Ten and learn strategies to prevent them
• Master the utilization of various security features within the Java development environment
• Develop a practical understanding of cryptography
• Recognize common coding mistakes and acquire techniques to avoid them
• Gain insights into recent vulnerabilities affecting the Java framework
• Access valuable resources and further reading materials on secure coding practices

Audience

Software Developers

Today, numerous programming languages support compiling code for the .NET and ASP.NET frameworks. While this environment offers robust tools for security development, it is essential for developers to understand how to apply architectural and coding-level techniques to implement desired security measures, avoid vulnerabilities, and mitigate potential exploitation.

This course aims to equip developers with practical skills through extensive hands-on exercises. Participants will learn how to prevent untrusted code from executing privileged actions, safeguard resources via strong authentication and authorization mechanisms, manage remote procedure calls and sessions, and explore various implementation strategies for specific functionalities.

The course introduces various vulnerabilities by first addressing typical programming issues encountered when using .NET. The discussion on ASP.NET vulnerabilities covers different environment settings and their impacts. Furthermore, the section on ASP.NET-specific vulnerabilities addresses general web application security challenges as well as specialized issues and attack methods, such as ViewState attacks and string termination exploits.

Participants attending this course will

• Grasp fundamental concepts of security, IT security, and secure coding practices
• Identify web vulnerabilities beyond the OWASP Top Ten and learn how to prevent them
• Utilize various security features within the .NET development environment
• Gain practical experience with security testing tools
• Recognize common coding errors and learn strategies to avoid them
• Stay informed about recent vulnerabilities in .NET and ASP.NET
• Access resources and further reading materials on secure coding practices

Audience

Developers

This course introduces fundamental security concepts, provides an overview of the nature of vulnerabilities across different programming languages and platforms, and explains how to manage software security risks throughout the various phases of the software development lifecycle. Without delving too deeply into technical details, it highlights some of the most critical and pressing vulnerabilities found in diverse software development technologies. Additionally, it presents the challenges associated with security testing, along with practical techniques and tools that can be applied to identify existing issues within code.

Participants attending this course will

• Understand basic concepts of security, IT security, and secure coding
• Understand web vulnerabilities on both the server and client sides
• Recognize the severe consequences of insecure buffer handling
• Be informed about recent vulnerabilities in development environments and frameworks
• Learn about typical coding mistakes and how to avoid them
• Understand security testing approaches and methodologies

Audience

Managers

The Internet of Things (IoT) offers substantial advantages for industry, energy and utility sectors, municipal services, healthcare, and individual consumers. Data can be gathered in vast volumes and high detail concerning nearly any measurable element, such as public health and safety, environmental conditions, industrial and agricultural output, energy usage, and utility management. Advanced data analysis tools have been refined to handle the massive data streams generated by IoT, allowing organizations to make informed decisions rapidly.

However, deploying IoT systems is a complex endeavor filled with potential risks. Solutions often require integrating devices and technologies from diverse vendors, necessitating a solid grasp of both software and hardware, as well as strategies to merge these components effectively. Additionally, one must address risks related to security, privacy, and the safety of individuals whose work and living environments are managed by these systems.

Many IT professionals lack experience with embedded systems, sensor networks, actuators, real-time systems, and other common IoT components. This course provides a foundational understanding of how these elements interact with systems familiar to IT professionals, such as networks, cloud computing, and applications running on servers, desktops, and mobile devices.

Through various case studies and by assembling and configuring an IoT device for a sensor network, students will learn general strategies for planning, designing, developing, implementing, and maintaining an IoT system. Participants will build an IoT device based on the ESP8266 microcontroller, implementing common IoT features including analog and digital sensors, a web-based interface, MQTT messaging, and data encryption.

Course Objectives: In this course, you will learn how to apply Internet of Things technologies to solve real-world problems. You will:

• Plan an IoT implementation.

• Construct and program an IoT device.

• Communicate with an IoT device using wired and wireless connections.

• Process sensor input and control an actuator on an IoT device.

• Manage security, privacy, and safety risks on IoT projects.

• Manage an IoT prototyping and development project throughout the development lifecycle.

Target Student: This course is designed for IT professionals with baseline skills in computer hardware, software support, and development who wish to learn how to design, develop, implement, operate, and manage Internet of Things devices and related systems. The ideal student is interested in learning more about embedded systems, microcontroller programming, IoT security, and the development lifecycle for IoT projects.

While students will gain hands-on experience assembling a prototype IoT device and using software development tools, these activities are closely guided, so previous experience in electronics assembly and programming is not required. This course prepares students for taking the CertNexus Certified Internet of Things (IoT) Practitioner (Exam ITP-110).

Artificial intelligence (AI) and machine learning (ML) have become indispensable components of the modern organizational toolkit. When leveraged effectively, these technologies yield actionable insights that inform critical decision-making and empower organizations to develop exciting, innovative products and services. This course guides you through applying diverse AI and ML approaches to address business challenges, adhering to a structured workflow for developing robust solutions. You will utilize open-source and off-the-shelf tools to build, test, and deploy these solutions while ensuring they uphold user privacy standards. Each topic area is reinforced with practical, hands-on activities.

Course Objectives: Upon completion, you will be able to implement AI techniques to resolve business issues. Specifically, you will:

• Define a comprehensive strategy for addressing a specific business problem using applied AI and ML.
• Gather and refine datasets to prepare them for training and testing phases.
• Train and optimize machine learning models.
• Finalize machine learning models and effectively present results to relevant stakeholders.
• Construct linear regression models.
• Develop classification models.
• Create clustering models.
• Implement decision trees and random forests.
• Build support-vector machines (SVMs).
• Construct artificial neural networks (ANNs).
• Advocate for data privacy and ethical standards within AI and ML initiatives.

Target Student: The competencies covered in this course integrate three core disciplines: software development, applied mathematics and statistics, and business analysis. The ideal candidate possesses strong skills in one or two of these areas and seeks to expand their expertise in the others, enabling them to apply AI systems—particularly machine learning models—to business contexts.

This course is suited for programmers aiming to acquire skills for applying machine learning algorithms to business scenarios, or data analysts who excel in applying math and statistics to business problems but need to enhance their technical machine learning capabilities. Participants should typically possess several years of experience with computing technology, including some proficiency in computer programming. This course also prepares students for the CertNexus® Certified Artificial Intelligence (AI) Practitioner (Exam AIP-110) certification.

This course is designed for professionals aiming to demonstrate a vendor-neutral, cross-industry skill set that will enable them to design, implement, operate, and/or manage a secure IoT ecosystem.

Target Audience: This course is tailored for IoT professionals seeking to enhance their skills and knowledge of IoT security and privacy. It is also designed for individuals pursuing the CertNexus Certified Internet of Things Security Practitioner (CIoTSP) certification who wish to prepare for Exam ITS-110.

Objectives:

In this course, you will identify common risks associated with using conventional end-user technology and learn strategies to use technology safely, thereby protecting yourself from those threats.

Specifically, you will:

• Determine security compliance measures.
• Respond effectively to social engineering attempts.
• Secure devices including desktops, laptops, tablets, smartphones, and more.
• Navigate the Internet securely.

Target Audience

This course is tailored for non-technical end users of computers, mobile devices, networks, and the Internet. Its goal is to enable you to leverage technology more securely and minimize digital risks.

Additionally, this course prepares you for the Certified CyberSAFE credential. You can obtain your Certified CyberSAFE certificate by completing the credential process on the CHOICE platform after attending the course.