The Dark Web Training Course

This instructor-led, live training in Uzbekistan (online or onsite) is aimed at sysadmins who wish to use 389 Directory Server to configure and manage LDAP-based authentication and authorization.

By the end of this training, participants will be able to:

• Install and configure 389 Directory Server.
• Understand the features and architecture of 389 Directory Server.
• Learn how to configure the directory server using the web console and CLI.
• Set up and monitor replication for high availability and load balancing.
• Manage LDAP authentication using SSSD for faster performance.
• Integrate 389 Directory Server with Microsoft Active Directory.

This instructor-led, live training in Uzbekistan (online or onsite) is aimed at system administrators who wish to use Microsoft Active Directory to manage and secure data access.

By the end of this training, participants will be able to:

• Set up and configure Active Directory.
• Set up a domain and define access rights of users and devices.
• Manage users and machines through Group Policies.
• Control access to file servers.
• Set up a Certificate Service and manage certificates.
• Implement and manage services such as encryption, certificates, and authentication.

This three-day course provides an overview of securing C/C++ code to protect against malicious users who might exploit various vulnerabilities related to memory management and input handling. The course focuses on the principles of writing secure code.

Even experienced Java programmers often do not fully grasp the various security services provided by Java, nor are they always aware of the different vulnerabilities that can affect web applications written in Java.

This course covers more than just the security components of Standard Java Edition; it delves into the security challenges of Java Enterprise Edition (JEE) and web services. Before discussing specific services, the course lays a foundation in cryptography and secure communication. Practical exercises focus on declarative and programmatic security techniques in JEE, as well as transport-layer and end-to-end security for web services. Through hands-on exercises, participants can explore the discussed APIs and tools firsthand.

The course also examines and explains the most common and severe programming flaws in the Java language and platform, along with web-related vulnerabilities. It covers both language-specific issues and problems arising from the runtime environment. All vulnerabilities and associated attacks are demonstrated through straightforward exercises, followed by recommended coding guidelines and mitigation techniques.

Participants attending this course will

• Understand fundamental concepts of security, IT security, and secure coding
• Learn about web vulnerabilities beyond the OWASP Top Ten and how to avoid them
• Comprehend the security principles of web services
• Learn to utilize various security features in the Java development environment
• Gain a practical understanding of cryptography
• Understand the security solutions provided by Java EE
• Learn about typical coding mistakes and how to avoid them
• Receive information on recent vulnerabilities in the Java framework
• Acquire practical knowledge in using security testing tools
• Get resources and further readings on secure coding practices

Audience

Developers

Description

The Java language and the Runtime Environment (JRE) were designed to be free from the most problematic common security vulnerabilities often encountered in languages like C/C++. However, software developers and architects should not only know how to leverage the various security features of the Java environment for positive security but should also be aware of the numerous vulnerabilities that remain relevant for Java development, which pertain to negative security.

Before delving into security services, a brief overview of cryptography fundamentals is provided to establish a common understanding of their purpose and operation. The use of these components is explored through several practical exercises where participants can experiment with the discussed APIs firsthand.

The course also covers and explains the most frequent and severe programming flaws in the Java language and platform. This includes both typical bugs made by Java programmers and issues specific to the language and environment. All vulnerabilities and relevant attacks are demonstrated through easy-to-understand exercises, followed by recommended coding guidelines and possible mitigation techniques.

Participants attending this course will

• Understand basic concepts of security, IT security, and secure coding
• Learn about Web vulnerabilities beyond the OWASP Top Ten and how to avoid them
• Gain proficiency in using various security features of the Java development environment
• Acquire a practical understanding of cryptography
• Identify typical coding mistakes and learn how to avoid them
• Receive information about recent vulnerabilities in the Java framework
• Access sources and further readings on secure coding practices

Audience

Developers

A variety of programming languages are available today for compiling code to the .NET and ASP.NET frameworks. The environment offers robust tools for security development, but developers must understand how to apply architectural and coding-level techniques to implement effective security measures and minimize vulnerabilities or their exploitation.

This course aims to teach developers through numerous hands-on exercises how to prevent untrusted code from performing privileged actions, protect resources with strong authentication and authorization, facilitate remote procedure calls, manage sessions, explore different implementations for specific functionalities, and more.

The discussion on various vulnerabilities begins by highlighting typical programming issues that arise when using .NET. The examination of ASP.NET vulnerabilities also covers a range of environment settings and their impacts. Additionally, the course delves into ASP.NET-specific vulnerabilities, addressing both general web application security challenges and unique issues like attacking the ViewState or string termination attacks.

Participants attending this course will

• Understand fundamental concepts of security, IT security, and secure coding
• Learn about Web vulnerabilities beyond the OWASP Top Ten and how to mitigate them
• Gain knowledge in utilizing various security features of the .NET development environment
• Acquire practical skills in using security testing tools
• Identify common coding mistakes and learn how to avoid them
• Stay informed about recent vulnerabilities in .NET and ASP.NET
• Access resources and further readings on secure coding practices

Audience

Developers

The Combined SDL core training provides an in-depth look into secure software design, development, and testing through the Microsoft Secure Development Lifecycle (SDL). It offers a foundational overview of the key components of SDL, followed by design techniques to help identify and rectify vulnerabilities at the early stages of the development process.

During the development phase, the course covers common security-related programming errors found in both managed and native code. It presents various attack methods for these vulnerabilities, along with corresponding mitigation strategies. These concepts are reinforced through numerous hands-on exercises that offer participants a live hacking experience. The training also introduces different security testing methods and demonstrates the effectiveness of various testing tools. Participants will gain practical understanding by using these tools on previously discussed vulnerable code.

Participants attending this course will

Gain an understanding of basic concepts in security, IT security, and secure coding.

Become familiar with the essential steps of the Microsoft Secure Development Lifecycle.

Learn about secure design and development practices.

Understand secure implementation principles.

Grasp the methodology behind security testing.

• Receive sources and further readings on secure coding practices.

Audience

Developers, Managers

After gaining an understanding of vulnerabilities and attack methods, participants will explore the general approach and methodology for security testing, along with techniques to uncover specific vulnerabilities. Security testing should begin with gathering information about the system (ToC, i.e., Target of Evaluation), followed by comprehensive threat modeling to identify and assess all potential threats, leading to a risk analysis-driven test plan.

Security evaluations can occur at various stages of the Software Development Life Cycle (SDLC). Therefore, we cover design reviews, code reviews, reconnaissance and information gathering about the system, testing the implementation, and securing the environment for deployment. Detailed introductions to numerous security testing techniques are provided, such as taint analysis, heuristic-based code review, static code analysis, dynamic web vulnerability testing, and fuzzing. Various tools are discussed that can automate the security evaluation of software products, supported by practical exercises where these tools are used to analyze previously discussed vulnerable code. Real-life case studies enhance the understanding of different vulnerabilities.

This course equips testers and QA staff with the necessary skills to effectively plan and execute security tests, choose and use appropriate tools and techniques to identify even hidden security flaws, providing essential practical knowledge that can be applied immediately in their work.

Participants attending this course will

• Understand fundamental concepts of security, IT security, and secure coding
• Learn about Web vulnerabilities beyond the OWASP Top Ten and how to mitigate them
• Gain knowledge on client-side vulnerabilities and secure coding practices
• Comprehend different approaches and methodologies for security testing
• Acquire practical skills in using security testing techniques and tools
• Receive sources and further reading materials on secure coding practices

Audience

Developers, Testers

This instructor-led, live training in Uzbekistan (online or onsite) is aimed at system administrators who wish to use FreeIPA to centralize the authentication, authorization and account information for their organization's users, groups, and machines.

By the end of this training, participants will be able to:

• Install and configure FreeIPA.
• Manage Linux users and clients from a single central location.
• Use FreeIPA's CLI, Web UI and RPC interface to set up and manage permissions.
• Enable Single Sign On authentication across all systems, services and applications.
• Integrate FreeIPA with Windows Active Directory.
• Backup, replicate and migrate an FreeIPA server.

In this instructor-led, live training in Uzbekistan (online or onsite), participants will learn how to create an Indy-based decentralized identity system.

By the end of this training, participants will be able to:

• Create and manage decentralized, self-sovereign identities using distributed ledgers.
• Enable interoperability of digital identities across domains, applications, and silos.
• Understand key concepts such as user-controlled exchange, revocation, Decentralized Identifiers (DIDs), off-ledger agents, data minimization, etc.
• Use Indy to enable identity owners to independently control their personal data and relationships.

This instructor-led, live training in Uzbekistan (online or onsite) is aimed at system administrators who wish to use Okta for identity and access management.

By the end of this training, participants will be able to:

• Configure, integrate, and manage Okta.
• Integrate Okta into an existing application.
• Implement security with multi-factor authentication.

This instructor-led, live training in Uzbekistan (online or onsite) is aimed at intermediate-level system administrators and IT professionals who wish to install, configure, manage, and secure LDAP directories using OpenLDAP.

By the end of this training, participants will be able to:

• Understand the structure and operation of LDAP directories.
• Install and configure OpenLDAP for various deployment environments.
• Implement access control, authentication, and replication mechanisms.
• Use OpenLDAP with third-party services and applications.

This instructor-led, live training in Uzbekistan (online or onsite) is aimed at system administrators who wish to use OpenAM to manage identity and access controls for web applications.

By the end of this training, participants will be able to:

• Set up the necessary server environment to start configuring authentication and access controls using OpenAM.
• Implement single sign-on (SSO), multi-factor authentication (MFA), and user self-service features for web applications.
• Use federation services (OAuth 2.0, OpenID, SAML v2.0, etc.) to extend identity management securely across different systems or applications.
• Access and manage authentication, authorization, and identity services through REST APIs.

This instructor-led, live training in Uzbekistan (online or onsite) is aimed at system administrators who wish to use OpenDJ to manage their organization's user credentials in a production environment.

By the end of this training, participants will be able to:

• Install and configure OpenDJ.
• Maintain an OpenDJ server, including monitoring, troubleshooting, and optimizing for performance.
• Create and manage multiple OpenDJ databases.
• Backup and migrate an OpenDJ server.