EC-Council Certified DevSecOps Engineer (ECDE) Training Course

By the end of this training, participants will be able to:

• Explain application security and common vulnerabilities
• Describe best practices for ABAP programming and handling SY-SUBRC
• Understand injection vulnerabilities and how to mitigate them
• Describe various security testing tools and their applications
• Explain the concepts of ATC (Abap Test Cockpit) and CVA (Code Vulnerability Analysis)

Format of the Course

• Interactive lectures and discussions to enhance understanding
• Extensive exercises and practical sessions for hands-on learning
• Hands-on implementation in a live-lab environment to apply concepts in real-time

This course delves into essential secure coding topics that are pertinent to a wide range of web application developers. It will teach participants the principles of secure programming, including how to analyze specific pieces of code, identify security vulnerabilities, and implement effective fixes for those issues.

Throughout the course, you will observe demonstrations of real-world attacks and learn strategies to prevent them, thereby gaining confidence in enhancing the security of your applications.

Duration: 3 days
Target Audience: Developers seeking to deepen their expertise in secure coding.

Upon Completion
• Participants will acquire knowledge in:
• Web Application Security.
• Common Web Application Risks.
• Demonstrations of Web Application Penetration Testing.
• Data Validation.
• Authentication.
• Session Management.
• Secure Software Development Life Cycle (SDLC).

EC-Council’s CCISO Program has certified top-tier information security professionals globally. A select group of high-level information security executives, known as the CCISO Advisory Board, played a crucial role in shaping the program. They laid the groundwork for the program and defined the content that would be covered in the exam, body of knowledge, and training. Some members of the Board served as authors, others as exam writers, some as quality assurance reviewers, and still others as trainers. Each part of the program was designed with aspiring CISOs in mind, aiming to pass on the expertise of seasoned professionals to the next generation in the most critical areas for developing and maintaining a successful information security program.

The Certified CISO (CCISO) program is a pioneering training and certification initiative focused on producing top-tier information security executives. Unlike other certifications, the CCISO emphasizes not just technical knowledge but also the practical application of information security management principles from an executive perspective. Developed by current CISOs for both existing and aspiring CISOs, this program ensures that participants gain the necessary skills to lead effective information security initiatives.

The Certified Ethical Hacker (C|EH® v13 AI) is a specialized and unique training program designed to equip you with comprehensive knowledge in ethical hacking through hands-on training, labs, assessments, a mock engagement (practice), and a global hacking competition. Stay ahead of the curve by acquiring the most sought-after skills needed to excel in the cybersecurity field.

This course is accredited by EC-Council and is delivered by an accredited trainer using official materials and a certified training environment.

The program is the officially accredited Certified Ethical Hacker training course, preparing you for the Certified Ethical Hacker 312-50 Exam.

The CEH program covers a variety of topics that center around the Tactics and Procedures required to be a tactical cybersecurity professional. Focusing on the entire kill-chain process, CEH covers a variety of topics from foot printing and reconnaissance, to scanning, gaining access, maintaining access, and covering your tracks. This 5-phase ethical hacking process applies to a variety of scenarios including traditional on-premises networks, cloud, hybrid, IoT systems, and stretches across a variety of topologies and application environments. Students will learn a variety of tools and techniques across this evaluation process as well as how hackers will utilize the same TTPs to hack into organizations.

Android is an open platform designed for mobile devices like smartphones and tablets. It offers a wide range of security features to facilitate the development of secure software, although it lacks some security aspects found in other mobile platforms. This course provides a thorough overview of these features, highlighting the most critical shortcomings related to the underlying Linux system, file management, the general environment, and the use of permissions and other Android development components.

Common security pitfalls and vulnerabilities are discussed for both native code and Java applications, along with recommendations and best practices to avoid and mitigate them. Many issues are illustrated with real-life examples and case studies. Additionally, we provide a brief overview of how to use security testing tools to identify any programming errors that could impact security.

Participants attending this course will

• Understand fundamental concepts of security, IT security, and secure coding
• Learn about the security solutions available on Android
• Discover how to use various security features of the Android platform
• Gain insights into recent vulnerabilities in Java on Android
• Understand typical coding mistakes and how to avoid them
• Learn about native code vulnerabilities on Android
• Realize the severe consequences of insecure buffer handling in native code
• Comprehend architectural protection techniques and their limitations
• Access sources and further readings on secure coding practices

Audience

Professionals

Implementing a secure networked application can be challenging, even for developers who have previously used various cryptographic tools like encryption and digital signatures. To help participants understand the role and usage of these cryptographic elements, the course starts by laying a solid foundation on the main requirements of secure communication—secure acknowledgment, integrity, confidentiality, remote identification, and anonymity. It also highlights typical problems that can compromise these requirements and presents real-world solutions.

Since cryptography is a critical aspect of network security, the most important cryptographic algorithms in symmetric cryptography, hashing, asymmetric cryptography, and key agreement are covered. Instead of delving into complex mathematical theories, these elements are discussed from a developer's perspective, with practical use-case examples and considerations related to the implementation of cryptographic techniques, such as public key infrastructures. The course also introduces security protocols across various secure communication areas, focusing on widely-used protocol families like IPSEC and SSL/TLS.

The course addresses typical crypto vulnerabilities associated with certain algorithms and cryptographic protocols, including BEAST, CRIME, TIME, BREACH, FREAK, Logjam, Padding oracle, Lucky Thirteen, POODLE, and similar issues, as well as the RSA timing attack. For each vulnerability, practical considerations and potential consequences are explained without delving into deep mathematical details.

Given that XML technology is central for data exchange in networked applications, the security aspects of XML are thoroughly covered. This includes the use of XML within web services and SOAP messages, along with protection measures like XML signature and XML encryption. The course also explores weaknesses in these protection measures and XML-specific security issues such as XML injection, XML external entity (XXE) attacks, XML bombs, and XPath injection.

Participants attending this course will

• Understand the basic concepts of security, IT security, and secure coding
• Grasp the requirements of secure communication
• Learn about network attacks and defenses at different OSI layers
• Gain a practical understanding of cryptography
• Comprehend essential security protocols
• Understand recent attacks against cryptosystems
• Receive information on recent related vulnerabilities
• Grasp the security concepts of Web services
• Access sources and further readings on secure coding practices

Audience

Developers, Professionals

This three-day course provides an overview of securing C/C++ code to protect against malicious users who might exploit various vulnerabilities related to memory management and input handling. The course focuses on the principles of writing secure code.

Even experienced Java programmers often do not fully grasp the various security services provided by Java, nor are they always aware of the different vulnerabilities that can affect web applications written in Java.

This course covers more than just the security components of Standard Java Edition; it delves into the security challenges of Java Enterprise Edition (JEE) and web services. Before discussing specific services, the course lays a foundation in cryptography and secure communication. Practical exercises focus on declarative and programmatic security techniques in JEE, as well as transport-layer and end-to-end security for web services. Through hands-on exercises, participants can explore the discussed APIs and tools firsthand.

The course also examines and explains the most common and severe programming flaws in the Java language and platform, along with web-related vulnerabilities. It covers both language-specific issues and problems arising from the runtime environment. All vulnerabilities and associated attacks are demonstrated through straightforward exercises, followed by recommended coding guidelines and mitigation techniques.

Participants attending this course will

• Understand fundamental concepts of security, IT security, and secure coding
• Learn about web vulnerabilities beyond the OWASP Top Ten and how to avoid them
• Comprehend the security principles of web services
• Learn to utilize various security features in the Java development environment
• Gain a practical understanding of cryptography
• Understand the security solutions provided by Java EE
• Learn about typical coding mistakes and how to avoid them
• Receive information on recent vulnerabilities in the Java framework
• Acquire practical knowledge in using security testing tools
• Get resources and further readings on secure coding practices

Audience

Developers

Description

The Java language and the Runtime Environment (JRE) were designed to be free from the most problematic common security vulnerabilities often encountered in languages like C/C++. However, software developers and architects should not only know how to leverage the various security features of the Java environment for positive security but should also be aware of the numerous vulnerabilities that remain relevant for Java development, which pertain to negative security.

Before delving into security services, a brief overview of cryptography fundamentals is provided to establish a common understanding of their purpose and operation. The use of these components is explored through several practical exercises where participants can experiment with the discussed APIs firsthand.

The course also covers and explains the most frequent and severe programming flaws in the Java language and platform. This includes both typical bugs made by Java programmers and issues specific to the language and environment. All vulnerabilities and relevant attacks are demonstrated through easy-to-understand exercises, followed by recommended coding guidelines and possible mitigation techniques.

Participants attending this course will

• Understand basic concepts of security, IT security, and secure coding
• Learn about Web vulnerabilities beyond the OWASP Top Ten and how to avoid them
• Gain proficiency in using various security features of the Java development environment
• Acquire a practical understanding of cryptography
• Identify typical coding mistakes and learn how to avoid them
• Receive information about recent vulnerabilities in the Java framework
• Access sources and further readings on secure coding practices

Audience

Developers

The Certified Penetration Testing Professional (CPENT) certification is a globally-recognized validation of an individual's knowledge and skills in the field of penetration testing or ethical hacking. CPENT-certified professionals demonstrate their ability to identify, assess and manage security vulnerabilities within a network infrastructure. The certification entails mastery of penetration testing methodologies, understanding of legal and regulatory concerns, and technical knowledge of attack vectors and countermeasures. Industries often require CPENT-certified professionals to safeguard their systems against malicious intruders. Thus, the CPENT certification serves as an assurance of a candidate's expert skill in securing networks and systems, crucial in a continually evolving cybersecurity landscape.

It is a comprehensive specialist level program, that imparts knowledge and skills on how organisations can effectively handle post breach consequences by reducing the impact of the incident, both financially and reputationally. The learning objectives are emphasised through practical learning with 40% of this course covering hands-on experience of the latest incident handling and response tools, techniques, methodologies, frameworks, etc.

Description:

In this class, students will be fully immersed in an interactive environment where they will learn how to scan, test, hack, and secure their own systems. The hands-on lab environment provides each student with comprehensive knowledge and practical experience in using current essential security systems. Students will start by understanding the workings of perimeter defenses and then move on to scanning and attacking their own networks—ensuring that no real network is compromised. They will also explore how intruders escalate privileges and discover the steps necessary to secure a system. Additionally, students will gain insights into Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows, and Virus Creation.

Target Audience:

This course is highly beneficial for security officers, auditors, security professionals, site administrators, and anyone concerned about the integrity of their network infrastructure.

Format of the Course

• The course includes interactive lectures and discussions.
• It features numerous exercises and practical sessions.
• Participants will engage in hands-on implementation within a live-lab environment.

Course Customization Options

• To request a customized training for this course, please contact us to make the necessary arrangements.

Format of the Course

• The course includes interactive lectures and discussions.
• It features numerous exercises and practice sessions.
• Participants will engage in hands-on implementation within a live-lab environment.

Course Customization Options

• To arrange a customized training for this course, please contact us.