Tag Archives: security

Training Securing Web Applications, Services and Servers – 4 days

Class overview :

Cybersecurity is a serious challenge today as attackers specifically target Web application vulnerabilities. These vulnerabilities can be exploited to obtain confidential information and compromise organizational integrity.

Class goals :

  • Implement and test secure Web applications in your organization
  • Identify, diagnose and correct the most serious Web application vulnerabilities
  • Configure a Web server to encrypt Web traffic with HTTPS
  • Protect Ajax-powered Web 2.0 applications
  • Secure XML Web services with WS-Security
  • Audit Web application security with manual and automated scanning

Content of Securing Web Applications, Services and Servers

Setting the Stage

  • Defining threats to your Web assets
  • Surveying the legal landscape and privacy issues
  • Exploring common vulnerabilities

Establishing Security Fundamentals

Modeling Web security

  • Achieving Confidentiality, Integrity and Availability (CIA)
  • Performing authentication and authorization

Encrypting and hashing

  • Distinguishing public- and private-key cryptography
  • Verifying message integrity with message digests, digital signatures and digital certificates

Augmenting Web Server Security

Configuring security for HTTP services

  • Managing software updates
  • Restricting HTTP methods

Securing communication with SSL/TLS

  • Obtaining and installing server certificates
  • Enabling HTTPS on the Web server
  • Protecting the exchange of credentials

Detecting unauthorized modification of content

  • Configuring permissions correctly
  • Scanning for file-system changes

Implementing Web Application Security

Employing OWASP resources

  • The Open Web Application Security Project (OWASP) Top Ten
  • Recognizing cybersecurity risks
  • Remediating identified vulnerabilities

Securing database and application interaction

  • Uncovering and preventing SQL injection
  • Defending against an insecure direct object reference
  • Limitations of encrypting database content

Managing session authentication

  • Protecting against session ID hijacking
  • Enforcing URL access control
  • Blocking cross-site request forgery

Controlling information leakage

  • Displaying sanitized error messages to the user
  • Handling request and page faults

Performing input validation

  • Establishing trust boundaries
  • Revealing and removing the threat of cross-site scripting (XSS)
  • Exposing the dangers of client-side validation
  • Preventing E-shoplifting

Enhancing Ajax Security

Ajax features

  • Identifying core Ajax components
  • Exchanging information asynchronously

Assessing risks and evaluating threats

  • Managing unpredictable interactions
  • Exposing JSON vulnerabilities

Securing XML Web Services

Diagnosing XML vulnerabilities

  • Identifying nonterminated tags and field overflows
  • Uncovering Web service weaknesses

Protecting the SOAP message exchange

  • Validating input with an XML schema
  • Encrypting exchanges with HTTPS
  • Implementing WS-Security with a framework
  • Authenticating access to Web services

Scanning Applications for Weaknesses

Operating and configuring scanners

  • Matching patterns to identify faults
  • « Fuzzing » to discover new or unknown vulnerabilities

Detecting application flaws

  • Scanning applications remotely
  • Strategies for testing and scanning
  • Testing Web applications with Netcat, Cryptcat and Wget
  • Intercepting traffic with OWASP WebScarab

Best Practices for Web Security

Adopting standards

  • Reducing risk by implementing proven architectures
  • Handling personal and financial data
  • Developing guidelines for logging

Managing network security

  • Modeling threats to reduce risk
  • Integrating applications with your network architecture

Onze voordelen :

  • Type of training: Inter-company, intra-company and individual
  • 100% flexible & personalised training : You choose the place, the dates and the training program
  • Offer request : Response within 24 hours
  • 50% discount for SME’s from Brussels-Capital Region
  • Free parking, lunch & drinks
  • Free use of our Digital Competence Centre: Manuals, courses, exercises, …

PIXYSTREE SCS

Rue Beeckmans, 53
1180 Bruxelles

Tel : +32 2 412 04 10
Fax : +32 2 412 04 19
Gsm : +32 485 212 722
Email : selossej@pixystree.com

http://www.pixystree.com

Advertisements

Training Ethical Hacker – 5 days

Class overview :

This program  prepares individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective. An Ethical Hacker is a skilled professional who understands and knows how to look for the weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker.

Class goals :

• Developing the hacker’s mind. • Network surveying. • Port scanning. • System identification/OS fingerprinting. • Vulnerability research and verification. • Service identification. • Internet application testing. • Document grinding. • Recognizing security issues within an organization. • Performing legal assessments on remote/foreign networks. • Examining an organization for weaknesses as through the eyes of an industrial spy or a competitor. • Implementing the right tools for each task of the Methodology • Competitive Intelligence. • Exploiting vulnerabilities remotely. • Examining appropriate countermeasures to thwart malicious hacking.

Content of Ethical Hacker

This class will immerse the student into an interactive environment where they will be shown how to scan, test, and secure their own systems. The lab-intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Students will begin by understanding how perimeter defenses work and then be led into scanning and attacking their own networks. Students then learn how intruders escalate privileges and what steps can be taken to secure a system. Students will also learn about intrusion detection, policy creation, social engineering, open source intelligence, incident handling, and log interpretation.

Ethical Hacker
Training Ethical Hacker

Onze voordelen :

  • Type of training: Inter-company, intra-company and individual
  • 100% flexible & personalised training : You choose the place, the dates and the training program
  • Offer request : Response within 24 hours
  • 50% discount for SME’s from Brussels-Capital Region
  • Free parking, lunch & drinks
  • Free use of our Digital Competence Centre: Manuals, courses, exercises, …

This program  prepares individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective. An Ethical Hacker is a skilled professional who understands and knows how to look for the weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker.

Training VMware vSphere 4: Manage and design for security – 3 days

Class overview :

This course shows you how to follow best practices for secure design, deployment, and operation of a VMware vSphere environment. Through lecture, discussion, and hands-on practice, you will gain the knowledge and skills necessary to meet the security and compliance goals of your organization.

Class goals :

After completing this course, you should be able to:

  • Identify vulnerabilities in the current design of a vSphere environment and recommend corrective actions
  • Harden vSphere components as described in vSphere Hardening Guide
  • Recommend configuration and change management policies, processes, and systems

Content of VMware vSphere 4: Manage and Design for Security

Course Introduction

  • Introductions and course logistics
  • Online resources for security and compliance

Security in a Virtual Environment

  • Review of information security and risk management concepts
  • How virtualization affects security and compliance
  • Top vulnerabilities in a virtual environment
  • Basic guidelines for securing a virtual environment
  • Security tools and technologies

Secure Virtual Networking

  • vNetwork security architecture
  • Network segmentation and traffic isolation
  • Secure virtual network configuration
  • Traffic isolation with private VLANs

Protecting the Management Environment

  • vCenter Server authentication, authorization, and accounting
  • Working with SSL certificates
  • Hardening the vCenter Server system

Protecting VMware ESX/ESXi Host Systems

  • ESX and ESXi security architecture
  • Controlling access to storage
  • Hardening ESX and ESXi hosts

Hardening Virtual Machines

  • Virtual machine security architecture
  • Configuring security parameters

Configuration and Change Management

  • Configuration and change management goals and guidelines
  • Maintaining the proper configuration of vSphere components
  • Monitoring logs for security-related events
  • Configuration and change management tools and technologies
VMware VSphere 4
Training VMware VSphere 4

Onze voordelen :

  • Type of training: Inter-company, intra-company and individual
  • 100% flexible & personalised training : You choose the place, the dates and the training program
  • Offer request : Response within 24 hours
  • 50% discount for SME’s from Brussels-Capital Region
  • Free parking, lunch & drinks
  • Free use of our Digital Competence Centre: Manuals, courses, exercises, …