Security Training

We are specialised in identifying security vulnerabilities in applications and we pass on this knowledge in lectures and in workshops and training courses which last one or several days. The topics include web security, secure programming (web/mobile) and security awareness.

Lecture or workshop?

Lectures are typically 2 to 4 hours long and include a Q&A session. They provide an overview, an introduction or in-depth insights into special topics.

This is an excerpt of Lectures already given for customers:

  • Security throughout the development process

    Basics SDL (Secure Development Lifecycle)

  • iOS Security in Software Development

  • Security Aspects with Flash and Silverlight

Workshops

Workshops last one or several days. They consist of an introductory lecture followed by a comprehensive practical part. Contents are adapted to customer requirements.

Here is an extract from the training courses and lectures we have already held for customers. (All lectures and training courses can also be conducted in German.)

  • Training: Sichere Programmierung mit PHP
    • HTTP Basics
    • Attacks on web applications (Information Leakage, XSS, CSRF, SQL Injection, Code Injection, Code Inclusion, HTTP Header Injection, Unserialize, Logical Flaws, Clickjacking)
    • Security with the ZendFramework
    • Session Management
    • Access Controls
    • Cryptographic functions and random numbers
    • Error handling and logging
    • Hardening of configuration and server environment
    • Security in development process: thread modelling and SDL
    • Basic knowledge of security tests and tools for secure programming and bug tracking

We also offer open training courses:

  • Secure development for iOS Training

    This iOS security training is an introduction to possible security threats to your iOS applications and teaches how to minimize security risks already during the development of the application. Different attacks and their countermeasures, combined with safe programming guidelines will be discussed by means of a demo application. The target audience for this training course are iOS application developers from beginners to seasoned programmers.

    Details ...

  • Web-Security Training Upcoming training!

    The websecurity training offers an introduction into state of the art security topics for the development and operation of web applications. Different attacks on web applications will be explained, then tested in a virtual environment, followed by possible countermeasures. This training is intended for software engineers as well as enthusiastic sysadmins.

    Details ...

  • iOS Exploitation Training

    The iOS Exploitation Training usually takes place in Frankfurt (Germany). It is a full 5-day course and is targeted at exploit developers that want to switch over to iOS.

    We will cover kernel security features, discuss their weaknesses and you will learn how to circumvent them. Every part of the course will start with a lecture introducing you to the topic and end with hands-on exercises, where you use your newly gained knowledge to implement an attack against a real device.

    We will start the training with work on some old A4 iOS devices that allow for easier debugging and then learn how to port our attacks to new devices.

    Details ...

  • OS X / iOS Kernel Internals Training

    The OS X / iOS Kernel Internals Training usually takes place in Frankfurt (Germany). It is a full 5-day course and is targeted at security researchers that want to learn about the OS X and the iOS kernel in order to e.g. hunt malware in the kernel.

    We will cover kernel internals, focussing on strutures important to security researchers. We will discuss its security features, discuss their weaknesses. Every part of the course will start with a lecture introducing you to the topic and end with hands-on exercises, where you use your newly gained knowledge in exercises.

    Details ...

Are you interested?

If you require more information on a specific date or about registration, please write us an email. If you have questions about our training offers, then please use our contact form or write an email to info@sektioneins.de.