Customizable Inhouse Trainings
Several times a year I enjoy conducting inhouse training courses on topics like web application security (focussing on Java) as well as penetration testing and SecurityDevOps. Aside from the one-day workshops, all trainings include lots of instructor-led exercises (over 75 percent of the time) based on demo applications written specifically for the trainings. Each training includes a digital handout (PDF) of the course contents full of information for the attendees.
Just send me a mail in case you wish to receive more detailed course information. Depending on the audience, the courses will be held in English or German language. The contents of the workshops can be customized to suit your individual needs and system environments as well as software development process model.
Based on my project experience, I offer the following customizable inhouse trainings:
This workshop focuses more on the offensive part of application security by demonstrating live hacking against demo applications written specifically for this workshop. Attack scenarios targeting modern web applications are used and optionally enhanced by mobile, wireless and USB attacks. All presented attacks will be fully exploited. Server- and client-side defense strategies are presented and discussed. Expect this to be an eye-opener!Read more
This intensive training focuses on securing Java web applications against malicious hacker attacks. During the complete hands-on course a Java web application (written specifically for this workshop) with lots of vulnerabilities is examined, attacked, and secured. We will start with common vulnerabilities found in web applications and continue to more specialized security holes. Also lots of secondary countermeasures are presented.Read more
This interactive training teaches how to successfully penetrate web applications and their client and server components. During the hands-on course we will examine and exploit lots of vulnerabilities in specially prepared web applications in a lab environment using blackbox and graybox techniques. You will learn to effectively combine attacker toolsets to help in manual and semi-automated pentesting. The covered vulnerabilities include those from my "Web Hacking & Hardening" course and extend to special variations of them to learn filter evasion and bypass tricks as well. This workshop is in development and will be available soon. Contact me for further details and estimated time of release...Coming soon...
In this one-day workshop strategies and solutions for introducing (web) application security into the DevOps lifecycle of continuous integration will be discussed. The idea is to automate certain security checks during the CI chain and directly feed results back to the developers. By incorporating custom plugins, static checks and dynamic scans at different levels into the CI process, some security risks will be addressed earlier in the agile development cycle. This training includes presenting a customized SecDevOps toolchain based on my experience from real-word project setups. This workshop is in development and will be available soon. Contact me for further details and estimated time of release...Coming soon...