Namur, Hotel de Ville

NobleProg Namur, Rue de Fer, 48 , Namur, belgium, 5000

Namen

Namen is een Franstalige stad in België, sinds 1986 hoofdstad van Wallonië en hoofdstad...

Explore Our Courses

Application Security for Developers

21 Hours
This course will help professionals understand the value and limits of Application Security. While the Application Security Principals provides valuable awareness around some of the major risks in applications today, this course will highlight both the good and not so good. This course is crucial because of the increasing need for developers to code in a secure manner. It is critical to introduce security as a quality component into the development cycle. This course aims at educating developers about various security vulnerabilities through hands-on practice using our purposely developed insecure web application.
Read more...

Android Security

14 Hours
Android is an open platform for mobile devices such as handsets and tablets. It has a large variety of security features to make developing secure software easier; however, it is also missing certain security aspects that are present in other hand-held platforms. The course gives a comprehensive overview of these features, and points out the most critical shortcomings to be aware of related to the underlying Linux, the file system and the environment in general, as well as regarding using permissions and other Android software development components. Typical security pitfalls and vulnerabilities are described both for native code and Java applications, along with recommendations and best practices to avoid and mitigate them. In many cases discussed issues are supported with real-life examples and case studies. Finally, we give a brief overview on how to use security testing tools to reveal any security relevant programming bugs. Participants attending this course will 
  • Understand basic concepts of security, IT security and secure coding
  • Learn the security solutions on Android
  • Learn to use various security features of the Android platform
  • Get information about some recent vulnerabilities in Java on Android
  • Learn about typical coding mistakes and how to avoid them
  • Get understanding on native code vulnerabilities on Android
  • Realize the severe consequences of unsecure buffer handling in native code
  • Understand the architectural protection techniques and their weaknesses
  • Get sources and further readings on secure coding practices
Audience Professionals
Read more...

Comprehensive C# and .NET Application Security

21 Hours
A number of programming languages are available today to compile code to .NET and ASP.NET frameworks. The environment provides powerful means for security development, but developers should know how to apply the architecture- and coding-level programming techniques in order to implement the desired security functionality and avoid vulnerabilities or limit their exploitation. The aim of this course is to teach developers through numerous hands-on exercises how to prevent untrusted code from performing privileged actions, protect resources through strong authentication and authorization, provide remote procedure calls, handle sessions, introduce different implementations for certain functionality, and many more. A special section is devoted to configuration and hardening of the .NET and ASP.NET environment for security. A brief introduction to the foundations of cryptography provides a common practical baseline for understanding the purpose and the operation of various algorithms, based on which the course presents the cryptographic features that can be used in .NET. This is followed by the introduction of some recent crypto vulnerabilities both related to certain crypto algorithms and cryptographic protocols, as well as side-channel attacks. Introduction of different vulnerabilities starts with presenting some typical programming problems committed when using .NET, including bug categories of input validation, error handling or race conditions. A special focus is given to XML security, while the topic of ASP.NET-specific vulnerabilities tackles some special issues and attack methods: like attacking the ViewState, or the string termination attacks. Participants attending this course will
  • Understand basic concepts of security, IT security and secure coding
  • Learn to use various security features of the .NET development environment
  • Have a practical understanding of cryptography
  • Understand some recent attacks against cryptosystems
  • Get information about some recent vulnerabilities in .NET and ASP.NET
  • Learn about typical coding mistakes and how to avoid them
  • Get practical knowledge in using security testing tools
  • Get sources and further readings on secure coding practices
Audience Developers
Read more...

Network Security and Secure Communication

21 Hours
Het implementeren van een veilige netwerk applicatie kan moeilijk zijn, zelfs voor ontwikkelaars die mogelijk verschillende cryptografische bouwblokken (zoals encryptie en digitale handtekeningen) vooraf hebben gebruikt. Om de deelnemers de rol en het gebruik van deze cryptografische primitiven te begrijpen, wordt eerst een solide basis gegeven op de belangrijkste vereisten van veilige communicatie – veilige erkenning, integriteit, vertrouwelijkheid, afstandsidentificatie en anonimiteit – terwijl ook de typische problemen worden gepresenteerd die deze vereisten kunnen beschadigen, samen met real-world oplossingen. Als een kritisch aspect van netwerkbeveiliging is cryptografie, worden de belangrijkste cryptografische algoritmen in symmetrische cryptografie, hashing, asymmetrische cryptografie en sleutelovereenkomst ook besproken. In plaats van een diepgaande wiskundige achtergrond te presenteren, worden deze elementen besproken vanuit het perspectief van een ontwikkelaar, met typische gebruik-case voorbeelden en praktische overwegingen met betrekking tot het gebruik van crypto, zoals openbare sleutelinfrastructuur. Veiligheidsprotocolen in veel gebieden van veilige communicatie worden geïntroduceerd, met een diepgaande discussie over de meest gebruikte protocol families zoals IPSEC en SSL/TLS. Typische crypto kwetsbaarheden worden besproken zowel gerelateerd aan bepaalde crypto-algoritmen en cryptografische protocollen, zoals BEAST, CRIME, TIME, BREACH, FREAK, Logjam, Padding oracle, Lucky Thirteen, POODLE en dergelijke, evenals de RSA timing attack. In elk geval worden de praktische overwegingen en mogelijke gevolgen voor elk probleem opnieuw beschreven, zonder in diepe wiskundige details te gaan. Ten slotte, aangezien XML technologie centraal is voor het uitwisselen van gegevens door netwerktoepassingen, worden de beveiligingsaspecten van XML beschreven. Dit omvat het gebruik van XML binnen webdiensten en SOAP berichten naast beschermingsmaatregelen zoals XML ondertekening en XML encryptie – evenals zwakke punten in die beschermingsmaatregelen en XML-specifieke veiligheidsproblemen zoals XML injectie, XML externe entiteit (XXE) aanvallen, XML bommen, en XPath injectie. De deelnemers aan deze cursus zullen
  • Begrijp de basisbegrippen van beveiliging, IT-beveiliging en beveiligde codering
  • Begrijp de eisen van veilige communicatie
  • Leer over netwerk-aanvallen en verdedigingen op verschillende OSI-slagen
  • Een praktisch begrip van cryptografie
  • Begrijp essentiële beveiligingsprotocolen
  • Ontdek enkele recente aanvallen tegen cryptosystemen
  • Informatie over enkele recente gerelateerde kwetsbaarheden
  • Begrijp de beveiligingsconcepten van webdiensten
  • Krijg bronnen en meer lezen over veilige coderingspraktijken
Het publiek Ontwikkelaars, Professionals
Read more...

Combined C/C++, JAVA and Web Application Security

28 Hours
To serve in the best way heterogeneous development groups that are using various platforms simultaneously during their everyday work, we have merged various topics into a combined course that presents diverse secure coding subjects in didactic manner on a single training event. This course combines C/C++ and Java platform security to provide an extensive, cross-platform secure coding expertise. Concerning C/C++, common security vulnerabilities are discussed, backed by practical exercises about the attacking methods that exploit these vulnerabilities, with the focus on the mitigation techniques that can be applied to prevent the occurrences of these dangerous bugs, detect them before market launch or prevent their exploitation. Security components and service of Java are discussed by presenting the different APIs and tools through a number of practical exercises where participants can gain hands-on experience in using them. The course also covers security issues of web services and the related Java services that can be applied to prevent the most aching threats of the Internet based services. Finally, web- and Java-related security vulnerabilities are demonstrated by easy-to-understand exercises, which not only show the root cause of the problems, but also demonstrate the attack methods along with the recommended mitigation and coding techniques in order to avoid the associated security problems. Participants attending this course will
  • Understand basic concepts of security, IT security and secure coding
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Learn client-side vulnerabilities and secure coding practices
  • Learn to use various security features of the Java development environment
  • Have a practical understanding of cryptography
  • Realize the severe consequences of unsecure buffer handling
  • Understand the architectural protection techniques and their weaknesses
  • Learn about typical coding mistakes and how to avoid them
  • Be informed about recent vulnerabilities in various platforms, frameworks and libraries
  • Get sources and further readings on secure coding practices
Audience Developers
Read more...

Application Security in the Cloud

21 Hours
Migreren naar de cloud brengt enorme voordelen voor bedrijven en individuen in termen van efficiëntie en kosten. Wat de beveiliging betreft, zijn de effecten heel divers, maar het is een gemeenschappelijke perceptie dat het gebruik van clouddiensten de beveiliging op een positieve manier beïnvloedt. De meningen verschillen echter vele malen zelfs over de definitie van wie verantwoordelijk is voor de beveiliging van de cloudbronnen. Om IaaS, PaaS en SaaS te dekken, wordt eerst de beveiliging van de infrastructuur besproken: hardening en configuratieproblemen, evenals verschillende oplossingen voor authenticatie en autorisatie naast identiteitsbeheer die in de kern van alle beveiligingsarchitectuur moeten zijn. Dit wordt gevolgd door een aantal fundamenten met betrekking tot juridische en contractuele kwesties, namelijk hoe vertrouwen wordt gevestigd en beheerd in de cloud. De reis door de cloud-beveiliging gaat verder met het begrijpen van cloud-specifieke bedreigingen en de doelstellingen en motivaties van de aanvallers, evenals typische aanvalstappen die worden genomen tegen cloud-oplossingen. Bijzondere nadruk wordt ook gegeven op het audit van de cloud en het verstrekken van beveiligingsbeoordeling van cloudoplossingen op alle niveaus, met inbegrip van penetratieonderzoek en kwetsbaarheidsanalyse. De focus van de cursus is op toepassingsbeveiligingsproblemen, die zowel de gegevensbeveiliging als de beveiliging van de toepassingen zelf behandelen. Uit het oogpunt van applicatiebeveiliging is cloud computingbeveiliging niet aanzienlijk anders dan de algemene softwarebeveiliging, en daarom zijn in wezen alle OWASP-gelisterde kwetsbaarheden ook relevant in dit domein. Het is het set van bedreigingen en risico's dat het verschil maakt, en dus wordt de training afgesloten met de lijst van verschillende cloud-specifieke aanval vectoren verbonden met de vooraf besproken zwakten. De deelnemers aan deze cursus zullen
  • Begrijp de basisbegrippen van beveiliging, IT-beveiliging en beveiligde codering
  • Begrijp belangrijke bedreigingen en risico's in de cloud domein
  • Leer over elementaire cloudbeveiligingsoplossingen
  • Krijg informatie over vertrouwen en governance over de cloud
  • Een praktisch begrip van cryptografie
  • Ontdek uitgebreide kennis in applicatiebeveiliging in de cloud
  • Leer web kwetsbaarheden verder dan OWASP Top Ten en weet hoe ze te vermijden
  • Begrijp de uitdagingen van audit en evaluatie van cloudsystemen voor beveiliging
  • Leer hoe je de cloud en de infrastructuur kunt beschermen
  • Krijg bronnen en meer lezen over veilige coderingspraktijken
Het publiek Ontwikkelaars, managers, professionals
Read more...

C/C++ Secure Coding

21 Hours
This three day course covers the basics of securing the C/C++ code against the malicious users who may exploit many vulnerabilities in the code with memory management and input handling, the course cover the principals of writing secure code.
Read more...

Advanced Java Security

21 Hours
Even experienced Java programmers are not mastering by all means the various security services offered by Java, and are likewise not aware of the different vulnerabilities that are relevant for web applications written in Java. The course – besides introducing security components of Standard Java Edition – deals with security issues of Java Enterprise Edition (JEE) and web services. Discussion of specific services is preceded with the foundations of cryptography and secure communication. Various exercises deal with declarative and programmatic security techniques in JEE, while both transport-layer and end-to-end security of web services is discussed. The use of all components is presented through several practical exercises, where participants can try out the discussed APIs and tools for themselves. The course also goes through and explains the most frequent and severe programming flaws of the Java language and platform and web-related vulnerabilities. Besides the typical bugs committed by Java programmers, the introduced security vulnerabilities cover both language-specific issues and problems stemming from the runtime environment. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques. Participants attending this course will
  • Understand basic concepts of security, IT security and secure coding
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Understand security concepts of Web services
  • Learn to use various security features of the Java development environment
  • Have a practical understanding of cryptography
  • Understand security solutions of Java EE
  • Learn about typical coding mistakes and how to avoid them
  • Get information about some recent vulnerabilities in the Java framework
  • Get practical knowledge in using security testing tools
  • Get sources and further readings on secure coding practices
Audience Developers
Read more...

Combined JAVA, PHP and Web Application Security

28 Hours
Zelfs ervaren programmeurs beheersen niet door alle middelen de verschillende beveiligingsdiensten die door hun ontwikkelingsplatforms worden aangeboden, en zijn ook niet bewust van de verschillende kwetsbaarheden die relevant zijn voor hun ontwikkelingen. Deze cursus richt zich op ontwikkelaars die zowel Java als PHP gebruiken, waardoor ze essentiële vaardigheden die nodig zijn om hun toepassingen tegen hedendaagse aanvallen te maken via het internet. Niveaus van Java beveiligingsarchitectuur worden doorgaan door toegangscontrole, authenticatie en machtiging, beveiligde communicatie en verschillende cryptografische functies aan te pakken. Er worden ook verschillende APIs geïntroduceerd die kunnen worden gebruikt om uw code in PHP te beveiligen, zoals OpenSSL voor cryptografie of HTML Purifier voor input validatie. Aan de serverzijde worden de beste praktijken gegeven voor het harden en configureren van het besturingssysteem, de webcontainers, het bestandsysteem, de SQL server en de PHP zelf, terwijl een speciale focus wordt gegeven op client-side beveiliging door middel van beveiligingsproblemen van JavaScript, Ajax en HTML5. Algemene web kwetsbaarheden worden besproken door voorbeelden in overeenstemming met de OWASP Top Ten, het tonen van verschillende injectie-aanvallen, script-injecties, aanvallen tegen sessiebehandeling, onveilig rechtstreekse object verwijzingen, problemen met bestanden uploaden, en vele anderen. De verschillende Java- en PHP-specifieke taalproblemen en problemen die voortvloeien uit de runtime omgeving worden geïntroduceerd in de standaard kwetsbaarheidstypen van ontbrekende of onjuiste input validatie, onjuiste gebruik van beveiligingsfuncties, onjuiste fout en uitzondering beheer, tijd- en staat gerelateerde problemen, code kwaliteit problemen en mobiele code gerelateerde kwetsbaarheden. Deelnemers kunnen de besproken API's, hulpmiddelen en de effecten van configuraties voor zichzelf uitproberen, terwijl de introductie van kwetsbaarheden allemaal wordt ondersteund door een aantal hands-on oefeningen die de gevolgen van succesvolle aanvallen demonstreren, tonen hoe de bugs te corrigeren en verlichtingstechnieken toe te passen, en het gebruik van verschillende uitbreidingen en hulpmiddelen in te voeren. De deelnemers aan deze cursus zullen
  • Begrijp de basisbegrippen van beveiliging, IT-beveiliging en beveiligde codering
  • Leer web kwetsbaarheden verder dan OWASP Top Ten en weet hoe ze te vermijden
  • Leer de kwetsbaarheden aan de klant en veilige coderingspraktijken
  • Leer om verschillende beveiligingsfuncties van de ontwikkelingsomgeving te gebruiken Java
  • Een praktisch begrip van cryptografie
  • Leer om verschillende beveiligingsfuncties van PHP te gebruiken
  • Begrijp de beveiligingsconcepten van webdiensten
  • Krijg praktische kennis in het gebruik van beveiligingstesttools
  • Leer over typische coderingsfouten en hoe ze te vermijden
  • Informatie over recente kwetsbaarheden in Java en PHP kaders en bibliotheken
  • Krijg bronnen en meer lezen over veilige coderingspraktijken
Het publiek Ontwikkelaars
Read more...

Standard Java Security

14 Hours
Description The Java language and the Runtime Environment (JRE) was designed to be free from the most problematic common security vulnerabilities experienced in other languages, like C/C++. Yet, software developers and architects should not only know how to use the various security features of the Java environment (positive security), but should also be aware of the numerous vulnerabilities that are still relevant for Java development (negative security). The introduction of security services is preceded with a brief overview of the foundations of cryptography, providing a common baseline for understanding the purpose and the operation of the applicable components. The use of these components is presented through several practical exercises, where participants can try out the discussed APIs for themselves. The course also goes through and explains the most frequent and severe programming flaws of the Java language and platform, covering both the typical bugs committed by Java programmers and the language- and environment-specific issues. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques. Participants attending this course will
  • Understand basic concepts of security, IT security and secure coding
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Learn to use various security features of the Java development environment
  • Have a practical understanding of cryptography
  • Learn about typical coding mistakes and how to avoid them
  • Get information about some recent vulnerabilities in the Java framework
  • Get sources and further readings on secure coding practices
Audience Developers
Read more...

Java and Web Application Security

21 Hours
Description Beyond solid knowledge in using Java components, even for experienced Java programmers it is essential to have a deep knowledge in web-related vulnerabilities both on server and client side, the different vulnerabilities that are relevant for web applications written in Java, and the consequences of the various risks. General web-based vulnerabilities are demonstrated through presenting the relevant attacks, while the recommended coding techniques and mitigation methods are explained in the context of Java with the most important aim to avoid the associated problems. In addition, a special focus is given to client-side security tackling security issues of JavaScript, Ajax and HTML5. The course introduces security components of Standard Java Edition, which is preceded with the foundations of cryptography, providing a common baseline for understanding the purpose and the operation of the applicable components. The use of all components is presented through practical exercises, where participants can try out the discussed APIs and tools for themselves. Finally, the course explains the most frequent and severe programming flaws of the Java language and platform. Besides the typical bugs committed by Java programmers, the introduced security vulnerabilities cover both language-specific issues and problems stemming from the runtime environment. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques. Participants attending this course will
  • Understand basic concepts of security, IT security and secure coding
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Learn client-side vulnerabilities and secure coding practices
  • Learn to use various security features of the Java development environment
  • Have a practical understanding of cryptography
  • Learn about typical coding mistakes and how to avoid them
  • Get information about some recent vulnerabilities in the Java framework
  • Get practical knowledge in using security testing tools
  • Get sources and further readings on secure coding practices
Audience Developers
Read more...

Advanced Java, JEE and Web Application Security

28 Hours
Beyond solid knowledge in using Java components, even for experienced Java programmers it is essential to have a deep knowledge in web-related vulnerabilities both on server and client side, the different vulnerabilities that are relevant for web applications written in Java, and the consequences of the various risks. General web-based vulnerabilities are demonstrated through presenting the relevant attacks, while the recommended coding techniques and mitigation methods are explained in the context of Java with the most important aim to avoid the associated problems. In addition, a special focus is given to client-side security tackling security issues of JavaScript, Ajax and HTML5. The course introduces security components of Standard Java Edition, which is preceded with the foundations of cryptography, providing a common baseline for understanding the purpose and the operation of the applicable components. Security issues of Java Enterprise Edition are presented through various exercises explaining both declarative and programmatic security techniques in JEE. Finally, the course explains the most frequent and severe programming flaws of the Java language and platform. Besides the typical bugs committed by Java programmers, the introduced security vulnerabilities cover both language-specific issues and problems stemming from the runtime environment. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques. Participants attending this course will
  • Understand basic concepts of security, IT security and secure coding
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Learn client-side vulnerabilities and secure coding practices
  • Learn to use various security features of the Java development environment
  • Have a practical understanding of cryptography
  • Understand security concepts of Web services
  • Understand security solutions of Java EE
  • Learn about typical coding mistakes and how to avoid them
  • Get information about some recent vulnerabilities in the Java framework
  • Get practical knowledge in using security testing tools
  • Get sources and further readings on secure coding practices
Audience Developers
Read more...

Node.JS and Web Application Security

21 Hours
As a developer, your duty is to write bulletproof code. What if we told you that despite all of your efforts, the code you have been writing your entire career is full of weaknesses you never knew existed? What if, as you are reading this, hackers were trying to break into your code? How likely would they be to succeed? What if they could steal away your database and sell it on the black market? This Web application security course will change the way you look at code. A hands-on training during which we will teach you all the attackers’ tricks and how to mitigate them, leaving you with no other feeling than the desire to know more. It is your choice to be ahead of the pack, and be seen as a game changer in the fight against cybercrime. Delegates attending will:
  • Understand basic concepts of security, IT security and secure coding
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Learn client-side vulnerabilities and secure coding practices
  • Learn about Node.js security
  • Learn about MongoDB security
  • Have a practical understanding of cryptography
  • Understand essential security protocols
  • Understand security concepts of Web services
  • Learn about JSON security
  • Get practical knowledge in using security testing techniques and tools
  • Learn how to handle vulnerabilities in the used platforms, frameworks and libraries
  • Get sources and further readings on secure coding practices
Read more...

.NET, C# and ASP.NET Security Development

14 Hours
A number of programming languages are available today to compile code to .NET and ASP.NET frameworks. The environment provides powerful means for security development, but developers should know how to apply the architecture- and coding-level programming techniques in order to implement the desired security functionality and avoid vulnerabilities or limit their exploitation. The aim of this course is to teach developers through numerous hands-on exercises how to prevent untrusted code from performing privileged actions, protect resources through strong authentication and authorization, provide remote procedure calls, handle sessions, introduce different implementations for certain functionality, and many more. Introduction of different vulnerabilities starts with presenting some typical programming problems committed when using .NET, while the discussion of vulnerabilities of the ASP.NET also deals with various environment settings and their effects. Finally, the topic of ASP.NET-specific vulnerabilities not only deals with some general web application security challenges, but also with special issues and attack methods like attacking the ViewState, or the string termination attacks. Participants attending this course will
  • Understand basic concepts of security, IT security and secure coding
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Learn to use various security features of the .NET development environment
  • Get practical knowledge in using security testing tools
  • Learn about typical coding mistakes and how to avoid them
  • Get information about some recent vulnerabilities in .NET and ASP.NET
  • Get sources and further readings on secure coding practices
Audience Developers
Read more...

Advanced C#, ASP.NET and Web Application Security

21 Hours
Beyond solid knowledge in using various security features of .NET and ASP.NET, even for experienced programmers it is essential to have a deep knowledge in web-related vulnerabilities both on server and client side along with the consequences of the various risks. In this course the general web-based vulnerabilities are demonstrated through presenting the relevant attacks, while the recommended coding techniques and mitigation methods are explained in the context of ASP.NET. A special focus is given to client-side security tackling security issues of JavaScript, Ajax and HTML5. The course also deals with the security architecture and components of the .NET framework, including code- and role based access control, permission declaration and checking mechanisms and the transparency model. A brief introduction to the foundations of cryptography provides a common practical baseline for understanding the purpose and the operation of various algorithms, based on which the course presents the cryptographic features that can be used in .NET. Introduction of different security bugs follows the well-established vulnerability categories, tackling input validation, security features, error handling, time- and state-related problems, the group of general code quality issues, and a special section on ASP.NET-specific vulnerabilities. These topics are concluded with an overview on testing tools that can be used to automatically reveal some of the learnt bugs. Topics are presented through practical exercises where participants can try out the consequences of certain vulnerabilities, the mitigations, as well as the discussed APIs and tools for themselves. Participants attending this course will
  • Understand basic concepts of security, IT security and secure coding
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Learn client-side vulnerabilities and secure coding practices
  • Learn to use various security features of the .NET development environment
  • Have a practical understanding of cryptography
  • Get information about some recent vulnerabilities in .NET and ASP.NET
  • Get practical knowledge in using security testing tools
  • Learn about typical coding mistakes and how to avoid them
  • Get sources and further readings on secure coding practices
Audience Developers
Read more...

The Secure Coding Landscape

14 Hours
De cursus introduceert enkele gemeenschappelijke beveiligingsconcepten, geeft een overzicht van de aard van de kwetsbaarheden, ongeacht de gebruikte programmeringsspraken en platforms, en verklaart hoe de risico's die van toepassing zijn met betrekking tot softwarebeveiliging in de verschillende fasen van de softwareontwikkeling levenscyclus te beheren. Zonder diep in de technische details te gaan, benadrukt het enkele van de meest interessante en meest opmerkelijke kwetsbaarheden in verschillende softwareontwikkelingstechnologieën, en presenteert de uitdagingen van beveiligingstests, samen met enkele technieken en hulpmiddelen die je kunt toepassen om bestaande problemen in hun code te vinden. De deelnemers aan deze cursus zullen 
  • Begrijp de basisbegrippen van beveiliging, IT-beveiliging en beveiligde codering
  • Begrijp web kwetsbaarheden zowel op de server als op de client-zijde
  • Ontdek de ernstige gevolgen van onzeker bufferbehandeling
  • Wees geïnformeerd over enkele recente kwetsbaarheden in ontwikkelingsomgevingen en kaders
  • Leer over typische coderingsfouten en hoe ze te vermijden
  • Begrijp beveiligingstestmethoden en methoden
Het publiek Managers
Read more...

Secure coding in PHP

21 Hours
The course provides essential skills for PHP developers necessary to make their applications resistant to contemporary attacks through the Internet. Web vulnerabilities are discussed through PHP-based examples going beyond the OWASP top ten, tackling various injection attacks, script injections, attacks against session handling of PHP, insecure direct object references, issues with file upload, and many others. PHP-related vulnerabilities are introduced grouped into the standard vulnerability types of missing or improper input validation, incorrect error and exception handling, improper use of security features and time- and state-related problems. For this latter we discuss attacks like the open_basedir circumvention, denial-of-service through magic float or the hash table collision attack. In all cases participants will get familiar with the most important techniques and functions to be used to mitigate the enlisted risks. A special focus is given to client-side security tackling security issues of JavaScript, Ajax and HTML5. A number of security-related extensions to PHP are introduced like hash, mcrypt and OpenSSL for cryptography, or Ctype, ext/filter and HTML Purifier for input validation. The best hardening practices are given in connection with PHP configuration (setting php.ini), Apache and the server in general. Finally, an overview is given to various security testing tools and techniques which developers and testers can use, including security scanners, penetration testing and exploit packs, sniffers, proxy servers, fuzzing tools and static source code analyzers. Both the introduction of vulnerabilities and the configuration practices are supported by a number of hands-on exercises demonstrating the consequences of successful attacks, showing how to apply mitigation techniques and introducing the use of various extensions and tools. Participants attending this course will
  • Understand basic concepts of security, IT security and secure coding
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Learn client-side vulnerabilities and secure coding practices
  • Have a practical understanding of cryptography
  • Learn to use various security features of PHP
  • Learn about typical coding mistakes and how to avoid them
  • Be informed about recent vulnerabilities of the PHP framework
  • Get practical knowledge in using security testing tools
  • Get sources and further readings on secure coding practices
Audience Developers
Read more...

Microsoft SDL Core

14 Hours
The Combined SDL core training gives an insight into secure software design, development and testing through Microsoft Secure Development Lifecycle (SDL). It provides a level 100 overview of the fundamental building blocks of SDL, followed by design techniques to apply to detect and fix flaws in early stages of the development process. Dealing with the development phase, the course gives an overview of the typical security relevant programming bugs of both managed and native code. Attack methods are presented for the discussed vulnerabilities along with the associated mitigation techniques, all explained through a number of hands-on exercises providing live hacking fun for the participants. Introduction of different security testing methods is followed by demonstrating the effectiveness of various testing tools. Participants can understand the operation of these tools through a number of practical exercises by applying the tools to the already discussed vulnerable code. Participants attending this course will 
  • Understand basic concepts of security, IT security and secure coding
  • Get known to the essential steps of Microsoft Secure Development Lifecycle
  • Learn secure design and development practices
  • Learn about secure implementation principles
  • Understand security testing methodology
  • Get sources and further readings on secure coding practices
Audience Developers, Managers
Read more...

Security Testing

14 Hours
After getting familiar with the vulnerabilities and the attack methods, participants learn about the general approach and the methodology for security testing, and the techniques that can be applied to reveal specific vulnerabilities. Security testing should start with information gathering about the system (ToC, i.e. Target of Evaluation), then a thorough threat modeling should reveal and rate all threats, arriving to the most appropriate risk analysis-driven test plan. Security evaluations can happen at various steps of the SDLC, and so we discuss design review, code review, reconnaissance and information gathering about the system, testing the implementation and the testing and hardening the environment for secure deployment. Many security testing techniques are introduced in details, like taint analysis and heuristics-based code review, static code analysis, dynamic web vulnerability testing or fuzzing. Various types of tools are introduced that can be applied in order to automate security evaluation of software products, which is also supported by a number of exercises, where we execute these tools to analyze the already discussed vulnerable code. Many real life case studies support better understanding of various vulnerabilities. This course prepares testers and QA staff to adequately plan and precisely execute security tests, select and use the most appropriate tools and techniques to find even hidden security flaws, and thus gives essential practical skills that can be applied on the next day working day. Participants attending this course will
  • Understand basic concepts of security, IT security and secure coding
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Learn client-side vulnerabilities and secure coding practices
  • Understand security testing approaches and methodologies
  • Get practical knowledge in using security testing techniques and tools
  • Get sources and further readings on secure coding practices
Audience Developers, Testers
Read more...

Secure Web Application Development and Testing

21 Hours
Protecting applications that are accessible via the web requires well-prepared security professional who are at all time aware of current attack methods and trends. Plethora of technologies and environments exist that allow comfortable development of web applications. One should not only be aware of the security issues relevant to these platforms, but also of all general vulnerabilities that apply regardless of the used development tools. The course gives an overview of the applicable security solutions in web applications, with a special focus on understanding the most important cryptographic solutions to be applied. The various web application vulnerabilities are presented both on the server side (following the OWASP Top Ten) and the client side, demonstrated through the relevant attacks, and followed by the recommended coding techniques and mitigation methods to avoid the associated problems. The subject of secure coding is wrapped up by discussing some typical security-relevant programming mistakes in the domain of input validation, improper use of security features and code quality. Testing plays a very important role in ensuring security and robustness of web applications. Various approaches – from high level auditing through penetration testing to ethical hacking – can be applied to find vulnerabilities of different types. However, if you want to go beyond the easy-to-find low-hanging fruits, security testing should be well planned and properly executed. Remember: security testers should ideally find all bugs to protect a system, while for adversaries it is enough to find one exploitable vulnerability to penetrate into it. Practical exercises will help understanding web application vulnerabilities, programming mistakes and most importantly the mitigation techniques, together with hands-on trials of various testing tools from security scanners, through sniffers, proxy servers, fuzzing tools to static source code analyzers, this course gives the essential practical skills that can be applied on the next day at the workplace. Participants attending this course will
  • Understand basic concepts of security, IT security and secure coding
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Learn client-side vulnerabilities and secure coding practices
  • Have a practical understanding of cryptography
  • Understand security testing approaches and methodologies
  • Get practical knowledge in using security testing techniques and tools
  • Be informed about recent vulnerabilities in various platforms, frameworks and libraries
  • Get sources and further readings on secure coding practices
Audience Developers, Testers
Read more...

Web Application Security

14 Hours
Protecting applications that are accessible via the web requires well-prepared security professional who are at all time aware of current attack methods and trends. Plethora of technologies and environments exist that allow comfortable development of web applications (like Java, ASP.NET or PHP, as well as Javascript or Ajax on the client side). One should not only be aware of the security issues relevant to these platforms, but also of all general vulnerabilities that apply regardless of the used development tools. The course gives an overview of the applicable security solutions in web applications, focusing on the most important technologies like secure communication and web services, tackling both transport-layer security and end-to-end security solutions and standards like Web Services Security and XML. It also gives a brief overview of the typical programming mistakes, above all connected to missing or improper input validation. The web-based vulnerabilities are demonstrated through presenting the relevant attacks, while the recommended coding techniques and mitigation methods are explained to avoid the associated problems. Exercises can be easily followed by programmers using different programming languages, thus the web application-related topics can be easily combined with other secure coding subjects, and can thus effectively satisfy the needs of corporate development groups, who typically deal with various languages and development platforms to develop web applications. Participants attending this course will
  • Understand basic concepts of security, IT security and secure coding
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Learn client-side vulnerabilities and secure coding practices
  • Have a practical understanding of cryptography
  • Understand security concepts of Web services
  • Get practical knowledge in using security testing tools
  • Get sources and further readings on secure coding practices
Audience Developers
Read more...

DevOps Security: Creating a DevOps Security Strategy

7 Hours
In deze door een instructeur geleide, live cursus in Namen leren deelnemers hoe ze de juiste beveiligingsstrategie kunnen formuleren om de DevOps beveiligingsuitdaging het hoofd te bieden.
Read more...

Embedded Systems Security

21 Hours
Deze door een instructeur geleide, live training introduceert de systeemarchitecturen, besturingssystemen, netwerken, opslag en cryptografische problemen waarmee rekening moet worden gehouden bij het ontwerpen van veilige ingebedde systemen.Aan het einde van deze cursus zullen de deelnemers een goed begrip hebben van beveiligingsprincipes, -problemen en -technologieën. Belangrijker nog is dat de deelnemers zullen worden uitgerust met de technieken die nodig zijn voor het ontwikkelen van veilige embedded software.
Read more...

Interactive Application Security Testing (IAST)

14 Hours
Interactive Application Security Testing (IAST) is een vorm van applicatiebeveiligingstests die statische applicatiebeveiligingstests (SAST) en Dynamic Application Security Testing (DAST) of Runtime Application Self-Protection (RASP) technieken combineert. IAST kan de specifieke codelijnen rapporteren die verantwoordelijk zijn voor een beveiligingsuitbuiting en het gedrag dat leidt tot en volgt tot een dergelijke uitbuiting herstelt. In deze instructeur geleide, live training, zullen de deelnemers leren hoe om een applicatie te verzekeren door instrumenteren runtime agenten en aanval inducers om het applicatie gedrag tijdens een aanval te simuleren.   Aan het einde van deze training zullen de deelnemers in staat zijn:
  • Simuleren van aanvallen op applicaties en valideren van hun detectie- en beschermingscapaciteiten
  • Gebruik RASP en DAST om code-niveau zichtbaarheid te krijgen in de door een applicatie genomen gegevensroute onder verschillende runtime scenario's
  • Snelle en nauwkeurige correctie van de applicatiecode die verantwoordelijk is voor gedetecteerde kwetsbaarheden
  • Prioriteit geven aan kwetsbaarheidsresultaten uit dynamische scans
  • Gebruik RASP real-time waarschuwingen om applicaties in de productie te beschermen tegen aanvallen.
  • Vermindering van de risico's van applicatie kwetsbaarheid terwijl de productieschema-doelstellingen worden gehandhaafd
  • Ontwerp van een geïntegreerde strategie voor algemene kwetsbaarheiddetectie en bescherming
Het publiek
  • [ 1 ] Ingenieurs
  • Veiligheidsingenieurs
  • Ontwikkelaars
Format van de cursus
  • Deel lezing, deel discussie, oefeningen en zware praktijken
Read more...

How to Write Secure Code

35 Hours
After the major attacks against national infrastructures, Security Professionals found that the majority of the vulnerabilities that caused the attacks came from poor and vulnerable code that the developers write.  Developers now need to master the techniques of how to write Secure Code, because we are in a situation where anyone can use availble tools to write a script that can effectivly disable a large organization's systems because the developers have written poor code. This Course aims to help in the following:
  1. Help Developers to master the techniques of writing Secure Code
  2. Help Software Testers to test the security of the application before publishing to the production environment
  3. Help Software Architects to understand the risks surrounding the applications
  4. Help Team Leaders to set the security base lines for the developers
  5. Help Web Masters to configure the Servers to avoid miss-configurations
In this course you will also see details of the latest cyber attacks that have been used and the countermeasures used to stop and prevent these attacks. You will see for yourself how developers mistakes led to catastrophic attacks, and by participatig in the labs during the course you will be able to put into practise the security controls and gain the experience and knowledge to produce secure coding. Who should Attend this Course?  This Secure Code Training is ideal for those working in positions such as, but not limited to:
  • Web Developers
  • Mobile Developers
  • Java Developers
  • Dot Net Developers
  • Software Architects
  • Software Tester
  • Security Professionals
  • Web Masters
Read more...

Secure Developer Java (Inc OWASP)

21 Hours
This course covers the secure coding concepts and principals with Java through Open Web Application Security Project (OWASP) methodology of testing. The Open Web Application Security Project is an online community which creates freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security.
Read more...

Secure Developer .NET (Inc OWASP)

21 Hours
This course covers the secure coding concepts and principals with ASP.net through the Open Web Application Security Project (OWASP) methodology of testing , OWASP is an online community which creates freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security.  This Course explores the Dot Net Framework Security features and how to secure web applications.   
    
    
    
    
    
Read more...

Last Updated:

Getuigenissen (34)

Veel informatie heel goed uitgelegd. Good voorbeelden, interessante oefeningen. Trainer liet ons zijn ervaring in de echte wereld zien.

Gergely Bathó - GE Medical Systems Polska Sp. Z O.O.
Cursus - Application Security for Developers

Machine Translated

The Burpe suite i need more training in this

Gontse Ntshegi - Vodacom
Cursus - Android Security

Nothing it was perfect.

Zola Madolo - Vodacom
Cursus - Android Security

Azure-webbeveiliging, het was meer wat ik verwachtte, de penetratietesten die ik in mijn werk nooit zou doen

Toby
Cursus - Application Security in the Cloud

Machine Translated

de balans tussen hoorcollege en praktijk, het ritme, de trainerskennis en pedagogische vaardigheid

Armando Pinto - EID
Cursus - C/C++ Secure Coding

Machine Translated

De trainer zorgde voor up-to-date informatie en waardevolle referenties en tools.

Jose Vicente - EID
Cursus - C/C++ Secure Coding

Machine Translated

om veel goede info te krijgen over het onderwerp van de cursus

Paulo Pereira - EID
Cursus - C/C++ Secure Coding

Machine Translated

De coach gedegen kennis en ervaring, mooie slides, goede voorbeelden.

Celso Almeida - EID
Cursus - C/C++ Secure Coding

Machine Translated

Regelmatig wijzigingen pushen, want op dag 3 begon ik meer te verdwalen dan voorheen en was het moeilijker om een fout snel op te sporen, ik kon snel uitchecken voor de laatste wijziging en op de hoogte zijn van het materiaal

Paulina
Cursus - Advanced Java Security

Machine Translated

It opens up a lot and gives lots of insight what security

Nolbabalo Tshotsho - Vodacom SA
Cursus - Advanced Java Security

Very good knowledge and character.

Constantinos Michael
Cursus - Java and Web Application Security

The organization

Panagiotis Foutros
Cursus - Java and Web Application Security

Het is heel goed om te begrijpen hoe een hacker sites zou kunnen analyseren op zwakke punten en op de tools die ze zouden kunnen gebruiken.

Roger - OTT Mobile
Cursus - .NET, C# and ASP.NET Security Development

Machine Translated

the corny jokes. Love the first 2 day session because of the labs.

Kevin Galacgac - Human Edge Software Philippines, Inc.
Cursus - .NET, C# and ASP.NET Security Development

The trainer is really connecting with us and making sure that nobody left out of the current topic. Explains well to each topic and provides an example that is easy to understand.

Edgarico Llaneta - Human Edge Software Philippines, Inc.
Cursus - .NET, C# and ASP.NET Security Development

The hands-on training and the examples.

Lord-Sam Lamparero - Human Edge Software Philippines, Inc.
Cursus - .NET, C# and ASP.NET Security Development

The exercises (SQL injection, XSS, CRSF...)

David Lemoine - Statistical Solutions
Cursus - .NET, C# and ASP.NET Security Development

Beginning by how to hack to better understand how to secure was very interesting and appreciated.

Raphaël Capocasale - Mikron SA Boudry
Cursus - Advanced C#, ASP.NET and Web Application Security

The explanations of how the most common attacks happen against web applications.

Jacob Fisher - Mikron SA Boudry
Cursus - Advanced C#, ASP.NET and Web Application Security

The learning material

morena xaba - Vodacom
Cursus - The Secure Coding Landscape

The real life examples.

Marios Prokopiou
Cursus - Secure coding in PHP

All topics were well covered and presented with a lot of examples. Ahmed was very efficient and managed to keep us focused and attracted at all times.

Kostas Bastas
Cursus - Secure coding in PHP

Trainer willing to answer questions and give bunch of examples for us to learn.

Eldrick Ricamara - Human Edge Software Philippines, Inc. (part of Tribal Group)
Cursus - Security Testing

Leren omgaan met nieuwe tools. Vooral om te zien hoe beveiligingstests konden worden uitgevoerd

Jason - Kropman
Cursus - Secure Web Application Development and Testing

Machine Translated

El profesor explica muy bien, tiene un buen conocimiento, ayuda a que siempre de ejemplos de lo que esta explicando para entender mas facil, va a un ritmo bien.

Yamir Aguilar - ATEB Servicios
Cursus - Secure Web Application Development and Testing

I liked he was passionate about the subject and very convincing too.

Diana Vladulescu
Cursus - Secure Web Application Development and Testing

Web 的同源策略和跨域的内容,以及XSS 的危害,這個很貼切我們的工作。

Princess Ou - 广东溢达纺织有限公司
Cursus - Web Application Security

Overview of most among important topics related to software architecture. This training inspired me to learn some of them in depth ;)

Konrad Fuchsig - EY GDS
Cursus - Web Application Security

Explanation of the concepts I had no knowledge about. Tutors calm and kind attitude and also his very vast knowledge.

Michał Kowalczyk - EY GDS
Cursus - Web Application Security

Practical examples and possibility to try how web injections are functioning from the other side - not user but attacker side.

Jessica Wierzbicka - EY GDS
Cursus - Web Application Security

The hands-on labs were excellent.

Dr. Farhan Hassan Khan - TDM GROUP
Cursus - Web Application Security

De labo's praktijk

Angel - Vodacom
Cursus - How to Write Secure Code

Machine Translated

het zien van de veiligheidsbedreigingen in actie

kesh - Vodacom
Cursus - How to Write Secure Code

Machine Translated

Het was geweldig om een één-op-één sessie met Raymond te hebben. Hij was echt geweldig en attent op al mijn trainingsbehoeften.

Joshua
Cursus - Secure Developer .NET (Inc OWASP)

Machine Translated

Upcoming Courses

Other regions in België

Other Countries

These courses are also available in other countries

Consulting

Secure Code Consulting
Secure Code training cursus in Namen, Secure Code opleiding cursus in Namen, Weekend Secure Code cursus in Namen, Avond Secure Code training in Namen, Secure Code instructeur geleid Namen, Secure Code trainer in Namen, Secure Code privé cursus in Namen, Secure Code op locatie in Namen, Secure Code coaching in Namen, Secure Code boot camp in Namen, Secure Code instructeur in Namen, Avond Secure Code cursus in Namen, Secure Code een op een opleiding in Namen, Weekend Secure Code training in Namen, Secure Code on-site in Namen, Secure Code instructeur geleid in Namen,Secure Code lessen in Namen, Secure Code een op een training in Namen
1