We Train The Experts

In this class, students will scrutinize ICS web applications from an attackers perspective. They will learn how an attacker assesses security threats to a web application and how a developer can design the application to defend against these threats. An in-depth analysis of web vulnerabilities will be covered at a technical level, with a focus on the common vulnerability types that can be found in web applications utilized in ICS. Examples of how an attacker exploits these vulnerabilities to compromise ICS will be demonstrated and hands on exercises will be used to help students understand defensive coding strategies and tactics. Students will be introduced to secure coding techniques, as well as documenting and developing security test cases that can be integrated into a formal SDL or used independently to test for vulnerabilities. The course also includes an in-depth look at developing comprehensive threat models to test for common vulnerabilities and design flaws. This course is customizable for specific software languages upon request (ASP, JSP, PHP).

• Length: 5 days
• Max Students: 25
• Intended Audience: Web Developers
• Call For Pricing 1-877-97DEFEND

In this class, students will scrutinize ICS Win32 applications from an attackers perspective. They will learn how an attacker assesses security threats to an application and how a developer can design the application to defend against these threats. An in-depth analysis of Win32 vulnerabilities will be covered at a technical level, with a focus on the common vulnerability types that can be found in Win32 applications utilized in ICS. Examples of how an attacker exploits these vulnerabilities to compromise ICS will be demonstrated and hands on exercises will be used to help students understand defensive coding strategies and tactics. Students will be introduced to secure coding techniques as well as documenting and developing security test cases that can be integrated into a formal SDL or used independently to test for vulnerabilities. The course also includes an in-depth look at developing comprehensive threat models to test for common vulnerabilities and design flaws. This course focuses on the C and C++ languages, however customizations are available upon request.

• Length: 5 days
• Max Students: 25
• Intended Audience: Web Developers
• Call For Pricing 1-877-97DEFEND

In this class, students will learn about the tactics and strategies for evaluating, investigating, triaging, and driving resolution for security incidents and software vulnerabilities. Using hands on exercises, students will learn debugging techniques and triage strategies for determining whether a bug is exploitable and understanding risk associated with a particular vulnerability. The class will also cover tactics and strategies for variant analysis, orchestration of targeted vulnerability assessments, and security crisis related response. Additionally, the course will address options for establishing a formal security tracking mechanisms and developing robust security response organizations.

• Length: 4 days
• Max Students: 25
• Intended Audience: Incident Response Teams Vulnerability Analysts
• Call For Pricing 1-877-97DEFEND

In this class, students will learn about the attacker mindset and the culture of the security researcher. The class also covers software management practices that can be employed within an organization to help combat attacker techniques and manage relationships with security researchers. Attendees will also learn how to work with development teams in order to establish security quality gates and processes as part of the SDL. Additionally, this class will help organizational leaders understand the perspective of the security researcher and how their actions can affect the organizational brand. Through the use of historical case studies, this class will address the essential components for effective security crisis communication and the orchestration of company-wide security initiatives.

• Length: 1 day
• Max Students: 25
• Intended Audience: Project Managers Program Managers Directors
• Call For Pricing 1-877-97DEFEND

In this class, students will learn to scrutinize ICS Win32 applications from an attackers perspective. They will learn to identify key software design patterns and learn to develop targeted security test cases to measure the robustness of those design patterns. An in-depth analysis of file formats and protocols will be covered at a technical level, with a focus on developing custom fuzzing solutions against proprietary file formats and network protocols. Students will be introduced to robust fuzzing and debugging frameworks and will learn how these frameworks can be used to improve current security test and QA processes. Students should expect to spend the majority of the course in instructor led labs. The course focuses on the C and C++ languages, however customizations are available upon request.

• Length: 4 days
• Max Students: 25
• Intended Audience: Security Test Engineers QA Engineers
• Call For Pricing 1-877-97DEFEND

In this class, students will be introduced to the basics of Industrial Control Systems (ICS) and the components that they are likely to discover while performing assessments. Software, including middle ware, web servers, and ladder logic will be covered in detail. A deep dive into common vulnerabilities that exist in ICS applications and common configuration issues will be covered. Practices for discovering ICS on a network will be cover in-depth, as well as the precautions that must be taken while performing ICS an assessment. Students should expect to spend a majority of their time getting hands on experience using the techniques they are learning in a custom developed lab environment that is built using scenarios seen in the field. Students will get to experience working with live PLCs and performing simulated penetration tests, which ultimately lead to the compromise of the PLC.

• Length: 4 days
• Max Students: 25
• Intended Audience: Penetration Testers Security Engineers
• Call For Pricing 1-877-97DEFEND