Shield

Cyber Security Fundamentals & Building Secure Applications

Package including 2 courses :

  • Cyber Security Fundamentals including Demo and Hands-on training : Provide insights into the modern security environment and Hands-on training
  • Building Secure Applications

Référence de la formation

KBPSEO3

Niveau

  • Débutant
  • Intermédiaire

Nombre de jours

14 days, 4H/day

Prix

4.485,75 € HT

Lieu de la formation

V: v-learning, virtual class



Pre-requis

  • Basic Knowledge of IP Networking
  • Experience and comprehension of application development

Public

  • High level Managers, Presale Managers, IT Managers, QA and Technical Support
  • Application developers and Everyone who seeks to better understand how to build Secure Applications

Objectifs de la formation

#Course Obejectives
#Course-1

The main goal of the Cybersecurity course is to cover some fundamentals Cybersecurity topics, to provide insights into the modern security environment,
the cyber threat landscape and attacker mentality, including how attackers work, what tools they use, what vulnerabilities they target and what they’re really after.
Course graduates may be a part of QA teams, Validation teams and development teams.

At the end of this "Cyber ​​Fundamentals including Demo and Hands-on training" training, you will be able and hand-on to:

  • Layers vulnerabilities
  • Inspection and interception tools
  • NAT – Topology hiding
  • Application evolution and security issues
  • Net work issues
  • Net work and vulnerability scanning
  • Offensive Security – Kali Linux
  • Virtual machines
  • NMAP
  • NCAT
  • Firewall
  • Cryptography
  • Penetration Tests
  • Cloud Security
  • Web application Vulnerability/ Firewall
  • IDS/IPS events detection
  • SEIM Demo
  • Computer forensics incl. Demo
  • Cyber security in organizations
  • AI NLP
  • Future CRM CEM
#Course-2 Although application security is a relative old subject, most of the focus in the 90’s was focused on securing the network infrastructure (e.g. firewalls, VPNs etc.), as well as the servers OS (e.g. patch management systems). However, in the last years focus has been shifted from the network and the infrastructure to the application layer. This is due to the fact that the infrastructure (i.e. network and OS) security has improved significantly while applications have remained vulnerable. Thus, the application layer has become the main target of attacks. In addition, it is well understood today, that secure applications means high-quality and more safe applications. In the course we will learn the different aspects of application security including authentication, authorization, auditing, confidentiality, and data-integrity, as well as the different technologies addressing these requirements. We will study the risk analysis model and understand how to use it to analyze the risk of the threat associated with vulnerabilities in the application.
In addition, we will learn how to build secure applications, starting from including the security in the application development life cycle, continuing in secure coding practices, and security testing tools.


 

Contenu du cours

#Cyber Security Fundamentals including Demo and Hands-on training
Meeting #1

Chapter Description
Introduction to Cyber Security
  • Hacking History
  • Cyber Attacks Trends
  • Cloud Security Challenges
  • External and Internal threats
  • Threats and attacks
  • Security Criteria’s
  • Threat Taxonomy Models summary
Basics of Networking
  • Network Definitions and Topology
  • LAN, WAN, MAN
  • Synchronized and Unsynchronized modes
  • Network speed – bit rate
  • Bandwidth and the Noise factor
  • Errors handling
  • Utilization and coding efficiency
OSI layer model
  • The need for Standards
  • Layers model and protocols
  • OSI Model
  • OSI Layers responsibilities
Summary including Q&A
  • Summary including Q&A

 

Meeting #2

Chapter Description
The physical layer and vulnerabilities
  • Twisted Pair, Coax, Fiber Optic, Satellite, Microwave
Data Link Layer (IEEE Ethernet) – the 2nd Layer
  • Ethernet Common Topologies
  • CSMA (Carrier Sense Multiple Access)Protocol
  • Ethernet Frame Structure
  • MAC Addresses
  • MAC Spoofing for attacks
The 3rd Layer and IP vulnerabilities
  • Network Layer (IP)
  • IP Header Structure
  • MTU and Fragmentation process
  • ARP and DHCP security issues
  • DOS attacks including fragmented packets
Summary including Q&A
  • Summary including Q&A

 

Meeting #3

Chapter Description
The 4th Layer- Transportation Layers
  • UDP
  • TCP
  • SCTP
Inspection and interception Tool – Hands-on
  • Introduction to Wireshark
  • Getting Started
  • Capturing Packets
  • Color Coding
  • Sessions Filtering methods
Internet working
  • HUB, Switch and Router
  • Routing techniques and Algorithms
  • Challenges - High availability and LB
Summary including Q&A
  • Summary including Q&A

 

Meeting #4

Chapter Description
NAT – Topology hiding • NAT types / NAT challenges
• Universal Plug and Play (UPNP)
• Simple Traversal of UP through NAT (STUN)
• Traversal Using Relay NATs (TURN)
Inspection and interception Tool – Hands-on • Inspecting Packets
• Network Topology studying
• MAC Addresses and manufacturers
• 3rd layer and IP Addresses analysis
• Open ports at 4th Layer Analysis
Applications Evolution and security issues • HTTP, Telnet, FTP, Email
• Media Applications – VoIP
• Collaboration
Summary including Q&A • Summary including Q&A

 

Meeting #5

Chapter Description
Networking Issues • Quality of Service
• Class of Service
• Related DoS attacks
Basics of Security Management • Security Layers
• Defending concept according OSI Layers
• Security modules and functionalities
• Server Hardening
MiTM challenge and confidentiality solutions • What is TLS
• What is IPsec
• Applications over TLS and IPsec
Summary including Q&A • Summary including Q&A

 

Meeting #6

Chapter

Description
Inspection and interception Tool – Hands-on • Call flow analysis
• Traffic analysis and eavesdropping
• Numbers Harvesting
• Conferences eavesdropping
• Password capture
Offensive security: Kali Linux • What is Kali Linux?
• Some Kali Facts
• Installing Kali Linux
• Tools Categories
• Kali Desktop
• Kali Top Tools
• Kali Linux Alternatives
Basic Linux commands • Basic Linux commands
Summary including Q&A • Summary including Q&A

 

Meeting #7

Chapter Description
Virtual Machines • VMWare
• Virtual Box
Virtual Machines – Hands-on Part 1 • Virtual machine installation
• Setting the VM
• Configuration process
Kali Linux – Hands-on Part 2 • Download and install Kali Linux on VM
• Setting and preparations
• Networking and interconnection tests
Summary including Q&A • Summary including Q&A

 

#Course-2 : Building Secure Applications

Table 1: KSE001 - Course Contents
Chapter Description
Confidentiality and Data-Integrity • Overview of the requirements
• Overview of Cryptology
• Symmetric encryption
• Asymmetric encryption
• Digital signatures
• Digital certificates
• How encryption and hash function are used to address these requirements
• XML-Encryption (for web services)
• XML-Digital signatures (for web services)
Authentication • Overview of the requirements
• The different technologies used for user authentication
• Passwords including Password Management
• Challenge-Response authentication and Challenge-Response tokens
• One-Time Passwords (OTP) and OTP tokens
• Smart-cards and Public-Key technology
• Biometric authentications
• SAML (for web services)
Authorization and Access-Control • Overview of the requirements
• Implementation of authorization mechanisms in the application layer
• Discretionary Access Control (DAC)
• Mandatory Access Control (MAC)
• Role Based Access Control (RBAC
Auditing & Logging • Overview of the requirements
• Central logging
• Auditing and log analysis
Integrating security into the application
development life cycle
• Security in the design stage
• Secure coding
• Security testing
Risk analysis and Threat Modeling • Risk analysis and Threat Modeling
Application coding vulnerabilities • Application coding vulnerabilities
Secure coding best practices • In Java (J2EE)
• In .NET
Security features of application
frameworks
• J2EE
• NET
The End • Summary
• Q&A
• Course’s Evaluation


 

Dates


07 Juillet 2020 au 30 Juillet 2020


03 Août 2020 au 27 Août 2020


NOTE :

Package including 2courses, we offer 10% off including in the price


Des questions ?

+33 (0) 950 20 91 64


Inscription ou Demande de devis