Is your company working on products with high security requirements?
Do your products work with sensitive data?
Risks of data leakage from your system could be fatal for a company?
If there is at least one “yes”, it's time to train the team to think about security at the coding stage.
Our motto is: you never know how to secure a system if you don't know how to hack it. The corporate system security testing training for DEV/SEC teams is a powerful two-day intensive. After getting acquainted with the theory, the participants of the training will have a team competition, when they themselves will be able to apply their “hacker” skills and look for vulnerabilities on real projects.
Course Sections
-
Embedding Security in the Development Process (SDLC)
-
Secure Architectures
-
Risk Assessment Methodologies and Risk Register
-
Penetration Testing Based on the OWASP Methodology and Mastering the Necessary Tools
What Will Participants Learn?
-
Integrate security principles into the development cycle (SDLC)
-
Test web system security using the main OWASP test cases (Injections, XXE, XSS, CSRF, SSRF, Insecure Deserialization, Security Misconfiguration, Broken Authentication and Authorization, etc.)
-
Use the tools necessary to conduct penetration testing (nmap, Burp, Metasploit, Kali Linux, FoxyProxy, ncrack, User Agent Switcher, etc.)
-
Assess risks for found vulnerabilities
Course Trainer
Denis Koloshko
Denis is a practicing pentester, certified security expert: CISSP (Certified Information Systems Security Professional), OSWE (Offensive Security Web Expert), has over 17 years of experience in the development of scalable, high-load web systems with high security requirements.
Senior .NET Developer
“I liked it when I was able to complete a task (any). I liked those tasks where we registered the admin, intercepted cookies and entered the site under a different user.”
Head of Development
“It was very cool and interesting, the idea of the process and methods of hacking systems has changed a lot. I learned a lot of new techniques: reverse shell, deserialization.”
Software Engineer
“I liked remote code execution, xss, network mapping + hydra the most.”