Cybersecurity Advanced Training Course

This instructor-led, live training in Italy (online or onsite) is designed for system administrators who wish to use 389 Directory Server to configure and manage LDAP-based authentication and authorization.

Upon completion of this training, participants will be able to:

• Install and configure 389 Directory Server.
• Comprehend the features and architecture of 389 Directory Server.
• Learn how to configure the directory server using both the web console and the CLI.
• Set up and monitor replication to ensure high availability and load balancing.
• Manage LDAP authentication using SSSD for enhanced performance.
• Integrate 389 Directory Server with Microsoft Active Directory.

This instructor-led, live training in Italy (online or onsite) is designed for system administrators who intend to use Microsoft Active Directory to manage and secure data access.

Upon completing this course, participants will be equipped to:

• Install and configure Active Directory.
• Establish a domain and define access permissions for users and devices.
• Administer users and machines via Group Policies.
• Regulate access to file servers.
• Deploy a Certificate Service and manage certificates.
• Implement and oversee services such as encryption, certificates, and authentication.

Android is an open platform designed for mobile devices, including smartphones and tablets. While it offers a wide range of security features to facilitate the development of secure software, it also lacks certain security aspects found in other handheld platforms. This course provides a comprehensive overview of these features and highlights critical shortcomings related to the underlying Linux system, file structure, and general environment, as well as those concerning the use of permissions and other Android development components.

The course describes typical security pitfalls and vulnerabilities for both native code and Java applications, along with recommendations and best practices to prevent and mitigate them. Many of the issues discussed are supported by real-life examples and case studies. Additionally, the course includes a brief overview on using security testing tools to identify potential programming bugs.

Participants attending this course will

• Understand fundamental concepts of security, IT security, and secure coding
• Learn about Android security solutions
• Learn to utilize various security features of the Android platform
• Gain insights into recent Java vulnerabilities on Android
• Learn about common coding mistakes and how to avoid them
• Understand native code vulnerabilities on Android
• Recognize the severe consequences of insecure buffer handling in native code
• Understand architectural protection techniques and their weaknesses
• Access sources and further readings on secure coding practices

Audience

Professionals

Developing a secure networked application can be challenging, even for developers who are already familiar with various cryptographic building blocks such as encryption and digital signatures. To help participants grasp the role and application of these cryptographic primitives, the course first establishes a solid foundation regarding the main requirements of secure communication—namely, secure acknowledgment, integrity, confidentiality, remote identification, and anonymity. It also addresses the typical problems that can compromise these requirements, alongside real-world solutions.

Since cryptography is a critical aspect of network security, the course discusses the most important cryptographic algorithms in symmetric cryptography, hashing, asymmetric cryptography, and key agreement. Rather than focusing on an in-depth mathematical background, these topics are explored from a developer's perspective, illustrating typical use-case examples and practical considerations related to crypto usage, such as public key infrastructures. The course also introduces security protocols used in various areas of secure communication, with an in-depth discussion on widely-used protocol families such as IPSEC and SSL/TLS.

Typical cryptographic vulnerabilities are discussed, both in relation to specific crypto algorithms and cryptographic protocols. Examples include BEAST, CRIME, TIME, BREACH, FREAK, Logjam, Padding oracle, Lucky Thirteen, POODLE, and similar issues, as well as the RSA timing attack. For each problem, the practical considerations and potential consequences are described, without delving into deep mathematical details.

Finally, since XML technology is central to data exchange for networked applications, the course covers the security aspects of XML. This includes the usage of XML within web services and SOAP messages, alongside protection measures such as XML signature and XML encryption. The course also addresses weaknesses in these protection measures and XML-specific security issues, such as XML injection, XML external entity (XXE) attacks, XML bombs, and XPath injection.

Participants attending this course will

• Understand basic concepts of security, IT security, and secure coding
• Understand the requirements of secure communication
• Learn about network attacks and defenses at different OSI layers
• Gain a practical understanding of cryptography
• Understand essential security protocols
• Understand some recent attacks against cryptosystems
• Get information about some recent related vulnerabilities
• Understand security concepts of Web services
• Get sources and further readings on secure coding practices

Audience

Developers, Professionals

This three-day course provides a foundational understanding of safeguarding C/C++ code against malicious actors who may exploit vulnerabilities related to memory management and input handling. Participants will explore the core principles necessary for writing secure code.

Even seasoned Java developers do not necessarily master all the security services provided by Java, nor are they always aware of the various vulnerabilities relevant to web applications written in Java.

This course, in addition to introducing the security components of the Standard Java Edition, addresses security issues related to Java Enterprise Edition (JEE) and web services. Before discussing specific services, the foundational concepts of cryptography and secure communication are covered. Through various exercises, participants explore declarative and programmatic security techniques in JEE, while the course also examines both transport-layer and end-to-end security for web services. The application of all components is illustrated through several practical exercises, allowing participants to experiment with the discussed APIs and tools firsthand.

The course also reviews and explains the most frequent and critical programming flaws associated with the Java language and platform, as well as web-related vulnerabilities. In addition to typical errors made by Java programmers, the security vulnerabilities covered include both language-specific issues and problems arising from the runtime environment. All vulnerabilities and corresponding attacks are demonstrated through easy-to-understand exercises, followed by recommended coding guidelines and potential mitigation techniques.

Participants attending this course will

• Understand basic security concepts, IT security, and secure coding practices
• Learn about web vulnerabilities beyond the OWASP Top Ten and know how to avoid them
• Understand the security concepts underlying web services
• Learn how to utilize various security features of the Java development environment
• Gain a practical understanding of cryptography
• Understand the security solutions available in Java EE
• Learn about typical coding mistakes and how to avoid them
• Receive information on some recent vulnerabilities in the Java framework
• Acquire practical knowledge in using security testing tools
• Obtain resources and further reading materials on secure coding practices

Audience

Developers

Description

The Java language and Runtime Environment (JRE) were designed to eliminate the most critical security vulnerabilities commonly found in other languages, such as C/C++. However, software developers and architects must not only master the positive security features of the Java ecosystem but also remain vigilant regarding the numerous vulnerabilities that continue to pose risks in Java development.

This course begins with a concise overview of cryptographic foundations, establishing a common understanding of how key components function and why they matter. Participants will then apply this knowledge through practical exercises, gaining hands-on experience with the discussed APIs.

Additionally, the course examines the most frequent and severe programming flaws in the Java language and platform, addressing both typical errors made by developers and issues specific to the Java environment. All identified vulnerabilities and associated attack vectors are illustrated through accessible exercises, followed by recommended coding guidelines and effective mitigation strategies.

Participants attending this course will

• Grasp fundamental concepts of security, IT security, and secure coding
• Identify web vulnerabilities beyond the OWASP Top Ten and learn how to prevent them
• Effectively utilize various security features within the Java development environment
• Develop a practical understanding of cryptography
• Recognize common coding mistakes and learn how to avoid them
• Gain insight into recent vulnerabilities affecting the Java framework
• Access resources and further reading materials on secure coding practices

Audience

Developers

Today, numerous programming languages are available to compile code for the .NET and ASP.NET frameworks. While this environment offers robust tools for security development, developers must understand how to apply architecture- and code-level programming techniques to implement the required security functions, prevent vulnerabilities, or limit their exploitation.

The goal of this course is to instruct developers, through extensive hands-on exercises, on how to stop untrusted code from performing privileged actions, safeguard resources via strong authentication and authorization, manage remote procedure calls and sessions, introduce alternative implementations for specific functions, and much more.

The introduction to various vulnerabilities begins by presenting common programming issues encountered when using .NET, while the discussion on ASP.NET vulnerabilities addresses diverse environment settings and their impacts. Finally, the topic of ASP.NET-specific vulnerabilities covers not only general web application security challenges but also specialized issues and attack vectors such as attacking ViewState or string termination attacks.

Participants attending this course will

• Understand the fundamental concepts of security, IT security, and secure coding
• Learn about web vulnerabilities beyond the OWASP Top Ten and how to avoid them
• Learn to utilize various security features within the .NET development environment
• Gain practical knowledge in using security testing tools
• Learn about typical coding mistakes and how to avoid them
• Receive information on recent vulnerabilities in .NET and ASP.NET
• Get sources and further readings on secure coding practices

Audience

Developers

This course provides an introduction to essential security concepts, offering a comprehensive overview of vulnerability characteristics independent of specific programming languages or platforms. It also explains how to manage risks related to software security throughout all phases of the software development lifecycle. While avoiding deep technical intricacies, the course highlights some of the most critical and prevalent vulnerabilities across various software development technologies. Furthermore, it addresses the challenges of security testing and presents effective techniques and tools for identifying potential issues within your code.

Upon completion, participants will be able to:

• Grasp fundamental concepts of security, IT security, and secure coding practices
• Identify web vulnerabilities affecting both server and client sides
• Recognize the serious consequences of improper buffer handling
• Stay informed about recent vulnerabilities in development environments and frameworks
• Learn about common coding errors and strategies to prevent them
• Understand various approaches and methodologies for security testing

Target Audience

Managers

This instructor-led live training in Italy (online or onsite) is designed for system administrators who wish to use FreeIPA to centralize the authentication, authorization, and account information for their organization's users, groups, and machines.

By the end of this training, participants will be able to:

• Install and configure FreeIPA.
• Manage Linux users and clients from a single central location.
• Use FreeIPA's CLI, Web UI and RPC interface to set up and manage permissions.
• Enable Single Sign On authentication across all systems, services and applications.
• Integrate FreeIPA with Windows Active Directory.
• Backup, replicate and migrate an FreeIPA server.

This instructor-led, live training in Italy (online or onsite) is designed for system administrators who wish to utilize Okta for identity and access management.

By the conclusion of this training, participants will be able to:

• Configure, integrate, and manage Okta.
• Integrate Okta into existing applications.
• Implement security using multi-factor authentication.

This instructor-led, live training in Italy (online or onsite) is aimed at intermediate-level system administrators and IT professionals who wish to install, configure, manage, and secure LDAP directories using OpenLDAP.

By the end of this training, participants will be able to:

• Understand the structure and operation of LDAP directories.
• Install and configure OpenLDAP for various deployment environments.
• Implement access control, authentication, and replication mechanisms.
• Use OpenLDAP with third-party services and applications.

This instructor-led, live training in Italy (online or onsite) is designed for system administrators who want to use OpenAM to manage identity and access controls for web applications.

By the end of this training, participants will be able to:

• Set up the necessary server environment to begin configuring authentication and access controls using OpenAM.
• Implement single sign-on (SSO), multi-factor authentication (MFA), and user self-service features for web applications.
• Leverage federation services (OAuth 2.0, OpenID, SAML v2.0, etc.) to securely extend identity management across different systems or applications.
• Access and manage authentication, authorization, and identity services via REST APIs.

This instructor-led, live training in Italy (online or on-site) is designed for system administrators who wish to use OpenDJ to manage their organization's user credentials in a production environment.

By the end of this training, participants will be able to:

• Install and configure OpenDJ.
• Maintain an OpenDJ server, including monitoring, troubleshooting, and optimizing for performance.
• Create and manage multiple OpenDJ databases.
• Backup and migrate an OpenDJ server.