respect

Brief description of Nanoforensic’s IT Security, IT Risk Management and Compliance trainings is presented below. Please contact us in order to get more information about our trainings: Bu e-Posta adresi istek dışı postalardan korunmaktadır, görüntülüyebilmek için JavaScript etkinleştirilmelidir  

 

Exploring Network Based Attacks Training

Training Duration: 2 Days

Knowing the network attack vectors and method gives you an opportunity to design appropriate security measures apart from firewalls and encryption techniques. Types of network based attacks require some definite attention to be able to  detect and guard against them.

This training program presents and exposes you to a set of cyber attacks which are carried on network and related devices.

Main topics of the training:

- Network Security Fundamentals

- Defining Threats, Vulnerabilities and Attacks

- Network Security Principles

- Password Based Attacks

- Wireless Network Attacks

- Attacks on Local Area Network

- Exploiting Windows Systems

- Exploiting Linux Systems

- Denial of Service Attacks.

Network Architecture Security with Risk Assessment Training

Training Duration: 2 Days

This training program covers security technologies commonly used for establishing network security policy in an enterprise. The wholesome objective of this training program is to develop an understanding among the participant of how network security technologies can be implemented in corporate networks and to identify their strengths and weaknesses. Threat modeling allows you to systematically identify and rate the threats that are most likely to affect your system.

Main topics of the training:

- Network Security Fundamentals

- Threats and Countermeasures

- Threat Modeling

- Network Security Technologies

- Secure Identification

- Host Security

- Network Security

- Designing Network Security Policy in Enterprises

- Policies and Procedures for Staff.

Essentials of Network Penetration Testing Training

Training Duration: 2 Days

Securing the modern business network and IT infrastructure demands an end-to-end approach and a firm grasp of vulnerabilities and associated protective measures.

This training introduces you to the methodology adopted to perform an Internal and External Network Penetration Test.

Main topics of the training:

- Introduction to Penetration Testing

- Beginning Network Penetration Testing

- Reconnaissance

- Network Enumeration

- Exploiting Systems

- Remote Exploitation with Metasploit

- Internal Network Exploitation with Armitage

- Security Auditing with MBSA

- Writing Penetration Testing Report.

Comprehensive Network Penetration Testing Training

Training Duration: 3 Days

Real penetration testers need to understand the in-depth working  of the security auditing and exploitation tools, and use them very carefully in a professional manner.

This training explains the inner workings of numerous network penetration testing tools and their use in effective network penetration testing projects.

 Main topics of the training:

- Reconnaissance

- Footprinting

- Scanning

- Network Enumeration

- Network Vulnerability Assessment

- Network Vulnerability Assessment with Nessus

- Network Vulnerability Scanning with Nexpose

- Penetration with Metasploit Framework

- Writing Penetration Testing Report.  

Exploring Web Application Attacks Training

Training Duration: 2 Days

This training program takes you through web application attacks with their core concepts along with Hands On Practice Sessions. Also, this training helps you build hack-resilient applications.

Main topics of the training:

- Web Application Security Fundamentals

- Fundamentals Web Application Security

- Defining Threats, Vulnerabilities and Attacks

- Security Threats to Web Applications

- Password Based Attacks

- Injection Based Attacks

- Cross Site Scripting (XSS)

- Cross Site Request Forgery (CSRF)

- Session Based Attacks

- URL Based Attacks.

 

Designing Secure Web Application Architecture with Threat Modeling Training

Training Duration: 2 Days

This training program presents a set of secure architecture and   design guidelines. They have been organized by common application vulnerability category. These are key areas for Web application security and  they are the areas where mistakes are most often made. We also analyze Web application security from the perspectives of threats, countermeasures, vulnerabilities, and attacks. Threat modeling has a structured approach that is far more cost efficient and effective than applying security features in a haphazard manner without knowing precisely what threats each feature is supposed to address. 

Main topics of the training:

- Web Application Security Fundamentals

- Threats and Countermeasures

- Threat Modeling

- Design Issues for Web Applications

- Architecture and Design Review.

Essentials of Web Application Penetration Testing Training

Training Duration: 2 Days

The primary aim of the OWASP Top 10 is to educate developers, designers, architects, managers, and organizations about the consequences of the most important web application security weaknesses. The Top 10 provides basic techniques to protect against these high risks problem areas –and also provides guidance on where to go from here.

This training module introduces participants to OWASP Top 10 vulnerabilities found in a Web Application. This training aims to demonstrate the methodology of web application penetration testing starting from Setting Up Your PenTest Lab to Writing PenTest Reports. It also covers the countermeasures of these critical vulnerabilities to secure your web  application from attackers.

Main topics of the training:

- Web Application Architecture

- Web Server

- Complex Web Application Components

- Setting Up Web Application Penetration Testing Lab

- Testing for OWASP Top 10

- Writing Penetration Testing Report.

 

Comprehensive Web Application Penetration Testing Training

Training Duration: 4 Days

Web Application Penetration Testing is objected towards a website from the perspective of a malicious cyber attacker to find out the security holes before they can be exploited. This is an intermediate to advance level training, focuses on preparing participants for the real world of Web Application Penetration Testing through hands on lab exercises.

Main topics of the training:

- Setting Up Web Application Penetration Testing Lab

- Reconnaissance

- Configuration Management Testing

- Log Configuration Management

- Authentication Testing

- Authorization Testing

- Session Management Testing

- Business Logic Testing

- Data Validation Testing

- Denial of Service Testing

- Web Services Testing

- AJAX Testing. 

Mobile Device and Application Security Training

Training Duration: 2 Days

This training will look in-depth into all aspects of mobile security. Beginning with risk assessment of mobile applications we will examine the various dangers and threats which put the consumer and data privacy at risk. The training also covers in detail the various security frameworks across different mobile platforms like Apple, Android & Blackberry with understanding of common threats and best security practices.

Main topics of the training:

- Introduction & Case Studies

- OWASP Top 10 Mobile Issue

- Jail-breaking & Rooting Concepts/Issues

- Security Frameworks in Different Mobile Platforms   – Android, iPhone, Blackberry

- Secured Development Strategies

- Mobile Device Management (MDM)  

- Building MDM strategy

- Specific Elements of MDM

- Mobile Security Risk Assessment

- Risk – Vulnerability – Threats

- Security Policy Strategies for Mobile Environment.

 

Exploring Mobile Application Attacks Training

Training Duration: 2 Days

This training module introduces participants to extensive vulnerabilities found in a Mobile Application. Along with that Mobile applications are talking to servers over HTTP/HTTPS creating more attack opportunities on Web Services and APIs.

Main topics of the training:

- Mobile Application Architecture

- Introduction to iPhone and Android

- Security Model: iPhone and Android

- File System Permissions: iPhone and Android

- Components of Mobile Device Security

- Device Security

- Data Security

- Network Security

- Application Security

- Threats to Mobile Application

- OWASP: Mobile Top 10. 

iPhone Application Penetration Testing Training

Training Duration: 3 Days

This training covers the countermeasures of the critical vulnerabilities to secure your iPhone application from attackers. During the training program, the participants will be taken through iPhone Jail  Breaking, iPhone Simulator Setup, iPhone Application Static and Dynamic Analysis with Data Protection and iPhone Application Traffic Manipulation. Participant will also test iPhone application for several injection attacks.

Main topics of the training:

- Getting Familiar with iOS Architecture

- iPhone Application Distribution

- Components of Mobile Device Security

- OWASP: Mobile Top 10

- iPhone Application Penetration Testing Lab Setup

- iPhone Application Static Analysis

- iPhone Application Dynamic Analysis

- Application Network Communication Analysis

- Data Validation Testing

- Authentication Testing

- Authorization Testing

- Session Management Testing

- Data Protection.  

 

Android Application Penetration Testing Training

Training Duration: 3 Days

This training aims to demonstrate the methodology of mobile application penetration testing starting from “Setting Up Your PenTest Lab” to “Writing PenTest Reports”. It also covers the countermeasures of  the critical vulnerabilities to secure your Android application from attackers. During the training program, the participants will be taken through Android Emulator Setup, Android Application Static and Dynamic   Analysis and Android Application Traffic Manipulation. Participant will also test Android application for several injection attacks.

Main topics of the training:

- Getting Familiar Android Architecture

- Components of Smartphone Security

- OWASP: Mobile Top 10 Overview

- Penetration Test Lab Setup: Android Emulator

- Android Application Static Analysis

- Application Dynamic Analysis

- Application Network Communication Analysis

- Data Validation Testing

- Authentication Testing

- Authorization Testing

- Session Management Testing.  

Certificate of Cloud Security Knowledge – Basic Training

Training Duration: 1 Day

The Certificate of Cloud Security Knowledge - Basic class provides students a comprehensive one day review of cloud security fundamentals and prepares them to take the Cloud Security Alliance CCSK certification exam. Starting with a detailed description of cloud computing, the course covers all major domains in the latest Guidance document from the Cloud Security Alliance, and the recommendations from the European Network and Information Security Agency (ENISA).

This class is geared towards security professionals, but is also useful for anyone looking to expand their knowledge of cloud security. (We recommend attendees have at least a basic understanding of security fundamentals, such as firewalls, secure development, encryption, and identity management).

Certificate of Cloud Security Knowledge – Plus Training

Training Duration:2 Days

The CCSK- Plus class builds upon the CCSK Basic class with expanded material and extensive hands-on activities with a second day of training. Students will learn to apply their knowledge as they perform a series of exercises as they complete a scenario bringing a fictional organization securely into the cloud.

This second day of training includes additional lecture, although student’s will spend most of their time assessing, building, and securing a cloud infrastructure during the exercise.

 

Cloud Computing Security Training

Training Duration: 3 Days

Cloud computing is the use of hardware and software resources that are delivered as a service typically over the Internet. In this training, we shall first discuss the characteristics of cloud computing and later on focus specifically on cloud security’s best practices taking reference from industry standards like Cloud Security Alliance etc. We then look into the broad set of policies, technologies, and controls deployed to protect client data, applications and infrastructure associated with cloud computing.

Main topics of the training:

- Fundamentals of Cloud Computing

- Cloud Computing and SAAS, IAAS and PAAS

- Cloud Based Network Models

- Security Implications

- Security Components and Standards

- Security Threats

- Authentication and Authorization (Access)

- Data Security

- The Impact of Cloud Computing on the Role of Corporate IT.  

Virtualization and Security Training

Training Duration: 3 Days

The security benefits of virtualization like Storage security, Desktop security, better logging capabilities for large infrastructures can easily become the  security breaches in security if not properly planned and understood.  In this training we will teach the virtualization security fundamentals with an in-depth treatment of today's most pressing virtualization security concerns: known attacks and threats, theoretical methods for a security breach.

Main topics of the training:

- Fundamentals of Virtualization

- Virtualization Security Overview

- Introduction to Security Threat 

- Security for Virtualization Components

- Hypervisor Security

- Secure Virtualization Planning and Deployment

- Storage Security

- Cluster Security

- Best Practices.  

Database Security Training

Training Duration: 2 Days

Computer networks are built to support business functionality and beyond communication the result of business is data. The data important to your business is your company's digital assets; it needs organization, maintenance and above all protection from malicious attackers.

Main topics of the training:

- Oracle Security Implementation

- Securing the Operating System

- Users and Profiles

- Security and Developer Tools

- Backups and Disaster Recovery Tools

- Oracle 11g

- SQL Server 2008

- Database Security

- User Security

- Roles and Privileges

- Built-in Auditing.  

Malware Analysis Training

Training Duration: 2 Days

Malicious software, or malware, plays a part in most computer intrusion and security incidents. This training program provides you a platform to begin Malware Analysis. We focus on malware found on the Windows operating system but the skills you learn will serve you well when analyzing malware on any operating system. We also focus on executables, since they are the most common and the most difficult files that you’ll encounter.

Main topics of the training:

- Introduction to Malware Analysis

- Malware Analysis in Incident Response

- Virtual Machines for Malware Analysis

- Setting Up Virtual Machine 

- Malware Live Demonstrations

- Aquisition of Malware

- Static Malware Analysis

- Dynamic Malware Analysis.

Advance Malware Analysis Training

Training Duration: 3 Days

From web-based malware to native Windows executables, this  training class covers different variety of malware along with innumerable kinds of beclouding. Paticipants get to work in the real world environment and work practically upon malicious codes via system monitoring utilities, disassemblers and debuggers.

Main topics of the training:

-   Getting Familiar with x86 Architecture

-   Advance Static Malware Analysis

-   Disassembling Code in Binaries

-   Understanding Windows API

-   Disassembling Malware

-   Advance Dynamic Malware Analysis

-   Assembly Level Debugging Techniques

-   Debugging with Olly Debugger

-   Debugging Malware.

Wi-Fi Security and Penetration Testing Training

Training Duration: 3 Days

Security is now an essential element that forms the cornerstone of every corporate network. Wireless networking can be kind of scary from a security standpoint. It opens up whole new attack vectors that were not present with wired network infrastructures. The objective of this training program is to demonstrate various attacking and defensive mechanisms applied on Wireless Networks. 

Main topics of the training:

-  Wireless Networking Overview

-  Wireless Network Topologies

-  Wireless LAN Standards

-  Wireless Attacks and Risks

-  Infrastructure Attacks

-  Wi-Fi Penetration Testing Lab Setup

-  WEP and WPA/WPA2 Passwords

-  Denial of Service Attacks on Wi-Fi Networks.  

Payment Industry Data Security Implementer Training

Training Duration: 3 Days

The Payment Card Industry Data Security Standard – PCI DSS is a set of focused comprehensive controls for managing the risks surrounding the payment card transactions, particularly over the Internet. This training is created to allow organizations to exercise due care by performing internal validations through  a repeatable, objective process. While the training covers all of the requirements of the standard, the primary focus is on the technical controls and how they can be measured.

Main topics of the training:

- Introduction to PCI DSS V 2.0

- PCI DSS Implementation Initiatives – An Overview

- Identifying Business Information Flow   Requirements

- Best Practice For Storage

- Compliance Process

- Relation Between PA DSS & PCI DSS

- Understanding Report on Compliance for PCI DSS

- Understanding the overall Compliance Process

- Understanding PCI DSS Requirements

- Guidelines on PCI DSS Auditing Practices.  

IT Risk Management Training

Training Duration: 2 Days

Risk management is the identification, assessment, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities.

This training is built around globally accepted standards such as ISO 31000:2009   and frameworks such as ISACA’s Risk IT, and NIST and OCTAVE guidelines for   risk management.

Main topics of the training:

- Briefing on Definition of Risk and Risk in Context of Information Technology

- General Risk Scenarios

- IT Risk Management Cycle

- ISO 31000:2009 Overview

- IT Risk Assessment

- Applying ISO 31000 and Risk IT for Risk Assessment

- IT Risk Mitigation

- Evaluation IT Risk Management Cycle

- Integrating IT Risk Management with Various   Frameworks and Standards – BASEL II, ISO 20000, ITIL, COSO, COBIT, ISO 27001,  BS 25999.