Information System Security Training in Braga

This instructor-led, live training in Braga (online or onsite) is aimed at intermediate-level network administrators who wish to gain the essential skills to manage, administer, monitor, and maintain Fortinet security systems. By the end of this training, participants will be able to:

• Configure and manage FortiGate firewalls.
• Monitor network traffic and manage incidents with FortiAnalyzer.
• Automate tasks and manage policies through FortiManager.
• Apply preventive maintenance strategies and troubleshoot network issues.

This instructor-led, live training in Braga (online or onsite) is aimed at beginner-level network administrators who wish to use FortiGate 1100E to manage and secure their network environments effectively. By the end of this training, participants will be able to:

• Understand the basic architecture and features of FortiGate 1100E.
• Learn how to deploy FortiGate 1100E in various network environments.
• Gain hands-on experience with basic configuration and management tasks.
• Understand security policies, NAT, and VPNs.
• Learn to monitor and maintain FortiGate 1100E.

This instructor-led, live training in Braga (online or onsite) is aimed at beginner-level technical professionals who wish to learn the concept of the Security Fabric and how it evolved to address the cybersecurity needs of organizations. By the end of this training, participants will be able to:

• Learn the evolution of cybersecurity and how it has shaped current security technologies.
• Use Fortinet products to protect against specific types of cyber threats and attacks.
• Understand the integration and automation capabilities of Fortinet solutions in providing a coordinated response to cyber incidents.

This instructor-led, live training in Braga (online or onsite) is aimed at intermediate-level to advanced-level developers who wish to understand and apply secure coding practices, identify security risks in software, and implement defenses against cyber threats.By the end of this training, participants will be able to:

• Understand common security vulnerabilities in web and software applications.
• Analyze security threats and exploit techniques used by attackers.
• Implement secure coding practices to mitigate security risks.
• Use security testing tools to identify and fix vulnerabilities.

This instructor-led, live training in Braga (online or onsite) is aimed at system administrators who wish to learn the fundamentals of software licensing, the key features of FlexNet, and how to implement and maintain software license management solutions. By the end of this training, participants will be able to:

• Understand the fundamental concepts of software licensing.
• Manage core components and operation systems of FlexNet.
• Create various license models and types, generate license keys, and activate software licenses for end-users.
• Add, manage, and allocate licenses to end-users, monitor license usage, and ensure compliance.

This instructor-led, live training in Braga (online or onsite) is aimed at systems administrators who wish to learn how to use Zscaler to secure network connections for applications and cloud services. By the end of this training, participants will be able to:

• Learn and understand the architecture security on Zscaler.
• Understand the value and baseline features of Zscaler advanced configurations.
• Use Zscaler to secure network connections for applications and cloud services.

Open Source Intelligence (OSINT) refers to any information that can legally be gathered from free, public sources about an individual or organization. OSINT also refers to the process of collecting this data, analyzing it, and using it for intelligence purposes. Audience

• Researchers
• Security analysts
• Investigators
• Law enforcement
• Government and military personnel

Format of the Course

• Interactive lecture and discussion.
• Lots of exercises and practice.
• Hands-on implementation in a live-lab environment.

Course Customization Options

• To request a customized training for this course, please contact us to arrange.

Android is an open platform for mobile devices such as handsets and tablets. It has a large variety of security features to make developing secure software easier; however, it is also missing certain security aspects that are present in other hand-held platforms. The course gives a comprehensive overview of these features, and points out the most critical shortcomings to be aware of related to the underlying Linux, the file system and the environment in general, as well as regarding using permissions and other Android software development components. Typical security pitfalls and vulnerabilities are described both for native code and Java applications, along with recommendations and best practices to avoid and mitigate them. In many cases discussed issues are supported with real-life examples and case studies. Finally, we give a brief overview on how to use security testing tools to reveal any security relevant programming bugs. Participants attending this course will 

• Understand basic concepts of security, IT security and secure coding
• Learn the security solutions on Android
• Learn to use various security features of the Android platform
• Get information about some recent vulnerabilities in Java on Android
• Learn about typical coding mistakes and how to avoid them
• Get understanding on native code vulnerabilities on Android
• Realize the severe consequences of unsecure buffer handling in native code
• Understand the architectural protection techniques and their weaknesses
• Get sources and further readings on secure coding practices

Audience Professionals

A number of programming languages are available today to compile code to .NET and ASP.NET frameworks. The environment provides powerful means for security development, but developers should know how to apply the architecture- and coding-level programming techniques in order to implement the desired security functionality and avoid vulnerabilities or limit their exploitation. The aim of this course is to teach developers through numerous hands-on exercises how to prevent untrusted code from performing privileged actions, protect resources through strong authentication and authorization, provide remote procedure calls, handle sessions, introduce different implementations for certain functionality, and many more. A special section is devoted to configuration and hardening of the .NET and ASP.NET environment for security. A brief introduction to the foundations of cryptography provides a common practical baseline for understanding the purpose and the operation of various algorithms, based on which the course presents the cryptographic features that can be used in .NET. This is followed by the introduction of some recent crypto vulnerabilities both related to certain crypto algorithms and cryptographic protocols, as well as side-channel attacks. Introduction of different vulnerabilities starts with presenting some typical programming problems committed when using .NET, including bug categories of input validation, error handling or race conditions. A special focus is given to XML security, while the topic of ASP.NET-specific vulnerabilities tackles some special issues and attack methods: like attacking the ViewState, or the string termination attacks. Participants attending this course will

• Understand basic concepts of security, IT security and secure coding
• Learn to use various security features of the .NET development environment
• Have a practical understanding of cryptography
• Understand some recent attacks against cryptosystems
• Get information about some recent vulnerabilities in .NET and ASP.NET
• Learn about typical coding mistakes and how to avoid them
• Get practical knowledge in using security testing tools
• Get sources and further readings on secure coding practices

Audience Developers

Migrating to the cloud introduces immense benefits for companies and individuals in terms of efficiency and costs. With respect to security, the effects are quite diverse, but it is a common perception that using cloud services impacts security in a positive manner. Opinions, however, diverge many times even on defining who is responsible for ensuring the security of cloud resources. Covering IaaS, PaaS and SaaS, first the security of the infrastructure is discussed: hardening and configuration issues as well as various solutions for authentication and authorization alongside identity management that should be at the core of all security architecture. This is followed by some basics regarding legal and contractual issues, namely how trust is established and governed in the cloud. The journey through cloud security continues with understanding cloud-specific threats and the attackers’ goals and motivations as well as typical attack steps taken against cloud solutions. Special focus is also given to auditing the cloud and providing security evaluation of cloud solutions on all levels, including penetration testing and vulnerability analysis. The focus of the course is on application security issues, dealing both with data security and the security of the applications themselves. From the standpoint of application security, cloud computing security is not substantially different from general software security, and therefore basically all OWASP-enlisted vulnerabilities are relevant in this domain as well. It is the set of threats and risks that makes the difference, and thus the training is concluded with the enumeration of various cloud-specific attack vectors connected to the weaknesses discussed beforehand. Participants attending this course will

• Understand basic concepts of security, IT security and secure coding
• Understand major threats and risks in the cloud domain
• Learn about elementary cloud security solutions
• Get information about the trust and the governance regarding the cloud
• Have a practical understanding of cryptography
• Get extensive knowledge in application security in the cloud
• Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
• Understand the challenges of auditing and evaluating cloud systems for security
• Learn how to secure the cloud environment and infrastructure
• Get sources and further readings on secure coding practices

Audience Developers, Managers, Professionals

Description The Java language and the Runtime Environment (JRE) was designed to be free from the most problematic common security vulnerabilities experienced in other languages, like C/C++. Yet, software developers and architects should not only know how to use the various security features of the Java environment (positive security), but should also be aware of the numerous vulnerabilities that are still relevant for Java development (negative security). The introduction of security services is preceded with a brief overview of the foundations of cryptography, providing a common baseline for understanding the purpose and the operation of the applicable components. The use of these components is presented through several practical exercises, where participants can try out the discussed APIs for themselves. The course also goes through and explains the most frequent and severe programming flaws of the Java language and platform, covering both the typical bugs committed by Java programmers and the language- and environment-specific issues. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques. Participants attending this course will

• Understand basic concepts of security, IT security and secure coding
• Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
• Learn to use various security features of the Java development environment
• Have a practical understanding of cryptography
• Learn about typical coding mistakes and how to avoid them
• Get information about some recent vulnerabilities in the Java framework
• Get sources and further readings on secure coding practices

Audience Developers

Description Beyond solid knowledge in using Java components, even for experienced Java programmers it is essential to have a deep knowledge in web-related vulnerabilities both on server and client side, the different vulnerabilities that are relevant for web applications written in Java, and the consequences of the various risks. General web-based vulnerabilities are demonstrated through presenting the relevant attacks, while the recommended coding techniques and mitigation methods are explained in the context of Java with the most important aim to avoid the associated problems. In addition, a special focus is given to client-side security tackling security issues of JavaScript, Ajax and HTML5. The course introduces security components of Standard Java Edition, which is preceded with the foundations of cryptography, providing a common baseline for understanding the purpose and the operation of the applicable components. The use of all components is presented through practical exercises, where participants can try out the discussed APIs and tools for themselves. Finally, the course explains the most frequent and severe programming flaws of the Java language and platform. Besides the typical bugs committed by Java programmers, the introduced security vulnerabilities cover both language-specific issues and problems stemming from the runtime environment. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques. Participants attending this course will

• Understand basic concepts of security, IT security and secure coding
• Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
• Learn client-side vulnerabilities and secure coding practices
• Learn to use various security features of the Java development environment
• Have a practical understanding of cryptography
• Learn about typical coding mistakes and how to avoid them
• Get information about some recent vulnerabilities in the Java framework
• Get practical knowledge in using security testing tools
• Get sources and further readings on secure coding practices

Audience Developers

As a developer, your duty is to write bulletproof code. What if we told you that despite all of your efforts, the code you have been writing your entire career is full of weaknesses you never knew existed? What if, as you are reading this, hackers were trying to break into your code? How likely would they be to succeed? What if they could steal away your database and sell it on the black market? This Web application security course will change the way you look at code. A hands-on training during which we will teach you all the attackers’ tricks and how to mitigate them, leaving you with no other feeling than the desire to know more. It is your choice to be ahead of the pack, and be seen as a game changer in the fight against cybercrime. Delegates attending will:

• Understand basic concepts of security, IT security and secure coding
• Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
• Learn client-side vulnerabilities and secure coding practices
• Learn about Node.js security
• Learn about MongoDB security
• Have a practical understanding of cryptography
• Understand essential security protocols
• Understand security concepts of Web services
• Learn about JSON security
• Get practical knowledge in using security testing techniques and tools
• Learn how to handle vulnerabilities in the used platforms, frameworks and libraries
• Get sources and further readings on secure coding practices

A number of programming languages are available today to compile code to .NET and ASP.NET frameworks. The environment provides powerful means for security development, but developers should know how to apply the architecture- and coding-level programming techniques in order to implement the desired security functionality and avoid vulnerabilities or limit their exploitation. The aim of this course is to teach developers through numerous hands-on exercises how to prevent untrusted code from performing privileged actions, protect resources through strong authentication and authorization, provide remote procedure calls, handle sessions, introduce different implementations for certain functionality, and many more. Introduction of different vulnerabilities starts with presenting some typical programming problems committed when using .NET, while the discussion of vulnerabilities of the ASP.NET also deals with various environment settings and their effects. Finally, the topic of ASP.NET-specific vulnerabilities not only deals with some general web application security challenges, but also with special issues and attack methods like attacking the ViewState, or the string termination attacks. Participants attending this course will

• Understand basic concepts of security, IT security and secure coding
• Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
• Learn to use various security features of the .NET development environment
• Get practical knowledge in using security testing tools
• Learn about typical coding mistakes and how to avoid them
• Get information about some recent vulnerabilities in .NET and ASP.NET
• Get sources and further readings on secure coding practices

Audience Developers

The course introduces some common security concepts, gives an overview about the nature of the vulnerabilities regardless of the used programming languages and platforms, and explains how to handle the risks that apply regarding software security in the various phases of the software development lifecycle. Without going deeply into technical details, it highlights some of the most interesting and most aching vulnerabilities in various software development technologies, and presents the challenges of security testing, along with some techniques and tools that one can apply to find any existing problems in their code. Participants attending this course will 

• Understand basic concepts of security, IT security and secure coding
• Understand Web vulnerabilities both on server and client side
• Realize the severe consequences of unsecure buffer handling
• Be informated about some recent vulnerabilities in development environments and frameworks
• Learn about typical coding mistakes and how to avoid them
• Understand security testing approaches and methodologies

Audience Managers

The course provides essential skills for PHP developers necessary to make their applications resistant to contemporary attacks through the Internet. Web vulnerabilities are discussed through PHP-based examples going beyond the OWASP top ten, tackling various injection attacks, script injections, attacks against session handling of PHP, insecure direct object references, issues with file upload, and many others. PHP-related vulnerabilities are introduced grouped into the standard vulnerability types of missing or improper input validation, incorrect error and exception handling, improper use of security features and time- and state-related problems. For this latter we discuss attacks like the open_basedir circumvention, denial-of-service through magic float or the hash table collision attack. In all cases participants will get familiar with the most important techniques and functions to be used to mitigate the enlisted risks. A special focus is given to client-side security tackling security issues of JavaScript, Ajax and HTML5. A number of security-related extensions to PHP are introduced like hash, mcrypt and OpenSSL for cryptography, or Ctype, ext/filter and HTML Purifier for input validation. The best hardening practices are given in connection with PHP configuration (setting php.ini), Apache and the server in general. Finally, an overview is given to various security testing tools and techniques which developers and testers can use, including security scanners, penetration testing and exploit packs, sniffers, proxy servers, fuzzing tools and static source code analyzers. Both the introduction of vulnerabilities and the configuration practices are supported by a number of hands-on exercises demonstrating the consequences of successful attacks, showing how to apply mitigation techniques and introducing the use of various extensions and tools. Participants attending this course will

• Understand basic concepts of security, IT security and secure coding
• Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
• Learn client-side vulnerabilities and secure coding practices
• Have a practical understanding of cryptography
• Learn to use various security features of PHP
• Learn about typical coding mistakes and how to avoid them
• Be informed about recent vulnerabilities of the PHP framework
• Get practical knowledge in using security testing tools
• Get sources and further readings on secure coding practices

Audience Developers

The Combined SDL core training gives an insight into secure software design, development and testing through Microsoft Secure Development Lifecycle (SDL). It provides a level 100 overview of the fundamental building blocks of SDL, followed by design techniques to apply to detect and fix flaws in early stages of the development process. Dealing with the development phase, the course gives an overview of the typical security relevant programming bugs of both managed and native code. Attack methods are presented for the discussed vulnerabilities along with the associated mitigation techniques, all explained through a number of hands-on exercises providing live hacking fun for the participants. Introduction of different security testing methods is followed by demonstrating the effectiveness of various testing tools. Participants can understand the operation of these tools through a number of practical exercises by applying the tools to the already discussed vulnerable code. Participants attending this course will 

• Understand basic concepts of security, IT security and secure coding
• Get known to the essential steps of Microsoft Secure Development Lifecycle
• Learn secure design and development practices
• Learn about secure implementation principles
• Understand security testing methodology
• Get sources and further readings on secure coding practices

Audience Developers, Managers

After getting familiar with the vulnerabilities and the attack methods, participants learn about the general approach and the methodology for security testing, and the techniques that can be applied to reveal specific vulnerabilities. Security testing should start with information gathering about the system (ToC, i.e. Target of Evaluation), then a thorough threat modeling should reveal and rate all threats, arriving to the most appropriate risk analysis-driven test plan. Security evaluations can happen at various steps of the SDLC, and so we discuss design review, code review, reconnaissance and information gathering about the system, testing the implementation and the testing and hardening the environment for secure deployment. Many security testing techniques are introduced in details, like taint analysis and heuristics-based code review, static code analysis, dynamic web vulnerability testing or fuzzing. Various types of tools are introduced that can be applied in order to automate security evaluation of software products, which is also supported by a number of exercises, where we execute these tools to analyze the already discussed vulnerable code. Many real life case studies support better understanding of various vulnerabilities. This course prepares testers and QA staff to adequately plan and precisely execute security tests, select and use the most appropriate tools and techniques to find even hidden security flaws, and thus gives essential practical skills that can be applied on the next day working day. Participants attending this course will

• Understand basic concepts of security, IT security and secure coding
• Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
• Learn client-side vulnerabilities and secure coding practices
• Understand security testing approaches and methodologies
• Get practical knowledge in using security testing techniques and tools
• Get sources and further readings on secure coding practices

Audience Developers, Testers

This class will help the attendees to scan, test, hack on secure their own systems, get in-depth knowledge and practical experience with the current essential security systems. the attendees know how perimeter defenses work and then be lead into scanning and attacking their own networks, no real network is harmed, the attendees then will learn how intruders escalate privileges and what steps can be taken to secure a system, Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation.    
 

This instructor-led, live training in Braga (online or onsite) is aimed at security engineers and system administrators who wish to use FortiGate NGFW's advanced security-driven network systems to protect their organization from internal and external threats. By the end of this training, participants will be able to:

• Install and configure the preferred FortiGate NGFW software and hardware model.
• Operate and employ FortiGate NGFW to improve the efficiency of system administration tasks.
• Manage various forms of external and internal threats using FortiGate features.
• Integrate FortiGate security fabric with the entire IT infrastructure to provide quick automated protection.
• Ensure long-term protection from attacks with independent and continuous FortiGate threat intelligence.
• Troubleshoot the most common firewall system setup errors relevant to FortiGate NGFWs.
• Implement Fortinet security solutions in other enterprise applications.

Target Audience: This course is designed for individuals interested in understanding information security and exploring potential career paths in the field. It is suitable for people from diverse backgrounds, including those with limited prior technical knowledge. Course Objectives: Attendees should:

• Gain a broad understanding of information security concepts and principles.
• Be able to identify key threats and vulnerabilities.
• Have the capability to explore various career options and specialisations within information security.
• Develop a foundation for further learning and exploration in the field.

Format of the Course:

• Interactive lecture and group discussions.
• Practical exercises and feedback sessions.
• Participants are encouraged to bring questions and participate actively in discussions.

This agenda is flexible and can be adjusted based on time constraints and audience interests. Customised versions might include interactive elements such as quizzes, polls, and group discussions.

The course will provide resources and information about further learning, professional organisations, and career resources will be provided. Course Customisation Options

• To request a customised training for this course, please contact us to arrange.

In this instructor-led, live training in Braga, participants will understand Internet of Things (IoT) architectures and learn the different IoT security solutions applicable to their organization. By the end of this training, participants will be able to:

• Understand IoT architectures.
• Understand emerging IoT security threats and solutions.
• Implement technologies for IoT security in their organization.

Why should you attend? The Certified Lead Ethical Hacker training course enables you to develop the necessary expertise to perform information system penetration tests by applying recognized principles, procedures and penetration testing techniques, in order to identify potential threats on a computer network. During this training course, you will gain the knowledge and skills to manage a penetration testing project or team, as well as plan and perform internal and external pentests, in accordance with various standards such as the Penetration Testing Execution Standard (PTES) and the Open Source Security Testing Methodology Manual (OSSTMM). Moreover, you will also gain a thorough understanding on how to draft reports and countermeasure proposals. Additionally, through practical exercises, you will be able to master penetration testing techniques and acquire the skills needed to manage a pentest team, as well as customer communication and conflict resolution.   The Certified Lead Ethical Hacking training course provides a technical vision of information security through ethical hacking, using common techniques such as information gathering and vulnerability detection, both inside and outside of a business network. The training is also compatible with the NICE (The National Initiative for Cybersecurity Education) Protect and Defend framework.  After mastering the necessary knowledge and skills in ethical hacking, you can take the exam and apply for the "PECB Certified Lead Ethical Hacker" credential. By holding a PECB Lead Ethical Hacker certificate, you will be able to demonstrate that you have acquired the practical skills for performing and managing penetration tests according to best practices.  Who should attend?

• Individuals interested in IT Security, and particularly in Ethical Hacking, to either learn more about the topic or to start a process of professional reorientation.
• Information security officers and professionals seeking to master ethical hacking and penetration testing techniques.
• Managers or consultants wishing to learn how to control the penetration testing process.
• Auditors wishing to perform and conduct professional penetration tests.
• Persons responsible for maintaining the security of information systems in an organization.
• Technical experts who want to learn how to prepare a pentest.
• Cybersecurity professionals and information security team members.

This instructor-led, live training in Braga (online or onsite) is aimed at software testers who wish to protect their organization's network with Nmap. By the end of this training, participants will be able to:

• Set up the necessary testing environment to start using Nmap.
• Scan network systems for security vulnerabilities.
• Discover active and vulnerable hosts.

This class will help the attendees to scan, test, hack and secure their own systems. To gain an in-depth knowledge and practical experience with the current essential security systems. The attendees will get to know how perimeter defences work and then be led into scanning and attacking their own networks, no real network is harmed. The attendees then will learn how intruders escalate privileges and what steps can be taken to secure a system, Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation.

This Introduction to Open Source Intelligence (OSINT) course will provide delegates with skills to become more efficient and effective at finding those key pieces of intelligence on the Internet and World Wide Web. The course is highly practical allowing delegates the time to explore and understand some of the hundreds of tools and websites available.
The next level with in-depth use of advanced tools that are vital for covert internet investigations and intelligence gathering. The course is highly practical allowing delegates the time to explore and understand the tools and resources covered."    
 

The public key and private key are the basis of public key cryptography (asymmetric), enabling secure communication and exchange of information in computer networks. The combination of both keys allows you to secure transmitted data, maintaining its confidentiality and ensuring the authenticity of digital signatures. The public key and private key are the basis of public key cryptography (asymmetric), enabling secure communication and exchange of information in computer networks. The combination of both keys allows you to secure transmitted data, maintaining its confidentiality and ensuring the authenticity of digital signatures.

This instructor-led, live training in Braga (online or onsite) is aimed at SysAdmins, systems engineers, security architects, and security analysts who wish to write, execute, and deploy PowerShell scripts and commands to automate Windows security management in their organization. By the end of this training, participants will be able to:

• Write and execute PowerShell commands to streamline Windows security tasks.
• Use PowerShell for remote command execution to run scripts on thousands of systems across an organization.
• Configure and harden Windows Server and Windows Firewall to protect systems from malware and attacks.
• Manage certificates and authentication to control user access and activity.

This course covers the secure coding concepts and principals with ASP.net through the Open Web Application Security Project (OWASP) methodology of testing , OWASP is an online community which creates freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security.  This Course explores the Dot Net Framework Security features and how to secure web applications.   
    
    
    
    
    

This course explore the technical skills to implement, monitor and administer IT infrastructure using information security policies and procedures. And how to protecting the confidentiality, integrity and availability of data.