Information System Security Training in Braga

This instructor-led, live training in Braga (online or onsite) is aimed at beginner-level network administrators who wish to use FortiGate 1100E to manage and secure their network environments effectively.

By the end of this training, participants will be able to:

• Understand the basic architecture and features of FortiGate 1100E.
• Learn how to deploy FortiGate 1100E in various network environments.
• Gain hands-on experience with basic configuration and management tasks.
• Understand security policies, NAT, and VPNs.
• Learn to monitor and maintain FortiGate 1100E.

This instructor-led, live training in Braga (online or onsite) is aimed at intermediate-level technical professionals who wish to delve deeper into the technical aspects and functionalities of Fortinet’s product line to effectively recommend, sell, and implement Fortinet security solutions.

By the end of this training, participants will be able to:

• Gain in-depth knowledge of Fortinet’s advanced security solutions and products.
• Understand the technical features, benefits, and deployment scenarios for each core Fortinet product.
• Configure, manage, and troubleshoot Fortinet solutions in diverse environments.
• Apply Fortinet products to address complex security challenges and requirements.

This instructor-led, live training in Braga (online or onsite) is aimed at security professionals who wish to learn how to use Cortex XDR in preventing and stopping the occurrence of sophisticated attacks and threats.

By the end of this training, participants will be able to:

• Understand the architecture and components of Cortex XDR.
• Create and manage profiles for exploit and malware prevention.
• Analyze behavioral threats and monitor response actions.
• Perform basic Cortex app troubleshooting.

This instructor-led, live training in Braga (online or onsite) is aimed at intermediate-level network and security professionals who wish to effectively manage and secure networks using Fortigate 600E equipment, with a specific focus on HA configurations for enhanced reliability and performance.

By the end of this training, participants will be able to:

• Understand the features, specifications, and operating principles of the Fortigate 600E firewall.
• Perform the initial setup of the Fortigate 600E, including basic configuration tasks like setting up interfaces, routing, and initial firewall policies.
• Configure and manage advanced security features such as SSL VPN, user authentication, antivirus, IPS, web filtering, and anti-malware capabilities to protect against a variety of network threats.
• Troubleshoot common issues in HA setups and effectively manage HA environments.

This instructor-led, live training in Braga (online or onsite) is aimed at service technicians, system admins, or anyone who wishes to learn proper installation, usage, and management of the Honeywell security system.

By the end of this training, participants will be able to:

• Learn the concepts of the Honeywell security systems and components.
• Properly install and maintain a Honeywell security system.
• Utilize the Honeywell maintenance tools and management suite to control a security system.

This instructor-led, live training in Braga (online or onsite) is aimed at security professionals who wish to learn how to manage firewalls at scale.

By the end of this training, participants will be able to:

• Design, configure, and manage the Panorama FireWall management server.
• Manage policies using device groups.
• Roll out network configurations to different firewalls.

This instructor-led, live training in Braga (online or onsite) is aimed at intermediate-level to advanced-level developers who wish to understand and apply secure coding practices, identify security risks in software, and implement defenses against cyber threats.

By the end of this training, participants will be able to:

• Understand common security vulnerabilities in web and software applications.
• Analyze security threats and exploit techniques used by attackers.
• Implement secure coding practices to mitigate security risks.
• Use security testing tools to identify and fix vulnerabilities.

This instructor-led, live training in Braga (online or onsite) is aimed at system administrators who wish to learn the fundamentals of software licensing, the key features of FlexNet, and how to implement and maintain software license management solutions.

By the end of this training, participants will be able to:

• Understand the fundamental concepts of software licensing.
• Manage core components and operation systems of FlexNet.
• Create various license models and types, generate license keys, and activate software licenses for end-users.
• Add, manage, and allocate licenses to end-users, monitor license usage, and ensure compliance.

This instructor-led, live training in Braga (online or onsite) is aimed at systems administrators who wish to learn how to use Zscaler to secure network connections for applications and cloud services.

By the end of this training, participants will be able to:

• Learn and understand the architecture security on Zscaler.
• Understand the value and baseline features of Zscaler advanced configurations.
• Use Zscaler to secure network connections for applications and cloud services.

Open Source Intelligence (OSINT) refers to any information that can legally be gathered from free, public sources about an individual or organization. OSINT also refers to the process of collecting this data, analyzing it, and using it for intelligence purposes.

Audience

• Researchers
• Security analysts
• Investigators
• Law enforcement
• Government and military personnel

Format of the Course

• Interactive lecture and discussion.
• Lots of exercises and practice.
• Hands-on implementation in a live-lab environment.

Course Customization Options

• To request a customized training for this course, please contact us to arrange.

Migrating to the cloud introduces immense benefits for companies and individuals in terms of efficiency and costs. With respect to security, the effects are quite diverse, but it is a common perception that using cloud services impacts security in a positive manner. Opinions, however, diverge many times even on defining who is responsible for ensuring the security of cloud resources.

Covering IaaS, PaaS and SaaS, first the security of the infrastructure is discussed: hardening and configuration issues as well as various solutions for authentication and authorization alongside identity management that should be at the core of all security architecture. This is followed by some basics regarding legal and contractual issues, namely how trust is established and governed in the cloud.

The journey through cloud security continues with understanding cloud-specific threats and the attackers’ goals and motivations as well as typical attack steps taken against cloud solutions. Special focus is also given to auditing the cloud and providing security evaluation of cloud solutions on all levels, including penetration testing and vulnerability analysis.

The focus of the course is on application security issues, dealing both with data security and the security of the applications themselves. From the standpoint of application security, cloud computing security is not substantially different from general software security, and therefore basically all OWASP-enlisted vulnerabilities are relevant in this domain as well. It is the set of threats and risks that makes the difference, and thus the training is concluded with the enumeration of various cloud-specific attack vectors connected to the weaknesses discussed beforehand.

Participants attending this course will

• Understand basic concepts of security, IT security and secure coding
• Understand major threats and risks in the cloud domain
• Learn about elementary cloud security solutions
• Get information about the trust and the governance regarding the cloud
• Have a practical understanding of cryptography
• Get extensive knowledge in application security in the cloud
• Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
• Understand the challenges of auditing and evaluating cloud systems for security
• Learn how to secure the cloud environment and infrastructure
• Get sources and further readings on secure coding practices

Audience

Developers, Managers, Professionals

Even experienced Java programmers are not mastering by all means the various security services offered by Java, and are likewise not aware of the different vulnerabilities that are relevant for web applications written in Java.

The course – besides introducing security components of Standard Java Edition – deals with security issues of Java Enterprise Edition (JEE) and web services. Discussion of specific services is preceded with the foundations of cryptography and secure communication. Various exercises deal with declarative and programmatic security techniques in JEE, while both transport-layer and end-to-end security of web services is discussed. The use of all components is presented through several practical exercises, where participants can try out the discussed APIs and tools for themselves.

The course also goes through and explains the most frequent and severe programming flaws of the Java language and platform and web-related vulnerabilities. Besides the typical bugs committed by Java programmers, the introduced security vulnerabilities cover both language-specific issues and problems stemming from the runtime environment. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques.

Participants attending this course will

• Understand basic concepts of security, IT security and secure coding
• Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
• Understand security concepts of Web services
• Learn to use various security features of the Java development environment
• Have a practical understanding of cryptography
• Understand security solutions of Java EE
• Learn about typical coding mistakes and how to avoid them
• Get information about some recent vulnerabilities in the Java framework
• Get practical knowledge in using security testing tools
• Get sources and further readings on secure coding practices

Audience

Developers

Even experienced programmers do not master by all means the various security services offered by their development platforms, and are likewise not aware of the different vulnerabilities that are relevant for their developments. This course targets developers using both Java and PHP, providing them essential skills necessary to make their applications resistant to contemporary attacks through the Internet.

Levels of Java security architecture are walked through by tackling access control, authentication and authorization, secure communication and various cryptographic functions. Various APIs are also introduced that can be used to secure your code in PHP, like OpenSSL for cryptography or HTML Purifier for input validation. On server side, the best practices are given for hardening and configuring the operating system, the web container, the file system, the SQL server and the PHP itself, while a special focus is given to client-side security through security issues of JavaScript, Ajax and HTML5.

General web vulnerabilities are discussed by examples aligned to the OWASP Top Ten, showing various injection attacks, script injections, attacks against session handling, insecure direct object references, issues with file uploads, and many others. The various Java- and PHP-specific language problems and issues stemming from the runtime environment are introduced grouped into the standard vulnerability types of missing or improper input validation, improper use of security features, incorrect error and exception handling, time- and state-related problems, code quality issues and mobile code-related vulnerabilities.

Participants can try out the discussed APIs, tools and the effects of configurations for themselves, while the introduction of vulnerabilities are all supported by a number of hands-on exercises demonstrating the consequences of successful attacks, showing how to correct the bugs and apply mitigation techniques, and introducing the use of various extensions and tools.

Participants attending this course will

• Understand basic concepts of security, IT security and secure coding
• Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
• Learn client-side vulnerabilities and secure coding practices
• Learn to use various security features of the Java development environment
• Have a practical understanding of cryptography
• Learn to use various security features of PHP
• Understand security concepts of Web services
• Get practical knowledge in using security testing tools
• Learn about typical coding mistakes and how to avoid them
• Be informed about recent vulnerabilities in Java and PHP frameworks and libraries
• Get sources and further readings on secure coding practices

Audience

Developers

This instructor-led, live training in Braga (online or onsite) focuses on network security from a software security perspective. Participants will learn about common network attacks and defenses across OSI layers, with a strong emphasis on application-layer threats such as session hijacking and denial-of-service (DoS) attacks.

By the end of this training, participants will be able to:

• Understand key concepts in IT security and secure coding.
• Identify and mitigate network threats at different OSI layers.
• Apply cryptographic methods in real-world scenarios.
• Implement and configure security protocols securely.
• Recognize and address cryptographic vulnerabilities and exploits.
• Access resources for ongoing secure coding practices.

The Combined SDL core training gives an insight into secure software design, development and testing through Microsoft Secure Development Lifecycle (SDL). It provides a level 100 overview of the fundamental building blocks of SDL, followed by design techniques to apply to detect and fix flaws in early stages of the development process.

Dealing with the development phase, the course gives an overview of the typical security relevant programming bugs of both managed and native code. Attack methods are presented for the discussed vulnerabilities along with the associated mitigation techniques, all explained through a number of hands-on exercises providing live hacking fun for the participants. Introduction of different security testing methods is followed by demonstrating the effectiveness of various testing tools. Participants can understand the operation of these tools through a number of practical exercises by applying the tools to the already discussed vulnerable code.

Participants attending this course will 

Understand basic concepts of security, IT security and secure coding

Get known to the essential steps of Microsoft Secure Development Lifecycle

Learn secure design and development practices

Learn about secure implementation principles

Understand security testing methodology

• Get sources and further readings on secure coding practices

Audience

Developers, Managers

After getting familiar with the vulnerabilities and the attack methods, participants learn about the general approach and the methodology for security testing, and the techniques that can be applied to reveal specific vulnerabilities. Security testing should start with information gathering about the system (ToC, i.e. Target of Evaluation), then a thorough threat modeling should reveal and rate all threats, arriving to the most appropriate risk analysis-driven test plan.

Security evaluations can happen at various steps of the SDLC, and so we discuss design review, code review, reconnaissance and information gathering about the system, testing the implementation and the testing and hardening the environment for secure deployment. Many security testing techniques are introduced in details, like taint analysis and heuristics-based code review, static code analysis, dynamic web vulnerability testing or fuzzing. Various types of tools are introduced that can be applied in order to automate security evaluation of software products, which is also supported by a number of exercises, where we execute these tools to analyze the already discussed vulnerable code. Many real life case studies support better understanding of various vulnerabilities.

This course prepares testers and QA staff to adequately plan and precisely execute security tests, select and use the most appropriate tools and techniques to find even hidden security flaws, and thus gives essential practical skills that can be applied on the next day working day.

Participants attending this course will

• Understand basic concepts of security, IT security and secure coding
• Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
• Learn client-side vulnerabilities and secure coding practices
• Understand security testing approaches and methodologies
• Get practical knowledge in using security testing techniques and tools
• Get sources and further readings on secure coding practices

Audience

Developers, Testers

Protecting applications that are accessible via the web requires well-prepared security professional who are at all time aware of current attack methods and trends. Plethora of technologies and environments exist that allow comfortable development of web applications. One should not only be aware of the security issues relevant to these platforms, but also of all general vulnerabilities that apply regardless of the used development tools.

The course gives an overview of the applicable security solutions in web applications, with a special focus on understanding the most important cryptographic solutions to be applied. The various web application vulnerabilities are presented both on the server side (following the OWASP Top Ten) and the client side, demonstrated through the relevant attacks, and followed by the recommended coding techniques and mitigation methods to avoid the associated problems. The subject of secure coding is wrapped up by discussing some typical security-relevant programming mistakes in the domain of input validation, improper use of security features and code quality.

Testing plays a very important role in ensuring security and robustness of web applications. Various approaches – from high level auditing through penetration testing to ethical hacking – can be applied to find vulnerabilities of different types. However, if you want to go beyond the easy-to-find low-hanging fruits, security testing should be well planned and properly executed. Remember: security testers should ideally find all bugs to protect a system, while for adversaries it is enough to find one exploitable vulnerability to penetrate into it.

Practical exercises will help understanding web application vulnerabilities, programming mistakes and most importantly the mitigation techniques, together with hands-on trials of various testing tools from security scanners, through sniffers, proxy servers, fuzzing tools to static source code analyzers, this course gives the essential practical skills that can be applied on the next day at the workplace.

Participants attending this course will

• Understand basic concepts of security, IT security and secure coding
• Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
• Learn client-side vulnerabilities and secure coding practices
• Have a practical understanding of cryptography
• Understand security testing approaches and methodologies
• Get practical knowledge in using security testing techniques and tools
• Be informed about recent vulnerabilities in various platforms, frameworks and libraries
• Get sources and further readings on secure coding practices

Audience

Developers, Testers

Web Application Security is the discipline of protecting online applications from modern security threats and vulnerabilities, including those that are platform-agnostic and affect core application architecture and input handling.

This instructor-led, live training (online or onsite) is aimed at intermediate-level developers who wish to understand and apply secure coding techniques to mitigate web vulnerabilities and implement robust web application security.

By the end of this training, participants will be able to:

• Understand basic concepts of security, IT security and secure coding.
• Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them.
• Learn client-side vulnerabilities and secure coding practices.
• Have a practical understanding of cryptography.
• Understand security concepts of Web services.
• Get practical knowledge in using security testing tools.
• Get sources and further readings on secure coding practices.

Format of the Course

• Interactive lecture and discussion.
• Lots of exercises and practice.
• Hands-on implementation in a live-lab environment.

Course Customization Options

• To request a customized training for this course, please contact us to arrange.

This class will help the attendees to scan, test, hack on secure their own systems, get in-depth knowledge and practical experience with the current essential security systems. the attendees know how perimeter defenses work and then be lead into scanning and attacking their own networks, no real network is harmed, the attendees then will learn how intruders escalate privileges and what steps can be taken to secure a system, Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation.    
 

Target Audience:

This course is designed for individuals interested in understanding information security and exploring potential career paths in the field. It is suitable for people from diverse backgrounds, including those with limited prior technical knowledge.

Course Objectives:

Attendees should:

• Gain a broad understanding of information security concepts and principles.
• Be able to identify key threats and vulnerabilities.
• Have the capability to explore various career options and specialisations within information security.
• Develop a foundation for further learning and exploration in the field.

Format of the Course:

• Interactive lecture and group discussions.
• Practical exercises and feedback sessions.
• Participants are encouraged to bring questions and participate actively in discussions.

This agenda is flexible and can be adjusted based on time constraints and audience interests. Customised versions might include interactive elements such as quizzes, polls, and group discussions.

The course will provide resources and information about further learning, professional organisations, and career resources will be provided.

Course Customisation Options

• To request a customised training for this course, please contact us to arrange.

In this instructor-led, live training in Braga, participants will learn about the various aspects of NB-IoT (also known as LTE Cat NB1) as they develop and deploy a sample NB-IoT based application.

By the end of this training, participants will be able to:

• Identify the different components of NB-IoT and how to fit together to form an ecosystem.
• Understand and explain the security features built into NB-IoT devices.
• Develop a simple application to track NB-IoT devices.

OpenVAS is an advanced open source framework which consists of several services and tools for network vulnerability scanning and management.

In this instructor-led, live training, participants will learn how to use OpenVAS for network vulnerability scanning.

By the end of this training, participants will be able to:

• Install and configure OpenVAS
• Learn the fundamental features and components of OpenVAS
• Configure and implement network vulnerability scans with OpenVAS
• Review and interpret OpenVAS scan results

Audience

• Network engineers
• Network administrators

Format of the course

• Part lecture, part discussion, exercises and heavy hands-on practice

Note

• To request a customized training for this course, please contact us to arrange.

This instructor-led, live training in Braga (online or onsite) is aimed at persons who wish to carry out research on third parties while protecting themselves from the like.

By the end of this training, participants will be able to:

• Install and configure advanced tools for carrying out OSINT.
• Use advanced techniques to collect publicly available data relevant to an investigation.
• Analyze large amounts of data efficiently.
• Generate intelligence reports on findings.
• Leverage AI tools for facial recognition and sentiment analysis.
• Map out a strategy for defining the objective and directing efforts to the most relevant and actionable data.

The public key and private key are the basis of public key cryptography (asymmetric), enabling secure communication and exchange of information in computer networks. The combination of both keys allows you to secure transmitted data, maintaining its confidentiality and ensuring the authenticity of digital signatures. The public key and private key are the basis of public key cryptography (asymmetric), enabling secure communication and exchange of information in computer networks. The combination of both keys allows you to secure transmitted data, maintaining its confidentiality and ensuring the authenticity of digital signatures.

This instructor-led, live training in Braga (online or onsite) is aimed at SysAdmins, systems engineers, security architects, and security analysts who wish to write, execute, and deploy PowerShell scripts and commands to automate Windows security management in their organization.

By the end of this training, participants will be able to:

• Write and execute PowerShell commands to streamline Windows security tasks.
• Use PowerShell for remote command execution to run scripts on thousands of systems across an organization.
• Configure and harden Windows Server and Windows Firewall to protect systems from malware and attacks.
• Manage certificates and authentication to control user access and activity.

This Course in Braga aims to help in the following:

1. Help Developers to master the techniques of writing Secure Code
2. Help Software Testers to test the security of the application before publishing to the production environment
3. Help Software Architects to understand the risks surrounding the applications
4. Help Team Leaders to set the security base lines for the developers
5. Help Web Masters to configure the Servers to avoid miss-configurations

This course explore the technical skills to implement, monitor and administer IT infrastructure using information security policies and procedures. And how to protecting the confidentiality, integrity and availability of data.    
 

Description:

This course will give the participants thorough understanding about security concepts, web application concepts and frameworks used by developers in order to be able to exploit and protect targeted application. In today’s world, that is changing rapidly and thus all the technologies used are also changed at a fast pace, web applications are exposed to hackers attacks 24/7. In order to protect the applications from external attackers one has to know all the bits and pieces that makes the web application, like frameworks, languages and technologies used in web application development, and much more than that. The problem is that attacker has to know only one way to break into the application and developer (or systems administrator) has to know all the possible exploits in order to prevent this from happening. Because of that it is really difficult to have a bullet proof secured web application, and in most of the cases web application is vulnerable to something. This is regularly exploited by cyber criminals and casual hackers, and it can be minimized by correct planning, development, web application testing and configuration.

Objectives:

To give you the skill and knowledge needed to understand and identify possible exploits in live web applications, and to exploit identified vulnerabilities. Because of the knowledge gained through the identification and exploitation phase, you should be able to protect the web application against similar attacks. After this course the participant will be able to understand and identify OWASP top 10 vulnerabilities and to incorporate that knowledge in web application protection scheme.

Audience:

Developers, Police and other law enforcement personnel, Defense and Military personnel, e-Business Security professionals, Systems administrators, Banking, Insurance and other professionals, Government agencies, IT managers, CISO’s, CTO’s.

This instructor-led, live training in Braga (online or onsite) is aimed at technical persons who wish to apply the most suitable tools and techniques to secure both telecom as well as wireless networks.

Audience:

System Administrators and Network Administrators as well as anyone who is interested in defensive network security technologies.