Information System Security Training in Porto

This instructor-led, live training in Porto (online or onsite) is aimed at beginner-level network administrators who wish to use FortiGate 1100E to manage and secure their network environments effectively.

By the end of this training, participants will be able to:

• Understand the basic architecture and features of FortiGate 1100E.
• Learn how to deploy FortiGate 1100E in various network environments.
• Gain hands-on experience with basic configuration and management tasks.
• Understand security policies, NAT, and VPNs.
• Learn to monitor and maintain FortiGate 1100E.

This instructor-led, live training in Porto (online or onsite) is aimed at intermediate-level technical professionals who wish to delve deeper into the technical aspects and functionalities of Fortinet’s product line to effectively recommend, sell, and implement Fortinet security solutions.

By the end of this training, participants will be able to:

• Gain in-depth knowledge of Fortinet’s advanced security solutions and products.
• Understand the technical features, benefits, and deployment scenarios for each core Fortinet product.
• Configure, manage, and troubleshoot Fortinet solutions in diverse environments.
• Apply Fortinet products to address complex security challenges and requirements.

This instructor-led, live training in Porto (online or onsite) is designed for security professionals who wish to learn how to use Cortex XDR to prevent and mitigate sophisticated attacks and threats.

By the end of this training, participants will be able to:

• Understand the architecture and components of Cortex XDR.
• Create and manage profiles for exploit and malware prevention.
• Analyze behavioral threats and monitor response actions.
• Perform basic Cortex app troubleshooting.

This instructor-led, live training in Porto (online or onsite) is aimed at beginner-level technical professionals who wish to learn the concept of the Security Fabric and how it evolved to address the cybersecurity needs of organisations.

By the end of this training, participants will be able to:

• Learn the evolution of cybersecurity and how it has shaped current security technologies.
• Use Fortinet products to protect against specific types of cyber threats and attacks.
• Understand the integration and automation capabilities of Fortinet solutions in providing a coordinated response to cyber incidents.

This instructor-led, live training in Porto (online or onsite) is designed for service technicians, system administrators, or anyone wishing to learn the correct installation, usage, and management of the Honeywell security system.

By the end of this training, participants will be able to:

• Grasp the concepts underlying Honeywell security systems and their components.
• Correctly install and maintain a Honeywell security system.
• Use Honeywell maintenance tools and the management suite to control a security system.

This instructor-led, live training in Porto (online or onsite) is aimed at intermediate-level IT professionals who wish to effectively use and manage Sophos XG Firewall to enhance the security posture of their organizations or clients.

By the end of this training, participants will be able to:

• Understand the features and capabilities of Sophos XG Firewall.
• Perform initial setup, configure network interfaces, and create and manage firewall policies and rules.
• Understand how to integrate with various authentication services.
• Utilize Sophos XG Firewall's monitoring and reporting tools to maintain oversight of network security.

This instructor-led, live training in Porto (online or onsite) is designed for intermediate to advanced-level developers who aim to comprehend and apply secure coding practices, identify security risks within software, and implement defenses against cyber threats.

Upon completion of this training, participants will be able to:

• Grasp common security vulnerabilities in web and software applications.
• Analyze security threats and exploit techniques employed by attackers.
• Implement secure coding practices to mitigate security risks.
• Utilize security testing tools to identify and rectify vulnerabilities.

This instructor-led, live training in Porto (online or onsite) is aimed at system administrators who wish to learn the fundamentals of software licensing, the key features of FlexNet, and how to implement and maintain software license management solutions.

By the end of this training, participants will be able to:

• Understand the fundamental concepts of software licensing.
• Manage core components and operation systems of FlexNet.
• Create various license models and types, generate license keys, and activate software licenses for end-users.
• Add, manage, and allocate licenses to end-users, monitor license usage, and ensure compliance.

This instructor-led, live training in Porto (online or onsite) targets experienced network security managers seeking the knowledge and skills required to deploy, manage, and troubleshoot Fortinet’s FortiGate security appliances running on FortiOS 7.2 to achieve NSE4 Network Security Professional status.

Upon completion of this training, participants will be able to:

• Comprehend Fortinet’s product portfolio and the role of FortiOS in network security.
• Deploy effective firewall policies, security profiles, and Network Address Translation (NAT).
• Leverage security services to ensure network redundancy and failover.
• Apply security best practices and optimise security policies for compliance and threat mitigation.

Android serves as an open platform for mobile devices, including smartphones and tablets. While it offers a broad range of security features to facilitate the development of secure software, it also lacks certain security aspects found in other handheld platforms. This course provides a comprehensive overview of these features, highlighting critical shortcomings related to the underlying Linux system, the file system, and the general environment. It also addresses issues associated with permission management and other Android software development components.

Typical security pitfalls and vulnerabilities are examined for both native code and Java applications, alongside recommendations and best practices to prevent and mitigate them. Many of the discussed issues are supported by real-life examples and case studies. Finally, we provide a brief overview on utilizing security testing tools to identify security-related programming bugs.

Participants attending this course will

• Understand fundamental concepts of security, IT security, and secure coding
• Learn about Android security solutions
• Learn to utilize various security features of the Android platform
• Gain insight into recent Java vulnerabilities on Android
• Understand typical coding mistakes and how to avoid them
• Gain understanding of native code vulnerabilities on Android
• Realize the severe consequences of insecure buffer handling in native code
• Understand architectural protection techniques and their weaknesses
• Obtain resources and further reading on secure coding practices

Audience

Professionals

Implementing a secure networked application can be challenging, even for developers who have previously used various cryptographic building blocks (such as encryption and digital signatures). To help participants grasp the role and usage of these cryptographic primitives, the course first establishes a solid foundation on the main requirements of secure communication – secure acknowledgement, integrity, confidentiality, remote identification, and anonymity – while also presenting typical problems that can compromise these requirements along with real-world solutions.

As cryptography is a critical aspect of network security, the course discusses the most important cryptographic algorithms in symmetric cryptography, hashing, asymmetric cryptography, and key agreement. Instead of presenting an in-depth mathematical background, these elements are discussed from a developer's perspective, showing typical use-case examples and practical considerations related to the use of crypto, such as public key infrastructures. Security protocols in many areas of secure communication are introduced, with an in-depth discussion on the most widely-used protocol families such as IPSEC and SSL/TLS.

Typical crypto vulnerabilities are discussed both related to certain crypto algorithms and cryptographic protocols, such as BEAST, CRIME, TIME, BREACH, FREAK, Logjam, Padding oracle, Lucky Thirteen, POODLE and similar, as well as the RSA timing attack. In each case, the practical considerations and potential consequences are described for each problem, again, without going into deep mathematical details.

Finally, as XML technology is central for data exchange by networked applications, the security aspects of XML are described. This includes the usage of XML within web services and SOAP messages alongside protection measures such as XML signature and XML encryption – as well as weaknesses in those protection measures and XML-specific security issues such as XML injection, XML external entity (XXE) attacks, XML bombs, and XPath injection.

Participants attending this course will

• Understand basic concepts of security, IT security and secure coding
• Understand the requirements of secure communication
• Learn about network attacks and defenses at different OSI layers
• Have a practical understanding of cryptography
• Understand essential security protocols
• Understand some recent attacks against cryptosystems
• Get information about some recent related vulnerabilities
• Understand security concepts of Web services
• Get sources and further readings on secure coding practices

Audience

Developers, Professionals

This course delivers comprehensive cross-platform secure coding expertise by merging C/C++, Java, and web application security into a unified training programme. Participants will explore modern vulnerabilities, attack vectors, and secure development practices across diverse environments.

Delivered as an instructor-led live session (available online or on-site), this course is designed for developers at intermediate to advanced levels who aim to enhance their secure coding methodologies for both enterprise and web applications.

Upon completion of this training, participants will be able to:

• Apply secure coding principles within C/C++ and Java development environments.
• Identify and mitigate prevalent vulnerabilities, including buffer overflows, SQL injection, and cross-site scripting (XSS).
• Effectively implement and configure Java security services and APIs.
• Gain a deep understanding of the OWASP Top Ten and emerging risks, encompassing client-side security challenges.
• Utilise cryptography securely for data protection and secure communications.
• Analyse code for architectural weaknesses and implement defensive coding strategies.
• Keep abreast of recent vulnerabilities affecting platforms, frameworks, and libraries.

Course Format

• Interactive lectures and discussions.
• Hands-on secure coding laboratories and exploit demonstrations.
• Case studies and real-world vulnerability analysis.

Course Customisation Options

• To request a bespoke training session for this course, please contact us to arrange.

This three-day course provides an introduction to safeguarding C/C++ code against malicious actors who might exploit vulnerabilities related to memory management and input handling. The training focuses on the core principles of developing secure code.

Description

The Java language and the Java Runtime Environment (JRE) were designed to be free from the most problematic common security vulnerabilities experienced in other languages, like C/C++. Yet, software developers and architects should not only know how to use the various security features of the Java environment (positive security), but should also be aware of the numerous vulnerabilities that are still relevant for Java development (negative security).

The introduction of security services is preceded with a brief overview of the foundations of cryptography, providing a common baseline for understanding the purpose and the operation of the applicable components. The use of these components is presented through several practical exercises, where participants can try out the discussed APIs for themselves.

The course also goes through and explains the most frequent and severe programming flaws of the Java language and platform, covering both the typical bugs committed by Java programmers and the language- and environment-specific issues. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques.

Participants attending this course will

• Understand basic concepts of security, IT security and secure coding
• Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
• Learn to use various security features of the Java development environment
• Have a practical understanding of cryptography
• Learn about typical coding mistakes and how to avoid them
• Get information about some recent vulnerabilities in the Java framework
• Get sources and further readings on secure coding practices

Audience

Developers

Participants attending this course will

• Grasp the core concepts of security, IT security, and secure coding
• Learn about web vulnerabilities beyond the OWASP Top Ten and understand how to prevent them
• Study client-side vulnerabilities and secure coding practices
• Acquire the ability to utilize various security features of the Java development environment
• Develop a practical understanding of cryptography
• Comprehend the security concepts underlying web services
• Understand the security solutions offered by Java EE
• Learn about typical coding mistakes and strategies to avoid them
• Gain insights into recent vulnerabilities within the Java framework
• Acquire practical knowledge on using security testing tools
• Access resources and further reading on secure coding practices

As a developer, your responsibility is to write robust, error-free code.

Imagine if, despite your best efforts, the code you have written throughout your career contained hidden vulnerabilities you were unaware of. Consider this: as you read this, attackers may be attempting to breach your systems. How likely are they to succeed? What if they managed to exfiltrate your database and sell it on the black market?

This web application security course will transform your perspective on coding. Through hands-on training, we will expose you to every tactic attackers use and teach you how to counter them, leaving you with an insatiable desire to learn more.

It is up to you to stay ahead of the curve and establish yourself as a pivotal figure in the battle against cybercrime.

Participants will:

• Grasp fundamental concepts of security, IT security, and secure coding
• Identify web vulnerabilities beyond the OWASP Top Ten and learn how to prevent them
• Explore client-side vulnerabilities and secure coding practices
• Understand Node.js security principles
• Gain insights into MongoDB security
• Develop a practical understanding of cryptography
• Comprehend essential security protocols
• Understand the security concepts underpinning web services
• Learn about JSON security
• Acquire practical knowledge of security testing techniques and tools
• Learn how to manage vulnerabilities in the platforms, frameworks, and libraries you use
• Access resources and further reading on secure coding practices

For programmers of all experience levels, possessing a solid grasp of .NET and ASP.NET security features is not enough. It is crucial to develop a profound understanding of web-related vulnerabilities on both the server and client sides, along with the implications of various risks.

This course demonstrates general web-based vulnerabilities by showcasing relevant attacks, while explaining recommended coding techniques and mitigation methods within the context of ASP.NET. A particular emphasis is placed on client-side security, addressing the security challenges associated with JavaScript, Ajax, and HTML5.

The curriculum also covers the security architecture and components of the .NET framework, including code-based and role-based access control, permission declaration and checking mechanisms, and the transparency model. A concise introduction to the foundations of cryptography establishes a practical baseline for understanding the purpose and operation of various algorithms, paving the way for exploring the cryptographic features available in .NET.

The course addresses different security bugs by following well-established vulnerability categories. These include input validation, security features, error handling, time- and state-related issues, general code quality concerns, and a dedicated section on ASP.NET-specific vulnerabilities. These topics are rounded out with an overview of testing tools capable of automatically uncovering some of the vulnerabilities discussed.

Topics are delivered through practical exercises, allowing participants to experience the consequences of specific vulnerabilities, test mitigations, and explore the discussed APIs and tools firsthand.

Participants attending this course will

• Understand basic concepts of security, IT security, and secure coding
• Learn about web vulnerabilities beyond the OWASP Top Ten and know how to avoid them
• Gain knowledge of client-side vulnerabilities and secure coding practices
• Learn to utilize various security features within the .NET development environment
• Develop a practical understanding of cryptography
• Receive insights into recent vulnerabilities affecting .NET and ASP.NET
• Acquire practical knowledge in using security testing tools
• Learn about typical coding mistakes and how to prevent them
• Access resources and further readings on secure coding practices

Audience

Developers

This course equips PHP developers with essential skills to protect their applications against modern Internet-based threats. It explores web vulnerabilities through practical PHP examples, extending beyond the OWASP Top Ten to address various injection attacks, script injections, session handling flaws, insecure direct object references, file upload issues, and more. PHP-related vulnerabilities are categorized into standard types such as missing or improper input validation, incorrect error and exception handling, misuse of security features, and time- or state-related problems. Specific examples include open_basedir circumvention, denial-of-service attacks via magic floats, and hash table collision attacks. In each case, participants will learn key techniques and functions to mitigate these risks.

A significant emphasis is placed on client-side security, addressing vulnerabilities in JavaScript, Ajax, and HTML5. The course introduces several PHP security extensions, including hash, mcrypt, and OpenSSL for cryptography, as well as Ctype, ext/filter, and HTML Purifier for input validation. Best practices for hardening are covered in the context of PHP configuration (php.ini), Apache, and general server settings. Additionally, the course provides an overview of security testing tools and techniques for developers and testers, including security scanners, penetration testing, exploit packs, sniffers, proxy servers, fuzzing tools, and static source code analyzers.

Both the introduction of vulnerabilities and configuration practices are reinforced with hands-on exercises. These demonstrate the impact of successful attacks, show how to implement mitigation strategies, and introduce the use of various extensions and tools.

Participants attending this course will

• Gain a solid understanding of security concepts, IT security, and secure coding principles
• Learn about web vulnerabilities beyond the OWASP Top Ten and how to prevent them
• Understand client-side vulnerabilities and adopt secure coding practices
• Develop a practical grasp of cryptography
• Learn to utilize various PHP security features effectively
• Identify common coding errors and understand how to avoid them
• Stay informed about recent vulnerabilities in the PHP framework
• Acquire practical experience with security testing tools
• Access resources and further reading on secure coding practices

Audience

Developers

Upon gaining familiarity with vulnerabilities and attack vectors, participants will explore the general approach and methodology for security testing, along with the techniques used to uncover specific weaknesses. The process begins with information gathering regarding the system under evaluation (ToC), followed by comprehensive threat modeling to identify and prioritise all threats, ultimately leading to a risk analysis-driven test plan.

Security assessments occur at various stages of the SDLC. We examine design reviews, code reviews, reconnaissance, and information gathering about the system, as well as testing the implementation and hardening the environment for secure deployment. Detailed introductions are provided for various security testing techniques, including taint analysis, heuristic-based code review, static code analysis, dynamic web vulnerability testing, and fuzzing. Participants are introduced to a range of tools designed to automate the security evaluation of software products. This theoretical knowledge is reinforced through practical exercises where these tools are used to analyse previously discussed vulnerable code. Real-world case studies further aid in understanding diverse vulnerability types.

This course equips testers and QA staff with the ability to effectively plan and execute security tests, select and utilise appropriate tools and techniques to detect even concealed security flaws, and acquire essential practical skills applicable from the very next working day.

Participants attending this course will

• Understand fundamental concepts of security, IT security, and secure coding
• Learn about web vulnerabilities beyond the OWASP Top Ten and how to prevent them
• Gain knowledge of client-side vulnerabilities and secure coding practices
• Comprehend security testing approaches and methodologies
• Acquire practical experience with security testing techniques and tools
• Access resources and further reading materials on secure coding practices

Audience

Developers, Testers

Protecting web-accessible applications demands security professionals who are thoroughly prepared and continuously aware of current attack vectors and trends. A wide array of technologies and environments supports the comfortable development of web applications. It is essential to be cognisant not only of security issues specific to these platforms but also of general vulnerabilities that apply irrespective of the development tools used.

This course provides an overview of applicable security solutions for web applications, with a special emphasis on understanding key cryptographic mechanisms. Various web application vulnerabilities are presented for both server-side (following the OWASP Top Ten) and client-side contexts, demonstrated through relevant attacks, and followed by recommended coding techniques and mitigation methods to avoid these issues. The topic of secure coding is concluded by discussing typical security-related programming errors, particularly regarding input validation, improper use of security features, and code quality.

Testing plays a critical role in ensuring the security and robustness of web applications. Various approaches – from high-level auditing and penetration testing to ethical hacking – can be employed to identify vulnerabilities of different types. However, to move beyond easily discoverable low-hanging fruit, security testing must be well-planned and properly executed. Remember: security testers should ideally find all bugs to protect a system, whereas adversaries need only find one exploitable vulnerability to gain access.

Practical exercises will aid in understanding web application vulnerabilities, programming mistakes, and, most importantly, mitigation techniques. Through hands-on trials with various testing tools – ranging from security scanners, sniffers, and proxy servers to fuzzing tools and static source code analyzers – this course delivers the essential practical skills that can be applied in the workplace the very next day.

Participants attending this course will

• Understand fundamental concepts of security, IT security, and secure coding
• Learn about web vulnerabilities beyond the OWASP Top Ten and know how to avoid them
• Learn about client-side vulnerabilities and secure coding practices
• Gain a practical understanding of cryptography
• Understand security testing approaches and methodologies
• Acquire practical knowledge in using security testing techniques and tools
• Stay informed about recent vulnerabilities in various platforms, frameworks, and libraries
• Access resources and further reading on secure coding practices

Audience

Developers, Testers

This instructor-led, live training (available online or onsite) is aimed at technical professionals who wish to deploy and manage open source collaboration platforms that maintain data sovereignty while providing modern team communication capabilities.

By the end of this training, participants will be able to evaluate platforms, deploy self-hosted solutions, configure security and integrations, migrate from existing platforms, and establish operational procedures.

This instructor-led, live training in Porto explores the system architectures, operating systems, networking, storage, and cryptographic issues that need to be considered when designing secure embedded systems.

By the end of this course, participants will have a solid understanding of security principles, concerns, and technologies. More importantly, they will be equipped with the techniques needed for developing safe and secure embedded software.

Target Audience:

This course is designed for individuals seeking to understand information security and explore potential career trajectories within the sector. It is suitable for people from diverse backgrounds, including those with limited prior technical knowledge.

Course Objectives:

Attendees should:

• Gain a broad understanding of information security concepts and principles.
• Be able to identify key threats and vulnerabilities.
• Have the capability to explore various career options and specialisations within information security.
• Develop a foundation for further learning and exploration in the field.

Format of the Course:

• Interactive lecture and group discussions.
• Practical exercises and feedback sessions.
• Participants are encouraged to bring questions and participate actively in discussions.

This agenda is flexible and can be adjusted based on time constraints and audience interests. Customised versions might include interactive elements such as quizzes, polls, and group discussions.

The course will provide resources and information about further learning, professional organisations, and career resources will be provided.

Course Customisation Options

• To request a customised training for this course, please contact us to arrange.

This instructor-led, live training in Porto (online or onsite) is designed for system administrators and IT professionals seeking to utilise RSPAMD, SpamAssassin, and DMARC to fortify their self-hosted email servers.

Upon completion of this training, participants will be capable of configuring anti-spam solutions, implementing email authentication protocols, and maintaining a secure, sovereign mail infrastructure.

In this instructor-led live training in Porto, participants will explore the various aspects of NB-IoT (also referred to as LTE Cat NB1) while developing and deploying a sample NB-IoT-based application.

By the end of this training, participants will be able to:

• Identify the distinct components of NB-IoT and understand how they integrate to form an ecosystem.
• Understand and explain the security features embedded within NB-IoT devices.
• Develop a simple application for tracking NB-IoT devices.

This instructor-led live training in Porto (online or onsite) is tailored for software testers who aim to secure their organization's network using Nmap.

By the end of this training, participants will be able to:

• Set up the necessary testing environment to start using Nmap.
• Scan network systems for security vulnerabilities.
• Discover active and vulnerable hosts.

This instructor-led, live training in Porto (online or onsite) is aimed at network engineers and infrastructure professionals who wish to use SONiC and ONL to deploy and manage open network infrastructure on white-box switches.

By the end of this training, participants will be able to: understand SONiC and ONL architecture, deploy open-source NOS on white-box hardware, configure networking features, and implement monitoring and automation.

The public key and the private key form the basis of public key cryptography (asymmetric cryptography), enabling secure communication and information exchange in computer networks. The combination of both keys allows for data protection while maintaining confidentiality and ensuring the authenticity of digital signatures. The public key and the private key form the basis of public key cryptography (asymmetric cryptography), enabling secure communication and information exchange in computer networks. The combination of both keys allows for data protection while maintaining confidentiality and ensuring the authenticity of digital signatures.

This instructor-led, live training in Porto (online or onsite) is aimed at SysAdmins, systems engineers, security architects, and security analysts who wish to write, execute, and deploy PowerShell scripts and commands to automate Windows security management in their organization.

By the end of this training, participants will be able to:

• Write and execute PowerShell commands to streamline Windows security tasks.
• Use PowerShell for remote command execution to run scripts on thousands of systems across an organization.
• Configure and harden Windows Server and Windows Firewall to protect systems from malware and attacks.
• Manage certificates and authentication to control user access and activity.

This course examines the technical competencies required to implement, monitor, and administer IT infrastructure in alignment with information security policies and procedures. It also covers the essential strategies for safeguarding the confidentiality, integrity, and availability of data.