Information System Security Training in Porto

This instructor-led, live training in Porto (online or onsite) is aimed at security professionals who wish to learn how to use Cortex XDR in preventing and stopping the occurrence of sophisticated attacks and threats.

By the end of this training, participants will be able to:

• Understand the architecture and components of Cortex XDR.
• Create and manage profiles for exploit and malware prevention.
• Analyze behavioral threats and monitor response actions.
• Perform basic Cortex app troubleshooting.

This instructor-led, live training in Porto (online or onsite) is aimed at beginner-level technical professionals who wish to learn the concept of the Security Fabric and how it evolved to address the cybersecurity needs of organizations.

By the end of this training, participants will be able to:

• Learn the evolution of cybersecurity and how it has shaped current security technologies.
• Use Fortinet products to protect against specific types of cyber threats and attacks.
• Understand the integration and automation capabilities of Fortinet solutions in providing a coordinated response to cyber incidents.

This instructor-led, live training in Porto (online or onsite) is aimed at security professionals who wish to learn how to troubleshoot Palo Alto Networks' next-generation firewalls.

By the end of this training, participants will be able to:

• Understand the architecture of the next-generation firewall.
• Investigate and troubleshoot networking issues using firewall tools.
• Analyze advanced logs to resolve real-life scenarios.

This instructor-led, live training in Porto (online or onsite) is aimed at intermediate-level network and security professionals who wish to effectively manage and secure networks using Fortigate 600E equipment, with a specific focus on HA configurations for enhanced reliability and performance.

By the end of this training, participants will be able to:

• Understand the features, specifications, and operating principles of the Fortigate 600E firewall.
• Perform the initial setup of the Fortigate 600E, including basic configuration tasks like setting up interfaces, routing, and initial firewall policies.
• Configure and manage advanced security features such as SSL VPN, user authentication, antivirus, IPS, web filtering, and anti-malware capabilities to protect against a variety of network threats.
• Troubleshoot common issues in HA setups and effectively manage HA environments.

This instructor-led, live training in Porto (online or onsite) is aimed at intermediate-level IT professionals who wish to effectively use and manage Sophos XG Firewall to enhance the security posture of their organizations or clients.

By the end of this training, participants will be able to:

• Understand the features and capabilities of Sophos XG Firewall.
• Perform initial setup, configure network interfaces, and create and manage firewall policies and rules.
• Understand how to integrate with various authentication services.
• Utilize Sophos XG Firewall's monitoring and reporting tools to maintain oversight of network security.

EC-Council Certified DevSecOps Engineer (ECDE) is a hands-on course designed to equip professionals with the skills to embed security across the DevOps lifecycle, enabling secure software development from planning to deployment.

This instructor-led, live training (online or onsite) is aimed at intermediate-level software and DevOps professionals who wish to integrate security practices into CI/CD pipelines, ensuring secure and compliant code delivery.

By the end of this training, participants will be able to:

• Understand the principles and practices of DevSecOps.
• Secure every stage of the CI/CD pipeline using automated tools.
• Implement secure coding practices and vulnerability scanning.
• Prepare for the ECDE certification with practical labs and review.

Format of the Course

• Interactive lecture and discussion.
• Hands-on use of DevSecOps tools in simulated pipelines.
• Guided exercises focused on secure development and deployment.

Course Customization Options

• To request a customized training for this course based on your team’s workflows or toolchain, please contact us to arrange.

This instructor-led, live training in Porto (online or onsite) is aimed at system administrators who wish to learn the fundamentals of software licensing, the key features of FlexNet, and how to implement and maintain software license management solutions.

By the end of this training, participants will be able to:

• Understand the fundamental concepts of software licensing.
• Manage core components and operation systems of FlexNet.
• Create various license models and types, generate license keys, and activate software licenses for end-users.
• Add, manage, and allocate licenses to end-users, monitor license usage, and ensure compliance.

This instructor-led, live training in Porto (online or onsite) is aimed at experienced network security managers who wish to gain the knowledge and skills needed to deploy, manage, and troubleshoot Fortinet's FortiGate security appliances running on FortiOS 7.2 as an NSE4 Network Security Professional.

By the end of this training, participants will be able to:

• Understand Fortinet's product portfolio and the role of FortiOS in network security.
• Implement effective firewall policies, security profiles, and Network Address Translation (NAT).
• Utilize security services and ensure network redundancy and failover.
• Implement security best practices and optimize security policies for compliance and threat mitigation.

This instructor-led, live training in Porto (online or onsite) is aimed at security professionals who wish to learn the fundamentals of managing Palo Alto Networks' next-generation firewalls.

By the end of this training, participants will be able to:

• Configure and manage Palo Alto Networks' firewall essential features.
• Manage security and NAT policies.
• Manage threat prevention strategies.
• Monitor network threats and traffic.

Open Source Intelligence (OSINT) refers to any information that can legally be gathered from free, public sources about an individual or organization. OSINT also refers to the process of collecting this data, analyzing it, and using it for intelligence purposes.

Audience

• Researchers
• Security analysts
• Investigators
• Law enforcement
• Government and military personnel

Format of the Course

• Interactive lecture and discussion.
• Lots of exercises and practice.
• Hands-on implementation in a live-lab environment.

Course Customization Options

• To request a customized training for this course, please contact us to arrange.

Implementing a secure networked application can be difficult, even for developers who may have used various cryptographic building blocks (such as encryption and digital signatures) beforehand. In order to make the participants understand the role and usage of these cryptographic primitives, first a solid foundation on the main requirements of secure communication – secure acknowledgement, integrity, confidentiality, remote identification and anonymity – is given, while also presenting the typical problems that may damage these requirements along with real-world solutions.

As a critical aspect of network security is cryptography, the most important cryptographic algorithms in symmetric cryptography, hashing, asymmetric cryptography, and key agreement are also discussed. Instead of presenting an in-depth mathematical background, these elements are discussed from a developer's perspective, showing typical use-case examples and practical considerations related to the use of crypto, such as public key infrastructures. Security protocols in many areas of secure communication are introduced, with an in-depth discussion on the most widely-used protocol families such as IPSEC and SSL/TLS.

Typical crypto vulnerabilities are discussed both related to certain crypto algorithms and cryptographic protocols, such as BEAST, CRIME, TIME, BREACH, FREAK, Logjam, Padding oracle, Lucky Thirteen, POODLE and similar, as well as the RSA timing attack. In each case, the practical considerations and potential consequences are described for each problem, again, without going into deep mathematical details.

Finally, as XML technology is central for data exchange by networked applications, the security aspects of XML are described. This includes the usage of XML within web services and SOAP messages alongside protection measures such as XML signature and XML encryption – as well as weaknesses in those protection measures and XML-specific security issues such as XML injection, XML external entity (XXE) attacks, XML bombs, and XPath injection.

Participants attending this course will

• Understand basic concepts of security, IT security and secure coding
• Understand the requirements of secure communication
• Learn about network attacks and defenses at different OSI layers
• Have a practical understanding of cryptography
• Understand essential security protocols
• Understand some recent attacks against cryptosystems
• Get information about some recent related vulnerabilities
• Understand security concepts of Web services
• Get sources and further readings on secure coding practices

Audience

Developers, Professionals

Migrating to the cloud introduces immense benefits for companies and individuals in terms of efficiency and costs. With respect to security, the effects are quite diverse, but it is a common perception that using cloud services impacts security in a positive manner. Opinions, however, diverge many times even on defining who is responsible for ensuring the security of cloud resources.

Covering IaaS, PaaS and SaaS, first the security of the infrastructure is discussed: hardening and configuration issues as well as various solutions for authentication and authorization alongside identity management that should be at the core of all security architecture. This is followed by some basics regarding legal and contractual issues, namely how trust is established and governed in the cloud.

The journey through cloud security continues with understanding cloud-specific threats and the attackers’ goals and motivations as well as typical attack steps taken against cloud solutions. Special focus is also given to auditing the cloud and providing security evaluation of cloud solutions on all levels, including penetration testing and vulnerability analysis.

The focus of the course is on application security issues, dealing both with data security and the security of the applications themselves. From the standpoint of application security, cloud computing security is not substantially different from general software security, and therefore basically all OWASP-enlisted vulnerabilities are relevant in this domain as well. It is the set of threats and risks that makes the difference, and thus the training is concluded with the enumeration of various cloud-specific attack vectors connected to the weaknesses discussed beforehand.

Participants attending this course will

• Understand basic concepts of security, IT security and secure coding
• Understand major threats and risks in the cloud domain
• Learn about elementary cloud security solutions
• Get information about the trust and the governance regarding the cloud
• Have a practical understanding of cryptography
• Get extensive knowledge in application security in the cloud
• Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
• Understand the challenges of auditing and evaluating cloud systems for security
• Learn how to secure the cloud environment and infrastructure
• Get sources and further readings on secure coding practices

Audience

Developers, Managers, Professionals

Even experienced Java programmers are not mastering by all means the various security services offered by Java, and are likewise not aware of the different vulnerabilities that are relevant for web applications written in Java.

The course – besides introducing security components of Standard Java Edition – deals with security issues of Java Enterprise Edition (JEE) and web services. Discussion of specific services is preceded with the foundations of cryptography and secure communication. Various exercises deal with declarative and programmatic security techniques in JEE, while both transport-layer and end-to-end security of web services is discussed. The use of all components is presented through several practical exercises, where participants can try out the discussed APIs and tools for themselves.

The course also goes through and explains the most frequent and severe programming flaws of the Java language and platform and web-related vulnerabilities. Besides the typical bugs committed by Java programmers, the introduced security vulnerabilities cover both language-specific issues and problems stemming from the runtime environment. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques.

Participants attending this course will

• Understand basic concepts of security, IT security and secure coding
• Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
• Understand security concepts of Web services
• Learn to use various security features of the Java development environment
• Have a practical understanding of cryptography
• Understand security solutions of Java EE
• Learn about typical coding mistakes and how to avoid them
• Get information about some recent vulnerabilities in the Java framework
• Get practical knowledge in using security testing tools
• Get sources and further readings on secure coding practices

Audience

Developers

Even experienced programmers do not master by all means the various security services offered by their development platforms, and are likewise not aware of the different vulnerabilities that are relevant for their developments. This course targets developers using both Java and PHP, providing them essential skills necessary to make their applications resistant to contemporary attacks through the Internet.

Levels of Java security architecture are walked through by tackling access control, authentication and authorization, secure communication and various cryptographic functions. Various APIs are also introduced that can be used to secure your code in PHP, like OpenSSL for cryptography or HTML Purifier for input validation. On server side, the best practices are given for hardening and configuring the operating system, the web container, the file system, the SQL server and the PHP itself, while a special focus is given to client-side security through security issues of JavaScript, Ajax and HTML5.

General web vulnerabilities are discussed by examples aligned to the OWASP Top Ten, showing various injection attacks, script injections, attacks against session handling, insecure direct object references, issues with file uploads, and many others. The various Java- and PHP-specific language problems and issues stemming from the runtime environment are introduced grouped into the standard vulnerability types of missing or improper input validation, improper use of security features, incorrect error and exception handling, time- and state-related problems, code quality issues and mobile code-related vulnerabilities.

Participants can try out the discussed APIs, tools and the effects of configurations for themselves, while the introduction of vulnerabilities are all supported by a number of hands-on exercises demonstrating the consequences of successful attacks, showing how to correct the bugs and apply mitigation techniques, and introducing the use of various extensions and tools.

Participants attending this course will

• Understand basic concepts of security, IT security and secure coding
• Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
• Learn client-side vulnerabilities and secure coding practices
• Learn to use various security features of the Java development environment
• Have a practical understanding of cryptography
• Learn to use various security features of PHP
• Understand security concepts of Web services
• Get practical knowledge in using security testing tools
• Learn about typical coding mistakes and how to avoid them
• Be informed about recent vulnerabilities in Java and PHP frameworks and libraries
• Get sources and further readings on secure coding practices

Audience

Developers

As a developer, your duty is to write bulletproof code.

What if we told you that despite all of your efforts, the code you have been writing your entire career is full of weaknesses you never knew existed? What if, as you are reading this, hackers were trying to break into your code? How likely would they be to succeed? What if they could steal away your database and sell it on the black market?

This Web application security course will change the way you look at code. A hands-on training during which we will teach you all the attackers’ tricks and how to mitigate them, leaving you with no other feeling than the desire to know more.

It is your choice to be ahead of the pack, and be seen as a game changer in the fight against cybercrime.

Delegates attending will:

• Understand basic concepts of security, IT security and secure coding
• Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
• Learn client-side vulnerabilities and secure coding practices
• Learn about Node.js security
• Learn about MongoDB security
• Have a practical understanding of cryptography
• Understand essential security protocols
• Understand security concepts of Web services
• Learn about JSON security
• Get practical knowledge in using security testing techniques and tools
• Learn how to handle vulnerabilities in the used platforms, frameworks and libraries
• Get sources and further readings on secure coding practices

The course introduces some common security concepts, gives an overview about the nature of the vulnerabilities regardless of the used programming languages and platforms, and explains how to handle the risks that apply regarding software security in the various phases of the software development lifecycle. Without going deeply into technical details, it highlights some of the most interesting and most aching vulnerabilities in various software development technologies, and presents the challenges of security testing, along with some techniques and tools that one can apply to find any existing problems in their code.

Participants attending this course will 

• Understand basic concepts of security, IT security and secure coding
• Understand Web vulnerabilities both on server and client side
• Realize the severe consequences of unsecure buffer handling
• Be informated about some recent vulnerabilities in development environments and frameworks
• Learn about typical coding mistakes and how to avoid them
• Understand security testing approaches and methodologies

Audience

Managers

This class will help the attendees to scan, test, hack on secure their own systems, get in-depth knowledge and practical experience with the current essential security systems. the attendees know how perimeter defenses work and then be lead into scanning and attacking their own networks, no real network is harmed, the attendees then will learn how intruders escalate privileges and what steps can be taken to secure a system, Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation.    
 

In this instructor-led, live course in Porto, participants will learn how to formulate the proper security strategy to face the DevOps security challenge.

Target Audience:

This course is designed for individuals interested in understanding information security and exploring potential career paths in the field. It is suitable for people from diverse backgrounds, including those with limited prior technical knowledge.

Course Objectives:

Attendees should:

• Gain a broad understanding of information security concepts and principles.
• Be able to identify key threats and vulnerabilities.
• Have the capability to explore various career options and specialisations within information security.
• Develop a foundation for further learning and exploration in the field.

Format of the Course:

• Interactive lecture and group discussions.
• Practical exercises and feedback sessions.
• Participants are encouraged to bring questions and participate actively in discussions.

This agenda is flexible and can be adjusted based on time constraints and audience interests. Customised versions might include interactive elements such as quizzes, polls, and group discussions.

The course will provide resources and information about further learning, professional organisations, and career resources will be provided.

Course Customisation Options

• To request a customised training for this course, please contact us to arrange.

Why should you attend?

The Certified Lead Ethical Hacker training course enables you to develop the necessary expertise to perform information system penetration tests by applying recognized principles, procedures and penetration testing techniques, in order to identify potential threats on a computer network. During this training course, you will gain the knowledge and skills to manage a penetration testing project or team, as well as plan and perform internal and external pentests, in accordance with various standards such as the Penetration Testing Execution Standard (PTES) and the Open Source Security Testing Methodology Manual (OSSTMM). Moreover, you will also gain a thorough understanding on how to draft reports and countermeasure proposals. Additionally, through practical exercises, you will be able to master penetration testing techniques and acquire the skills needed to manage a pentest team, as well as customer communication and conflict resolution.  

The Certified Lead Ethical Hacking training course provides a technical vision of information security through ethical hacking, using common techniques such as information gathering and vulnerability detection, both inside and outside of a business network.

The training is also compatible with the NICE (The National Initiative for Cybersecurity Education) Protect and Defend framework. 

After mastering the necessary knowledge and skills in ethical hacking, you can take the exam and apply for the "PECB Certified Lead Ethical Hacker" credential. By holding a PECB Lead Ethical Hacker certificate, you will be able to demonstrate that you have acquired the practical skills for performing and managing penetration tests according to best practices. 

Who should attend?

• Individuals interested in IT Security, and particularly in Ethical Hacking, to either learn more about the topic or to start a process of professional reorientation.
• Information security officers and professionals seeking to master ethical hacking and penetration testing techniques.
• Managers or consultants wishing to learn how to control the penetration testing process.
• Auditors wishing to perform and conduct professional penetration tests.
• Persons responsible for maintaining the security of information systems in an organization.
• Technical experts who want to learn how to prepare a pentest.
• Cybersecurity professionals and information security team members.

During the course, participants will learn:

• What is denial of service attacks, Flooding, Sniffing, MIM?
• How to break from the network to the server?
• How to watch packets on the network (also running on switches)?
• Do you watch any combination of the world?
• How to monitor the network?
• How to configure a firewall?
• How to use encrypted connections?
• How to create tunnels?
• How to log packets?
• How to scan ports?
• How to reduce the number of unnecessary services on the server?

In this instructor-led, live training in Porto, participants will learn about the various aspects of NB-IoT (also known as LTE Cat NB1) as they develop and deploy a sample NB-IoT based application.

By the end of this training, participants will be able to:

• Identify the different components of NB-IoT and how to fit together to form an ecosystem.
• Understand and explain the security features built into NB-IoT devices.
• Develop a simple application to track NB-IoT devices.

This Introduction to Open Source Intelligence (OSINT) course will provide delegates with skills to become more efficient and effective at finding those key pieces of intelligence on the Internet and World Wide Web. The course is highly practical allowing delegates the time to explore and understand some of the hundreds of tools and websites available.
The next level with in-depth use of advanced tools that are vital for covert internet investigations and intelligence gathering. The course is highly practical allowing delegates the time to explore and understand the tools and resources covered."    
 

This instructor-led, live training in  (online or onsite) is aimed at developers, engineers, and architects seeking to secure their web apps and services.

By the end of this training, participants will be able to integrate, test, protect, and analyze their web apps and services using the OWASP testing framework and tools

The public key and private key are the basis of public key cryptography (asymmetric), enabling secure communication and exchange of information in computer networks. The combination of both keys allows you to secure transmitted data, maintaining its confidentiality and ensuring the authenticity of digital signatures. The public key and private key are the basis of public key cryptography (asymmetric), enabling secure communication and exchange of information in computer networks. The combination of both keys allows you to secure transmitted data, maintaining its confidentiality and ensuring the authenticity of digital signatures.

This instructor-led, live training in Porto (online or onsite) is aimed at SysAdmins, systems engineers, security architects, and security analysts who wish to write, execute, and deploy PowerShell scripts and commands to automate Windows security management in their organization.

By the end of this training, participants will be able to:

• Write and execute PowerShell commands to streamline Windows security tasks.
• Use PowerShell for remote command execution to run scripts on thousands of systems across an organization.
• Configure and harden Windows Server and Windows Firewall to protect systems from malware and attacks.
• Manage certificates and authentication to control user access and activity.

This Course in Porto aims to help in the following:

1. Help Developers to master the techniques of writing Secure Code
2. Help Software Testers to test the security of the application before publishing to the production environment
3. Help Software Architects to understand the risks surrounding the applications
4. Help Team Leaders to set the security base lines for the developers
5. Help Web Masters to configure the Servers to avoid miss-configurations

This course covers the secure coding concepts and principals with Java through Open Web Application Security Project (OWASP) methodology of testing. The Open Web Application Security Project is an online community which creates freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security.

This course explore the technical skills to implement, monitor and administer IT infrastructure using information security policies and procedures. And how to protecting the confidentiality, integrity and availability of data.    
 

This instructor-led, live training in Porto (online or onsite) is aimed at technical persons who wish to apply the most suitable tools and techniques to secure both telecom as well as wireless networks.