COURSES

 

Abanacle offers corporate education courses in the field of cybersecurity. Register to find out more about how your team can become certified in one or more areas of specialty, or to design customized programs to meet your team goals.

CYBERSECURITY COURSE SELECTIONS

DEVELOPMENT COURSES

Security Awareness Courses

Code

  •     Fundamentals of Application Security

    This course starts off describing the various risks that software vulnerabilities carry, and proceeds to lay the foundation for secure software development by presenting specific security controls and principles that teams can implement immediately to reduce software risk. Upon course completion, students will be able to understand and recognize threats to applications, leverage the OWASP top 10 list to

    create more secure Web applications, and conduct specific activities at each development phase to ensure maximum hardening of your applications. Prerequisite: None

     

  •     Software Security Awareness

    Security, similar to functionality, performance, and reliability, is another crucial component of an application’s quality. Recognizing the risk that software vulnerabilities represent, understanding their root causes, and addressing these issues early in the software development lifecycle are essential for being able to help your organization build secure software. By the end of this course, students will be familiar with the main characteristics of a secure software development lifecycle and the activities that an organization should perform to develop secure software. Additionally, students will recognize the need to address software security in their everyday work. Prerequisite: None.

  •     Six Fundamentals of Information Security

    This awareness course is intended to allow individuals to recognize information security concerns and respond accordingly using a set of best practices provided in this course. Upon completion of this course, students will be able to recognize the importance of protecting an organization’s information and follow appropriate security best practices. Prerequisite: None.

     

  •    Fundamentals of Security Awareness - Mobile and Social Media

    This security awareness course focuses on how sensitive data and confidential information can be compromised with the use of social media and mobile devices by today’s work force. Using a fun and interactive computer based format, the viewer is made aware of the risks associated with these technologies, and how to use them safely. Topics covered include social media threats and best practices, securely using smart phones and tablets, using public and private wireless networks, protecting storage media, and securing notebooks and net books. With interesting knowledge checks throughout, after completing this course, the user will be aware of the risks and equipped to make better choices when using social media and mobile devices. Prerequisite: None.

  •    Fundamentals of Security Awareness for Mobile Devices

    This course discusses the security risks of using mobile devices and introduces the five fundamentals of secure mobile computing. Mobile devices are designed to operate outside the confines of enterprise networks, and it is incumbent on the organization and the individual to understand and implement security best practices that mitigate risks to privacy, confidential data, reputation, and other assets. Course coverage includes the risks of using Wi-Fi connections, and discusses the security of tablets, notebooks, smartphones, and external storage devices. Prerequisite: None.

  •    Fundamentals of Security Awareness for Social Media

    This course introduces you to social media security and why it's important to both employees and employers. It provides a general overview of how to stay safe and secure. The course addresses general privacy and security best practices that can be applied across all social media sites. The course also covers specific security issues and security best practices for each popular social network: Facebook, Twitter, Google Plus, and LinkedIn. Finally, the course discusses privacy and security issues, and best practices for managing company pages, and addresses employer policies for social media usage by employees. Prerequisite: None.

Security Engineering Courses

  •     Microsoft SDL for Managers

    This course introduces students to the Microsoft SDL, an industry leading software-security assurance process, developed by Microsoft to build trustworthy software products. The goal of this course is to help students understand and identify the Security Development Life Cycle (SDL) requirements for building and deploying secure software applications. The course demonstrates the benefits teams gain by following the SDL, and it provides managers with information regarding their role and responsibilities in ensuring the team follows the SDL. Additionally, this course describes common problems that can delay or stop product shipping. Prerequisite: None.

  •     Introduction to the Microsoft SDL

    This course introduces the Security Development Lifecycle (SDL), a key security engineering process that was spawned from Microsoft’s Trustworthy Computing Initiative. Students will learn how to design and implement products that meet an organization’s security needs. Upon completion of this course, the participant will be able to identify the benefits of the Security Development Lifecycle, recognize the importance of the Final Security Review, follow the necessary steps to meet SDL requirements, and identify the appropriate tools required by the SDL. Prerequisite: None.

  •     SDLC Gap Analysis and Remediation Techniques

    Whether an organization is implementing its first Security Development Lifecycle program or working to optimize its SDLC, periodic review of the SDLC to identify areas for improvement is a recommended best practice. This course reviews key Security Engineering activities and instructs students on identifying measurable goals and appropriate standards, assessing existing development processes, building an activity matrix, and creating a remediation roadmap. This course provides an understanding of the goals, processes, and best practices for auditing software security processes within the context of the Microsoft Security Development Life Cycle. Prerequisite:  Introduction to the Microsoft SDL, Fundamentals of Application Security

  •     How to Create Application Security Design Requirements

    Security is an important component of an application’s quality. To preserve the confidentiality, integrity, and availability of application data, software applications must be engineered with security in mind beginning with the design phase. Without defined security requirements, design choices will be made without security guidance and security testing cannot be effective. This course provides technical and non-technical personnel with the tools to understand, create and articulate security requirements as part of a software requirement documents. In this course, students will learn to apply the application security maturity (ASM) model to the development process, understand the security-engineering process, and describe the key security-engineering activities to integrate security in the development life cycle. Students will also be able to determine software security objectives, apply security design guidelines, and create threat models that identify threats, attacks, vulnerabilities, and countermeasures, in addition to learning to conduct security architecture and design reviews that help identify potential security problems, and minimize the application’s attack surface. Prerequisite:  Fundamentals of Application Security

  •     How to Create an Application Security Threat Model

    Secure software starts with thinking about security and the potential threats to an application. Threats differ from vulnerabilities. Threats represent attackers. Threat modeling begins with understanding what an attacker’s goals might be; what information would be valuable to an attacker? How would an attacker go about gaining access to that information? In this course, students will learn to identify the goals of threat modeling and the corresponding SDL requirements, identify the roles and responsibilities involved in the threat modeling process, recognize when and what to threat model, and identify the tools that help with threat modeling. Students will also learn to use the threat modeling process to accurately identify, mitigate, and validate threats. Prerequisite: None

  •     Attack Surface Analysis and Reduction

    Attack surface analysis and reduction is an exercise in risk reduction. The attack surface of an application represents the number of entry points exposed to a potential attacker of the software. The larger the attack surface, the larger the set of methods that can be used by an adversary to attack. The smaller the attack surface, the smaller the chance of an attacker finding a vulnerability and the lower the risk of a high impact exploit in the system. This course provides an understanding of the goals and methodologies of attackers, identification of attack vectors, and how to minimize the attack surface of an application. In this course, students will learn to define the attack surface of an application, and how to reduce the risk to an application by minimizing the application’s attack surface. Prerequisite: Architecture Risk Analysis and Remediation

  •     How to Perform a Security Code Review

    Application developers may use a variety of tools to identify flaws in their software.  Many of these tools, however, cannot be deployed until late in the development lifecycle; dynamic analysis tools require a staging site and sample data, and some static analysis tools require a compiled build.  Manual code reviews, in contrast, can begin at any time and require no specialized tools – only secure coding knowledge. Manual code reviews can also be laborious if every line of source code is reviewed. This course provides students with guidance on how to best organize code reviews, prioritize those code segments that will be reviewed, best practices for reviewing source code and maximize security resources. Prerequisite:  Fundamentals of Secure Development

  •     How to Create an Application Security Threat Model
        for Embedded Systems

    This course module provides additional training on How to Create an Application Security Threat Model of particular importance to embedded software engineers. It includes mapping of content to specific compliance and regulatory requirements, links to key reference resources that support the topics covered in the module, and a “Knowledge Check” quiz that assesses mastery of key concepts. Prerequisite:  How to Create an Application Security Threat Model

  •     Attack Surface Analysis and Reduction for Embedded Systems

    This course module provides additional training on Attack Surface Analysis and Reduction of particular importance to embedded software engineers. It includes mapping of content to specific compliance and regulatory requirements, links to key reference resources that support the topics covered in the module, and a “Knowledge Check” quiz that assesses mastery of key concepts. Prerequisite:  Attack Surface Analysis and Reduction. This course module provides additional training on Performing Security Code Reviews of particular importance to embedded software engineers. The module contains the following features: Mapping of content to specific compliance and regulatory requirements Links to key reference resources that support the topics covered in the module “Knowledge Check” quiz that assesses mastery of key concepts. Prerequisite:  How to Perform a Security Code Review

DEVELOPMENT COURSES

Design

  •     Fundamentals of Secure Architecture

    In the past, software applications were created with little thought to the importance of security. In recent times, businesses have become more rigorous about how they buy software. When looking at applications and solutions, companies don’t just look at features, functionality, and ease of use. They focus on the total cost of ownership (TCO) of what they purchase. Security is a large and visible part of the TCO equation. In this course, students will examine the state of the industry from a security perspective. They will then look at some of the biggest security disasters in software design and what lessons can be learned from them. Finally, participants will understand and use confidentiality, integrity, and availability as the three main tenets of information security. Upon completion of this course, participants will understand the state of the software industry with respect to security by learning from past software security errors and will avoid repeating those mistakes, and they will understand and use confidentiality, integrity, and availability (CIA) as the three main tenets of information security. Prerequisite: None

  •     Architecture Risk Analysis and Remediation

    This course defines concepts, methods, and techniques for analyzing the architecture and design of a software system for security flaws. Special attention is given to analysis of security issues in existing applications; however, the principles and techniques are applicable to systems under development. Techniques include accurately capturing application architecture, threat modeling with attack trees, attack pattern analysis, and enumeration of trust boundaries. Prerequisite:  Fundamentals of Secure Architecture

  •     Introduction to Security Tools and Technologies

    Security tools allow organizations to systematically test applications for coding mistakes that could result in vulnerabilities. Many organizations purchase security tools such as web application scanners, source code static analysis and penetration testing software; few organizations understand how to effectively select and leverage tools for their needs. This course is designed to educate architects and developers on the technologies available to create more secure systems. Topics include common network security technologies, cryptography, antivirus technologies, access control technologies, tokens and smart cards, biometrics, and various authentication methods. Prerequisite:  Fundamentals of Application Security

  •    OWASP Top 10 – Threats and Mitigations

    This course examines in depth the vulnerabilities, threats, and mitigations described in the OWASP Top 10 2013. Upon completion of this class, participants will be able to identify and mitigate the greatest threats that web application developers face, including: Injection, Broken Authentication and Session Management, Cross-Site Scripting (XSS), Insecure Direct Object References, Security Misconfiguration, Sensitive Data Exposure, Missing Function Level Access Control, Cross-Site Request Forgery (CSRF), Using Components with Known Vulnerabilities, and Unvalidated Redirects and Forwards. The course includes Knowledge Checks, Module Summaries, and links to additional online resources. Prerequisite: None

  •    Architecture Risk Analysis & Remediation for Embedded Systems

    This course module provides additional Architecture Risk Analysis and Remediation training of particular importance to embedded software engineers. It includes mapping of content to specific compliance and regulatory requirements, links to key reference resources that support the topics covered in the module, and a “Knowledge Check” quiz that assesses mastery of key concepts. Prerequisite:  Architecture Risk Analysis & Remediation

  •    Introduction to Cryptography

    This course provides students with the knowledge to understand cryptography and an opportunity to investigate the threats that affect two communicating parties, and an understanding of how these threats can be mitigated using a proper cryptographic solution. Upon completion of this course, students will be able to identify the problems that cryptography can address, recognize threats that apply to two communicating parties, select appropriate cryptographic solutions to mitigate these threats, and describe the mechanisms behind cryptographic protocols. Participants will also be able to follow cryptographic best practices and locate cryptography resources. Prerequisite: None

  •    Creating Secure Application Architecture

    This course covers a set of key security principles that students can use to improve the security of application architecture and design. Principles of this course include applying defense to harden applications and make them more difficult for intruders to breach, reducing the amount of damage an attacker can accomplish, compartmentalizing to reduce the impact of exploits, using centralized input and data validation to protect applications from malicious input, and reducing the risk in error code paths. Prerequisite:  Fundamentals of Secure Architecture, Architecture Risk Analysis and Remediation

  •    Creating Secure Application Architecture for Embedded Systems

    This course module provides additional training on Creating Secure Application Architecture of particular importance to embedded software engineers. It includes mapping of content to specific compliance and regulatory requirements, links to key reference resources that support the topics covered in the module, and a “Knowledge Check” quiz that assesses mastery of key concepts. Prerequisite:  Creating Secure Application Architecture

Test

  •     Fundamentals of Secure Development

    In this course, students will learn an overview of software security and its latest trends, as well as the importance of software security for business. Students will also learn to perform threat modeling to identify threats proactively, create threat trees for application components, use threat trees to find vulnerabilities, classify vulnerabilities, and perform risk analysis and prioritize security fixes.  Prerequisite:  Fundamentals of Application Security (AWA 101) This course introduces developers to the common risks associated with Mobile applications including client side injection, sensitive data handling, network transition, application patching, web based attacks, phishing, third - party code, location security and privacy and denial of service. The student is then given an overview of the Mobile application development best practices to reduce these risks including input validation, output encoding, least privilege, code signing, data protection at rest and in transit, avoiding client side validation, and using platform security capabilities as they apply in mobile environments. Included is a discussion of threat modeling mobile applications. With knowledge checks throughout, the student who completes this course will have an understanding of mobile environment threats and risks, and the programming principals to use to address them. Prerequisites: None

  •     Fundamentals of Secure Database Development

    In practice, the database represents the goal of many attackers, as this is where the information of value is maintained. However, functional requirements and security testing often focus on the interaction between a software user and the application, while the handling of data is assumed to be secure. This course is platform and technology agnostic, and will provide software architects and developers with an understanding of database development best practices. Prerequisite:  Fundamentals of Secure Development

  •     Fundamentals of Web 2.0 Security

    This course introduces developers to the security aspects surrounding the development of Web 2.0 applications. It starts with a review of a variety of Web 2.0 components and the types of attacks they are subject to such as SQL, XML and XPath injection, various SOAP attacks, Cross Site Scripting (XSS), session attacks and authentication and authorization attacks. The course follows this up with secure development best practices to prevent these attacks including input validation, secure session management and distrust of the browser. With knowledge checks throughout, after completing the course the student the student who completes this class will understand important Web 2.0 attack vectors and the programming techniques to prevent them. Prerequisite: None.

  •     Fundamentals of Secure Cloud Development

    This course introduces developers to the common risks associated with Cloud applications, including the security features of the different series models (IaaS, PaaS, and Saas), how to identify and mitigate the most common vulnerabilities, the unique security challenges of “Big Data”, and how to apply the Microsoft SDL to cloud applications. Threat coverage includes unauthorized account access, insecure APIs, shared technology, data leakage, and account hijacking, as well the importance of complying with regulatory requirements. With knowledge checks throughout, the student who completes this course will have an understanding of cloud computing threats and risks, and the programming principals to use to address them. Prerequisite: None. This course introduces security issues and challenges specific to AJAX applications. It provides an overview of AJAX technology, and presents common AJAX application vulnerabilities and attack vectors. Upon completion of this class, participants will be able to identify the differences between regular and AJAX applications, common AJAX vulnerabilities that attackers tend to exploit, and major threats to AJAX applications from cross-site scripting, cross-site request forgery, and injection attacks. The course includes Knowledge Checks, Module Summaries, and links to additional online resources. Prerequisite: None.

  •     Fundamentals of Secure Mobile Development for Embedded Systems

    This course module provides additional training on Secure Mobile Development of particular importance to embedded software engineers. It includes mapping of content to specific compliance and regulatory requirements, links to key reference resources that support the topics covered in the module, and a “Knowledge Check” quiz that assesses mastery of key concepts. Prerequisite:  Fundamentals of Secure Mobile Development

  •     Creating Secure Code – Java Foundations

    In this course, students will learn to recognize and remediate common Java Web software security vulnerabilities. After completing this course, students will be able to recognize data leakage, injection attacks, client/server protocol manipulation attacks, and authentication exploitations, and mitigate these security vulnerabilities. Prerequisite:  Fundamentals of Application Security (AWA 101), Fundamentals of Secure Development

  •     Creating Secure Code – C/C++ Foundations

    In this course, students will learn how to write secure code in C/C++ for Windows and Unix platforms, robust code development, and secure socket programming, and learn to apply time-tested defensive coding principles to develop secure applications. Students will also learn the nine defensive coding principles and how to use them to prevent common security vulnerabilities. Prerequisite:  Fundamentals of Secure Development

  •     Creating Secure Code – Windows 7 Foundations

    This course provides students with knowledge and skills needed to understand Windows 7 security features and build applications that leverage Windows 7’s built-in security mechanisms. Prerequisite: None.

  •     Creating Secure Code – .NET 4.0 Foundations

    This course describes .NET 4.0 security features, including concepts such as Code Access Security (CAS) and .NET cryptographic technologies. In addition, this course will introduce you to security changes in .NET 4.0 including level 2 security transparency, the new sandboxing and permission model, introduction of conditional APTCA, and changes to evidence objects and collections. This course provides secure coding best practices that will enable students to build more secure applications in .NET 4.0. Note: Creating Secure Code – .NET 2.0 Prerequisite:  Fundamentals of Application Security, Fundamentals of Secure Development

  •     Creating Secure Code – iPhone Foundations

    Most organizations say that mobile threats are their #1 priority to counter this, and next year. This course teaches iPhone application programmers the principals necessary to build highly secure iPhone applications, including understanding the risks, vulnerabilities and the techniques you can use to defend against iOS-specific attacks. Prerequisite:  Fundamentals of Secure Mobile Development

  •     Creating Secure Code – Android Foundations

    The Android platform represents potentially more vulnerabilities for companies dealing with the BYOD challenge. This course teaches Android application programmers the principals necessary to build highly secure Android applications, with a discussion on the Android security model, key Android attack vectors and the techniques you can use to defend against them. Prerequisite:  Fundamentals of Secure Mobile Development

  •     Web Vulnerabilities – Threats and Mitigations

    This course provides all the information needed to understand, avoid, and mitigate the risks posed by Web vulnerabilities. Students are first provided with a detailed background on the most common and recent attacks against Web-based applications, such as cross-site scripting attacks and cross-site request forgery attacks. The course then delves into practical recommendations on how to avoid and/or mitigate Web vulnerabilities. Real - world examples are provided throughout the course to help students understand and defend against Web vulnerabilities. Prerequisite:  Fundamentals of Application Security,  Fundamentals of Secure Development

  •     PCI Best Practices for Developers

    Payment Card Industry Data Security Standards (PCI-DSS) provide minimum requirements for addressing the security of software systems handling credit card information. Addressing the requirements during the design and build stages of the development lifecycle improves application security and simplifies compliance. This course will provide software developers with an in-depth understanding of application security issues within the PCI-DSS and best practices for addressing each requirement. Prerequisite:  Fundamentals of Application Security, Fundamentals of Secure Architecture

  •     Introduction to Cross-Site Scripting – with JSP Examples

    In this course, students will learn to understand the mechanisms behind cross-site scripting vulnerabilities, describe cross-site scripting vulnerabilities and their consequences, and apply secure coding best practices to prevent cross-site scripting vulnerabilities. Prerequisite: None.

  •     Creating Secure Code – Oracle Foundations

    This course provides the student with an understanding of the scope and requirements of database security as well as the risks presented by insecure database applications. It then teaches the best practices for secure database application development including privileges and access control, query construction, communication and storage, audit and resource usage. The course concludes with a discussion of common database attacks and how to prevent them, including SQL Injection, Information Disclosure and Privilege Escalation. This class teaches these principals using Oracle specific code and examples. After taking this course, the student will be able to understand the risks to database applications; apply security best practices when developing database applications; understand common database attacks; code applications with countermeasures to common database attacks. Prerequisite: Fundamentals of Application Security, Fundamentals of Secure Database Development.

  •     Creating Secure Code – SQL Server Foundations

    This course provides the student with an understanding of the scope and requirement of database security as well as the risks presented by unsecure database applications. It then teaches the best practices for secure database application development including privileges and access control, query construction, communication and storage, audit and resource usage. The course concludes with a discussion of common database attacks and how to prevent them, including SQL Injection, Information Disclosure and Privilege Escalation. This class teaches these principals using SQL Server specific code and examples. After taking this course, the student will be able to understand the risks to database applications; apply security best practices when developing database applications; understand common database attacks; code applications with countermeasures to common database attacks. Prerequisite: Fundamentals of Application Security, Fundamentals of Secure Database Development

  •     Creating Secure AJAX Code – ASP.NET Foundations

    This course introduces secure ASP.NET coding principles for AJAX applications. It provides an overview of best practices to mitigate common vulnerabilities and protect against common attack vectors. Upon completion of this class, participants will be able to identify the threats to AJAX ASP.NET applications from cross-site scripting, cross- site request forgery, and injection attacks, and ways to implement countermeasures using ASP.NET tools against these attacks by protecting client resources, validating input, protecting web services requests, preventing request forgeries, and securing data access. The course includes Knowledge Checks, Module Summaries, and links to additional online resources. Prerequisite:  Fundamentals of Secure AJAX Code. This course introduces secure Java coding principles for AJAX applications. It provides an overview of best practices to mitigate common vulnerabilities and protect against common attack vectors. Upon completion of this class, participants will be able to identify the most common threats to AJAX applications from cross-site scripting, cross- site request forgery, and injection attacks, and ways to implement countermeasures in Java against attacks by protecting client resources, validating input, restricting access to Ajax services, and preventing request forgeries. The course includes Knowledge Checks, Module Summaries, and links to additional online resources.  Prerequisite: Fundamentals of Secure AJAX Code

  •     Creating Secure Cloud Code – AWS Foundations

    This course examines the security vulnerabilities, threats, and mitigations for AWS cloud computing services. It includes coverage of Elastic Compute Cloud (EC2), Virtual Private Cloud (VPC), and four additional core AWS services: Identity and Access Management (IAM), DynamoDB Flat Database Service, Relational Database Service (RDS), and Simple Storage Service (S3). This course also discusses ancillary AWS Services. Prerequisite: Fundamentals of Secure Cloud Development

  •     Creating Secure Cloud Code – Azure Foundations

    This course examines the risks associated with creating and deploying applications on Microsoft’s Windows Azure cloud platform. It describes core security considerations for Azure Virtual Machine (VM) security, authentication and access control, legacy .Net Framework applications, Azure Web Sites, and the Microsoft WebMatrix3 IDE. Prerequisite:  Fundamentals of Secure Cloud Development

  •     Creating Secure Code – C/C++ Foundations for Embedded Systems

    This course module provides additional training on C/C++ Foundations of particular importance to embedded software engineers. The module contains the following features: Mapping of content to specific compliance and regulatory requirements Links to key reference resources that support the topics covered in the module “Knowledge Check” quiz that assesses mastery of key concepts. Prerequisite:  Creating Secure Code –  C/C++

  •     Creating Secure ASP.NET Code

    This course examines in depth the development of secure web applications in C#. It provides an overview of common web application vulnerabilities and presents ways to avoid those vulnerabilities in C# code. In the hands- on section, students will discover the vulnerabilities for themselves and find ways to address them, greatly enhancing the security of their code. Upon completion of this class, participants will be able to recognize the need to follow secure coding best practices, follow secure coding best practices, and locate additional resources on secure coding best practices for ASP.NET. Prerequisite:  Creating Secure Code - .NET 4.0 Foundations. This course provides a deep understanding of application security risks and secure coding standards for C and C++ applications, and the different types of errors that can be introduced while coding. The course discusses the importance of detecting these errors and remediating them as early as possible to avoid security issues. It also illustrates real-world best practices and techniques, and provides an introduction to static analysis tools to detect and resolve security vulnerabilities in code. Prerequisite:  Creating Secure Code –  C/C++ Foundations

  •     Creating Secure Java Code

    This course examines in depth the development of secure web applications in Java. It provides an overview of common web application vulnerabilities and presents ways to avoid those vulnerabilities in Java code. In the hands-on section, students will discover the vulnerabilities themselves and find ways to address them, greatly enhancing the security of their code. Upon completion of this course, participants will be able to identify why software security matters to their business, recognize the root causes of the more common vulnerabilities, identify the symptoms of common vulnerabilities, and use security best practices to prevent common vulnerabilities. Prerequisite:  Creating Secure Code – JRE Foundations

  •     Creating Secure C# Code

    This course will provide a deep understanding of application security risks and secure coding standards for C# applications. The main lesson guides students through the concepts underlying the coding principles and illustrates real-world best practices and techniques, and the labs allow students to test what they have learned. Prerequisite:  Creating Secure Code - .NET 4.0 Foundations

  •     Creating Secure PHP Code

    This course teaches PHP programmers the security principals they need to know to build secure PHP applications. This class teaches programming principals for security in PHP such as proper session management, error handling, authentication, authorization, data storage, use of encryption and defensive programming as well as avoiding and mitigating vulnerabilities such as SQL Injections, Cross-Site Scripting (XSS), File Inclusion, Command Injection, Cross Site Request Forgery (CSRF) and Null Byte attacks. With interactive knowledge checks in each of the modules, after completing the course, the student will be able to program securely and defensively in PHP. Prerequisite: Fundamentals of Application Security, Fundamentals of Secure Development

  •     Creating Secure iPhone Code in Objective-C

    This course examines in depth the development of secure iOS applications for Apple’s iPad and iPhone devices. It provides an overview of common iOS application vulnerabilities and presents secure coding best-practices using Xcode with Objective-C. Upon completion of this class, participants will be able to identify and mitigate malicious user input, risks to data while backgrounding, threats to privacy and confidentiality, sensitive data exposure, insufficient transport layer protection and custom URL scheme abuses. Prerequisite:   Creating Secure Code –  iPhone Foundations. This course examines in depth the development of secure Java code for Android OS devices. It provides an overview of common Android application vulnerabilities and presents secure coding best-practices using Java and the Android SDK. Upon completion of this class, participants will be able to identify and mitigate weak authentication attacks, code injections, malicious user input, risks to stored data and data in transit, threats to privacy and confidentiality, insufficient transport layer protection and custom URL scheme abuses. The course includes Knowledge Checks, Module Summaries, and links to additional online resources. Prerequisite:  Creating Secure Code – Android Foundations

  •     Creating Secure HTML5 Code

    This course examines in depth the development of secure HTML5 code. It provides an overview of common HTML5 application vulnerabilities and threats, and presents secure coding best-practices. Upon completion of this class, participants will be able to identify ways in which the expanded attack surface introduced with HTML 5 might impact their web applications. Participants will also be able to identify new security features available with HTML5, as well as countermeasures and best practices to mitigate the application’s exposure to attack. The course includes Knowledge Checks, Module Summaries, and links to additional online resources.  Prerequisites: Fundamentals of Application Security (AWA101), Fundamentals of Secure Development

  •     Creating Secure jQuery Code

    In this course, you will learn about common client-side vulnerabilities and threats to jQuery applications, and techniques for mitigating these vulnerabilities and threats. You will also learn about how to implement new HTML5 security features to secure jQuery applications, and best practices to secure local storage and implement transport layer security. After completing this course, you will be able to describe the threats that can impact your jQuery code and describe the countermeasures to address these threats. Prerequisites:   Fundamentals of Application Security, Fundamentals of Secure Development.

  •     Creating Secure C/C++ Code for Embedded Systems

    This course module is a supplement to the Security Innovation course “Creating Secure C/C++ Code”. It provides additional coverage on security topics that may be of particular importance to embedded software engineers. It includes mapping of content to specific compliance and regulatory requirements, links to key reference resources that support the topics covered in the module, and a “Knowledge Check” quiz that assesses mastery of key concepts. Prerequisite:  Creating Secure C/C++ Code

  •     Integer Overflows – Attacks and Countermeasures

    An integer overflow is a programming error that can severely impact a computer system’s security. Due to the subtlety of this bug, integer overflows are often overlooked during development. This course covers the security concepts, testing techniques, and best practices that will enable students to develop robust applications that are secure against integer overflow vulnerabilities. Prerequisite: None. This course provides all the required information to understand, avoid and mitigate the risks posed by buffer overflows. The students are first provided with a detailed background on the mechanisms of exploit of stack-based and heap-based buffer overflows. The course then delves into the protections provided by the Microsoft compiler and the Windows operating system, such as the /GS flag and Address Space Layout Randomization (ASLR), followed by practical advice on how to avoid buffer overflows during the design, development, and verification phases of the software development life cycle. Practical examples are provided throughout the course to help students understand and defend against buffer overflows.  Prerequisite: None.

  •     Fundamentals of Security Testing

    This course introduces security-testing concepts and processes that will help students analyze an application from a security perspective and to conduct effective security testing. The course focuses on the different categories of security vulnerabilities and the various testing approaches that target these classes of vulnerabilities. Several manual and automated testing techniques are presented which will help identify common security issues during testing and uncover security vulnerabilities. Prerequisite: None.

  •     Fundamentals of Security Testing for Embedded Systems

    This course module provides additional Fundamentals of Security Testing training of particular importance to embedded software engineers. The module contains the following features: Mapping of content to specific compliance and regulatory requirements Links to key reference resources that support the topics covered in the module “Knowledge Check” quiz that assesses mastery of key concepts. Prerequisite:  Fundamentals of Security Testing

  •     Classes of Security Defects

    This course equips students with the knowledge needed to create a robust defense against common security defects. Students will learn why and how security defects are introduced into software, and will be presented with common classes of attacks, which will be discussed in detail. Along with examples of real life security bugs, students will be shown techniques and best practices that will enable the team to identify, eliminate, and mitigate each class of security defects. Additional mitigation techniques and technologies are described for each class of security defect. Prerequisite:  Fundamentals of Security Testing

  •     How to Test for the OWASP Top 10

    The Open Web Application Security Project (OWASP) Top Ten is a listing of critical security flaws found in web applications. Organizations that address these flaws greatly reduce the risk of a web application being compromised, and testing for these flaws is a requirement of the Payment Card Industry Standards (PCI-DSS) as well as other regulatory bodies.  This course explains how these flaws occur and provides testing strategies to identify the flaws in web applications. Prerequisite:  Fundamentals of Security Testing

  •     Software Security Testing – Tools & Techniques

    This course describes the tools and techniques used during software security testing. Software security testing tools are discussed including static analysis, vulnerability scanning, fuzz testing, and penetration testing. For each, the student will gain knowledge of when in the development process to use the tool, the variety of security problems found by the tool, and the pros and cons of the tool. In addition, specific penetration test techniques are discussed. Test planning topics include the security attributes of software, the differences between functional and security testing, classification and prioritization of security threats, security test planning using threat models and the nine golden tips for test planning. After taking this course, the student will be able to create a software security test plan; decide which software security testing tools to use; know how to apply the testing tools; understand and apply penetration testing techniques. Prerequisite:  Classes of Security Defects

  •     How to Break Software Security

    This course is designed to give testers and developers the tools and techniques they need to help find security problems before their application is released. It lays the foundation needed to effectively recognize and expose security flaws in software and it introduces a fault model to help testers conceptualize these types of bugs. Prerequisite: None.

  •     Advanced Software Security Testing – Tools & Techniques

    This course delves deeply into the techniques for testing specific security weaknesses. The class is broken down into the three areas where bugs are most often found: insecure interaction between components, risky resource management, and poor defenses. Tools and techniques for security testing are presented, including ten different types of attacks such as SQL Injection, Command Injection, Cross-site Scripting, Buffer Overflow and Access Spoofing. After taking this course, the student will be able to understand the ten types of attacks; know which tools to use to test for these attacks; test software applications for susceptibility to the ten specific attacks; describe the expected mitigations required to prevent these attacks. Prerequisite:  Software Security Testing –  Tools and Techniques

  •     Exploiting Buffer Overflows

    This course provides students with all the required information to help understand and mitigate buffer-overflow exploits. It first introduces the concepts necessary to recognize the threats posed by these exploits, and to comprehend the mechanisms behind exploitation of stack-based and heap-based buffer overflows. The course then delves into the different challenges faced by exploit code and how different exploitation techniques overcome environmental limitations. Prerequisite:  Advanced Software Security Testing – Tools & Techniques

  •     Advanced Software Security Testing for Embedded Systems

    This course module provides additional Software Security Testing of particular importance to embedded software engineers. The module contains the following features: Mapping of content to specific compliance and regulatory requirements Links to key reference resources that support the topics covered in the module “Knowledge Check” quiz that assesses mastery of key concepts. Prerequisite:  Advanced Software Security Testing – Tools & Techniques

OSINT OVERVIEW

“Open source intelligence    OSINT    is a form of intelligence collection management that involves finding, selecting, and acquiring information from publicly available sources and analyzing it to produce actionable intelligence.”     Wikipedia

Understanding and applying data found in publicly available sources is as important for investigators as it is for other purposes but to do so it needs to be processed effectively with the right tools and training.

Our Advanced Open Source Intelligence courses are designed to provide commercial, government and law enforcement organizations (LEOs) with the skills to capture information available and turn it into actionable intelligence.

Abanacle provides cybersecurity consulting and training, computer-based and instructor-led, for commercial organizations and government agencies. 

Abanacle operates a cybersecurity incubator in partnership with, and is located on the campus of, Nova Southeastern University.

Abanacle has also developed a biometrically encrypted smartcard that can be used in many government, commercial, travel, healthcare financial and access management scenarios.

Abanacle owns and operates several divisions dedicated to the advancement of cybersecurity and partners with several companies for the development of encrypted hardware with biometric authentication capabilities.

Abanacle Corp - © 2016 by Abanacle Corporation. All rights reserved.

CONTACT

Washington Office

1747 Pennsylvania Avenue NW

Suite 1250

Washington, DC 20006 USA

Florida Office

3401 SW 160 Avenue

Suite 301

Miramar, FL USA

 

Incubator

3512 S University Drive
Davie, FL 33314