Services
 

We offer security training, breakfast seminars, interactive hackathons, security workshops or whatever fits your needs. Invite us to your company all-hands/town hall/on-boarding/after work or let us host a security focused event with presentations on relevant security topics and interesting activities.

Courses and workshops

A one- or two-day workshop where the basics of web application hacking is covered, along with hands-on practice challenges and optionally learning to hack your own application. This workshop is appreciated by developers, system engineers/architects, application testers, product owners and prospective penetration testers.

This offer can be broken down in parts, mixed-and-matched to suit your needs:

  • OWASP Top 10 Vulnerability Rundown: we present each category of the OWASP Top 10 list of security risks. You will gain an understanding of: what these risks and vulnerability classes are; how they occur; how to identify them; and learn about best practices to mitigate or prevent them in your own products. Our instructors will demonstrate how these flaws can be found and exploited by an attacker.
  • Penetration Test Methodology: a presentation to give an overview of the anatomy of a penetration test. You will learn about the phases of a pentest from Reconnaissance to Report, as well as the purpose and structure of each.
  • Capture The Flag: we demonstrate the most common and useful tools for web application security testing. We then provide you with a web application which suffers from a wide variety of security vulnerabilities. Our instructors help you with tips, advice and experience. We show you the tools we use in our engagements and how to use them for great effect on a live application.
  • Hack Yourself: starting with an orientation and brainstorming session we map out the architecture of an application of your choice, building an understanding of where security issues may form, after which you perform a penetration test of your own, guided by our instructors.

You can read more on these offers in our blog post Security Training for Developers.

Learn how to perform security risk analysis and threat modeling, either on fictuous or your own assets.

We combine methodologies and frameworks best suited for your needs and spend one or two days covering the basics to give you the tools and mindset needed to perform effective risk analysis and threat modeling.

Read more on our threat and risk services.

In this training we spend one or two days covering the OWASP Software Assurance Maturity Model to provide the tools and methodology for application security and secure development lifecycle.

This full-day workshop is aimed at anyone interested in the security of connected vehicles. The workshop combines theoretical lectures with hands-on challenges against a physical, simulated car. The day ends with a hands-on series of challenges and a race for the win!

Participants will learn how a modern vehicle communicates internally (between components) as well as externally with the driver, passengers and remote services and how to exploit vulnerable or weak implementations of security concepts.

The workshop covers areas such as:

  • Automotive security concepts
  • CAN and serial bus communication
  • The basics of vehicle ECUs
  • Embedded security
  • Cryptography
  • Vehicle on-board diagnostics (OBD)
  • Vehicle telematics
  • API and application security
  • Car hacking tools

Read the CAN Hack! course offer

 

Presentation topics

Most of our presentations can be delivered in up to two-hour long sessions, as shorter briefings during events or combined with training sessions.

  • How to not get phished: a security awareness presentation covering the many ways social engineers trick us users into disclosing our secrets, and how to avoid them.
  • Security Breach History: an hour-long journey through real-life security incidents. Entertaining tales of breaches, detection, incident response and the aftermath. Learn how the intrusions happened and how they were handled.
  • Public Key Infrastructure: there are many dos and don'ts when implementing a PKI, and a whole lot of gotchas. In this presentation we cover both fun quirks and best practices.
  • Modern embedded security: how to secure your embedded systems and implementations.
  • OWASP Top 10 web application security risks: a brief coverage of the theory part of our OWASP Top 10 workshop with real world examples.
  • Penetration Test Methodology: an overview of the anatomy of a penetration test. You will learn about the phases of a pentest from Reconnaissance to Report, as well as the purpose and structure of each.
  • Active Directory: pitfalls and protection: scraping the surface of the massive aspect of Active Directory security best practices intertwined with amusing examples of when things have gone wrong.

Eager to learn? Want to get your developers up-to-date with security best practices? Hosting a security focused event? Contact us about trainings or events!