EC-Council Certified DevSecOps Engineer (ECDE) Training Course

The EC-Council’s Certified Chief Information Security Officer (CCISO) Program has certified leading information security professionals across the globe. A distinguished group of high-level information security executives, known as the CCISO Advisory Board, played a crucial role in establishing the foundation of the program and defining its content, exam structure, body of knowledge, and training modules. Members of this board contributed in various capacities—some as authors, others as exam writers, quality assurance reviewers, and trainers. Each component of the program was meticulously crafted with the aspiring CISO in mind, aiming to transfer the invaluable knowledge of seasoned professionals to the next generation in critical areas essential for developing and maintaining a robust information security program. The Certified CISO (CCISO) program is a pioneering training and certification initiative designed to produce top-tier information security executives. Unlike other certifications that focus primarily on technical skills, the CCISO emphasizes the application of information security management principles from an executive perspective. This program was developed by current CISOs for government and industry professionals who are either serving in or aspiring to these roles.

The Certified Ethical Hacker (C|EH® v12) is a specialized training program designed to equip participants with comprehensive knowledge and practical skills in ethical hacking. This program includes hands-on training, laboratory sessions, assessments, a mock engagement for practice, and participation in a global hacking competition. It ensures that individuals remain at the forefront of cybersecurity by mastering the most in-demand skills necessary for success in this field. The course is accredited by the EC-Council and is delivered by an accredited trainer using officially sanctioned materials and training environments. This program is specifically tailored to prepare participants for the Certified Ethical Hacker 312-50 Exam, ensuring they are well-prepared to meet the rigorous standards required for government and private sector cybersecurity roles.

The Certified Ethical Hacker (C|EH® v13 AI) is a specialized training program designed to equip participants with comprehensive knowledge and practical skills in ethical hacking. This hands-on course includes labs, assessments, a mock engagement for practice, and participation in a global hacking competition, ensuring that professionals remain at the forefront of cybersecurity demands. The course is accredited by EC-Council and delivered by an accredited trainer using officially sanctioned materials and a secure training environment. It is tailored to prepare participants for the Certified Ethical Hacker 312-50 Exam, aligning with the highest standards of cybersecurity education for government and private sector professionals alike.

The CEH program for government covers a comprehensive array of topics essential for tactical cybersecurity professionals. It focuses on the entire kill-chain process, encompassing various phases such as footprinting and reconnaissance, scanning, gaining access, maintaining access, and covering tracks. This structured 5-phase ethical hacking process is applicable to multiple scenarios, including traditional on-premises networks, cloud environments, hybrid systems, and IoT devices. Students will gain proficiency in a wide range of tools and techniques used throughout this evaluation process, as well as an understanding of how malicious actors employ the same tactics, techniques, and procedures (TTPs) to breach organizational security.

This three-day course provides an overview of securing C/C++ code to protect against malicious users who may exploit vulnerabilities related to memory management and input handling. The course covers the fundamental principles of writing secure code for government applications, ensuring that participants understand best practices in safeguarding software integrity and functionality.

Even experienced Java programmers may not fully master all the security services provided by Java, nor are they always aware of the vulnerabilities relevant to web applications written in this language.

This course introduces the security components of Standard Java Edition and delves into the security issues of Java Enterprise Edition (JEE) and web services. Before discussing specific services, the course covers the fundamentals of cryptography and secure communication. Various exercises focus on declarative and programmatic security techniques in JEE, as well as transport-layer and end-to-end security for web services. Practical exercises allow participants to use the discussed APIs and tools firsthand.

The course also examines the most frequent and severe programming flaws in the Java language and platform, along with web-related vulnerabilities. It covers both language-specific issues and problems arising from the runtime environment. Each vulnerability and associated attack is demonstrated through straightforward exercises, followed by recommended coding guidelines and mitigation techniques.

Participants attending this course will

• Understand basic concepts of security, IT security, and secure coding for government applications
• Learn about web vulnerabilities beyond the OWASP Top Ten and how to prevent them
• Understand the security principles of web services
• Learn to utilize various security features in the Java development environment
• Gain a practical understanding of cryptography
• Understand the security solutions offered by Java EE
• Learn about common coding mistakes and how to avoid them
• Receive information on recent vulnerabilities in the Java framework
• Acquire practical knowledge in using security testing tools
• Access sources and further readings on secure coding practices

Audience

Developers

Description

The Java language and the Runtime Environment (JRE) were designed to be free from the most problematic common security vulnerabilities experienced in other languages, such as C/C++. However, software developers and architects should not only know how to use the various security features of the Java environment (positive security), but also be aware of the numerous vulnerabilities that are still relevant for Java development (negative security).

The introduction of security services is preceded by a brief overview of the foundations of cryptography, providing a common baseline for understanding the purpose and operation of the applicable components. The use of these components is presented through several practical exercises, where participants can try out the discussed APIs for themselves.

This course also covers the most frequent and severe programming flaws of the Java language and platform, including both typical bugs committed by Java programmers and language- and environment-specific issues. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by recommended coding guidelines and possible mitigation techniques.

Participants attending this course will

• Understand basic concepts of security, IT security, and secure coding for government
• Learn Web vulnerabilities beyond the OWASP Top Ten and know how to avoid them
• Learn to use various security features of the Java development environment
• Gain a practical understanding of cryptography
• Learn about typical coding mistakes and how to avoid them
• Receive information on recent vulnerabilities in the Java framework
• Obtain sources and further readings on secure coding practices

Audience

Developers

Several programming languages are currently available to compile code for the .NET and ASP.NET frameworks. These environments provide robust tools for security development; however, developers must understand how to apply architectural and coding-level techniques to implement effective security measures and mitigate vulnerabilities. This course is designed to equip developers with practical skills through numerous hands-on exercises. Participants will learn how to prevent untrusted code from executing privileged actions, secure resources using strong authentication and authorization methods, facilitate remote procedure calls, manage sessions, explore different implementations for specific functionalities, and more. The course begins by introducing common programming issues that can arise when using .NET. It then delves into the vulnerabilities of ASP.NET, covering various environment settings and their implications. The discussion on ASP.NET-specific vulnerabilities addresses general web application security challenges as well as unique issues such as attacks on ViewState and string termination attacks. Participants attending this course will: - Understand fundamental concepts of security, IT security, and secure coding for government. - Learn about Web vulnerabilities beyond the OWASP Top Ten and how to prevent them. - Gain proficiency in using various security features of the .NET development environment. - Acquire practical knowledge in utilizing security testing tools. - Identify typical coding mistakes and learn strategies to avoid them. - Stay informed about recent vulnerabilities in .NET and ASP.NET. - Receive resources and further readings on secure coding practices. Audience: - Developers for government and private sector projects.

The Combined SDL Core Training provides an in-depth understanding of secure software design, development, and testing through the Microsoft Secure Development Lifecycle (SDL). It offers a foundational overview of the key components of SDL, followed by practical techniques for identifying and addressing security flaws early in the development process.

During the development phase, the course covers common security-related programming bugs in both managed and native code. It presents various attack methods associated with these vulnerabilities along with effective mitigation strategies. These concepts are reinforced through hands-on exercises that offer participants a practical understanding of live hacking techniques. The training also introduces different security testing methodologies and demonstrates the effectiveness of various testing tools, allowing participants to apply these tools to previously discussed vulnerable code.

Participants attending this course will

Understand basic concepts of security, IT security, and secure coding for government.

Gain knowledge of the essential steps in the Microsoft Secure Development Lifecycle.

Learn secure design and development practices.

Understand secure implementation principles.

Grasp security testing methodologies.

• Access sources and further readings on secure coding practices.

Audience

Developers, Managers

After gaining familiarity with vulnerabilities and attack methods, participants will learn about the general approach and methodology for security testing, along with techniques that can be applied to uncover specific vulnerabilities. Security testing should begin with information gathering about the system (ToC, i.e., Target of Evaluation), followed by a thorough threat modeling process to identify and rate all threats, culminating in a risk analysis-driven test plan.

Security evaluations can occur at various stages of the Software Development Life Cycle (SDLC). Therefore, we discuss design reviews, code reviews, reconnaissance and information gathering about the system, testing the implementation, and securing the environment for deployment. The course introduces numerous security testing techniques in detail, such as taint analysis, heuristic-based code review, static code analysis, dynamic web vulnerability testing, and fuzzing. Various types of tools are presented to automate the security evaluation of software products, supported by exercises where these tools are used to analyze previously discussed vulnerable code. Real-life case studies enhance understanding of various vulnerabilities.

This course equips testers and quality assurance (QA) staff with the necessary skills to effectively plan and execute security tests, select and use appropriate tools and techniques to identify even hidden security flaws, providing essential practical skills that can be applied immediately in their work for government.

Participants attending this course will

• Understand basic concepts of security, IT security, and secure coding
• Learn about Web vulnerabilities beyond the OWASP Top Ten and how to avoid them
• Learn client-side vulnerabilities and secure coding practices
• Understand security testing approaches and methodologies
• Gain practical knowledge in using security testing techniques and tools
• Access sources and further readings on secure coding practices

Audience

Developers, Testers

The Certified Penetration Testing Professional (CPENT) certification is a globally recognized validation of an individual’s knowledge and skills in the field of penetration testing or ethical hacking. CPENT-certified professionals demonstrate their ability to identify, assess, and manage security vulnerabilities within network infrastructures. The certification encompasses mastery of penetration testing methodologies, understanding of legal and regulatory concerns, and technical expertise in attack vectors and countermeasures. For government agencies, industries, and organizations, CPENT-certified professionals are essential for safeguarding systems against malicious intruders. Thus, the CPENT certification serves as a robust assurance of a candidate’s expert skills in securing networks and systems, which is critical in the continually evolving cybersecurity landscape.

This is a comprehensive specialist-level program designed to equip organizations with the knowledge and skills necessary to effectively manage post-breach consequences. The program focuses on minimizing both financial and reputational impacts following an incident. Learning objectives are reinforced through practical application, with 40% of the course dedicated to hands-on experience with the latest tools, techniques, methodologies, and frameworks for incident handling and response. This program is tailored to enhance preparedness and resilience, ensuring alignment with best practices for government and other public sector entities.

Description:

This class will immerse participants in an interactive environment where they will learn how to scan, test, hack, and secure their own systems. The hands-on laboratory setting provides each participant with comprehensive knowledge and practical experience using current essential security systems. Participants will start by understanding the mechanics of perimeter defenses before progressing to scanning and attacking their own networks, ensuring that no real network is compromised. They will then explore how intruders escalate privileges and discover the steps necessary to secure a system. The curriculum also covers Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows, and Virus Creation, all tailored to enhance cybersecurity capabilities for government agencies.

Target Audience:

This course is designed to significantly benefit security officers, auditors, security professionals, site administrators, and any other individuals responsible for the integrity of network infrastructure within the public sector. It is particularly relevant for those tasked with ensuring robust cybersecurity measures are in place for government operations.

Format of the Course

• Interactive lectures and discussions.
• Extensive exercises and practice sessions.
• Hands-on implementation in a live laboratory environment.

Course Customization Options for Government

• To request a customized training session for this course, please contact us to arrange the details.

Format of the Course

• Interactive lectures and discussions designed to engage participants.
• A variety of exercises and practice sessions to reinforce learning.
• Hands-on implementation in a live-lab environment to ensure practical application of skills.

Course Customization Options for Government

• To request a customized training program tailored to the specific needs of your agency, please contact us to arrange.