EC-Council Certified DevSecOps Engineer (ECDE) Training Course

The EC-Council’s Certified Chief Information Security Officer (CCISO) Program has certified leading information security professionals across the globe. A distinguished group of high-level information security executives, known as the CCISO Advisory Board, played a crucial role in shaping the foundation of the program. They outlined the content to be covered by the exam, body of knowledge, and training. Members of the Board contributed in various capacities—some as authors, others as exam writers, quality assurance reviewers, and trainers. Each component of the program was designed with the aspiring CISO in mind, aiming to transfer the expertise of seasoned professionals to the next generation, particularly in areas critical for the development and maintenance of a robust information security program.

The Certified Chief Information Security Officer (CCISO) program is the first of its kind, offering training and certification aimed at producing top-tier information security executives. The CCISO program does not focus solely on technical knowledge but emphasizes the application of information security management principles from an executive perspective. Developed by current CISOs for government and aspiring CISOs, this program ensures that participants are well-equipped to lead effective information security strategies.

The Certified Ethical Hacker (C|EH® v12) is a specialized training program designed to equip participants with comprehensive knowledge and practical skills in ethical hacking. This hands-on training includes labs, assessments, a mock engagement for practice, and participation in a global hacking competition, ensuring that individuals stay at the forefront of cybersecurity advancements. The course is accredited by EC-Council and delivered by an accredited trainer using approved materials and a structured training environment. It is specifically tailored to prepare participants for the Certified Ethical Hacker 312-50 Exam, aligning with the highest standards of cybersecurity education for government and public sector professionals.

The Certified Ethical Hacker (C|EH® v13 AI) is a specialized training program designed to equip participants with comprehensive knowledge and practical skills in ethical hacking. This hands-on course includes labs, assessments, a mock engagement for practice, and participation in a global hacking competition, ensuring that participants stay at the forefront of cybersecurity advancements.

The course is accredited by EC-Council and delivered by an accredited trainer using officially recognized materials and a training environment tailored for government.

This program is the official Certified Ethical Hacker training course, preparing participants for the Certified Ethical Hacker 312-50 Exam.

The CEH program for government covers a comprehensive range of topics essential for becoming a proficient cybersecurity professional. It focuses on the entire kill-chain process, encompassing various phases such as foot printing and reconnaissance, scanning, gaining access, maintaining access, and covering tracks. This structured 5-phase ethical hacking methodology is applicable to diverse scenarios, including traditional on-premises networks, cloud environments, hybrid setups, and IoT systems. The program also spans a variety of network topologies and application environments. Participants will gain expertise in using a wide array of tools and techniques throughout the evaluation process, as well as an understanding of how malicious actors employ these same tactics, techniques, and procedures (TTPs) to compromise organizations.

This three-day course provides an overview of securing C/C++ code to protect against potential exploits by malicious users. The course addresses common vulnerabilities related to memory management and input handling, emphasizing the principles of writing secure code for government applications. Participants will gain a foundational understanding of how to mitigate these risks and ensure robust security practices in their coding workflows.

Even experienced Java programmers are not mastering by all means the various security services offered by Java, and are likewise not aware of the different vulnerabilities that are relevant for web applications written in Java. The course – besides introducing security components of Standard Java Edition – deals with security issues of Java Enterprise Edition (JEE) and web services. Discussion of specific services is preceded with the foundations of cryptography and secure communication. Various exercises deal with declarative and programmatic security techniques in JEE, while both transport-layer and end-to-end security of web services is discussed. The use of all components is presented through several practical exercises, where participants can try out the discussed APIs and tools for themselves. The course also goes through and explains the most frequent and severe programming flaws of the Java language and platform and web-related vulnerabilities. Besides the typical bugs committed by Java programmers, the introduced security vulnerabilities cover both language-specific issues and problems stemming from the runtime environment. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques. Participants attending this course will understand basic concepts of security, IT security and secure coding, learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them, understand security concepts of Web services, learn to use various security features of the Java development environment, have a practical understanding of cryptography, understand security solutions of Java EE, learn about typical coding mistakes and how to avoid them, get information about some recent vulnerabilities in the Java framework, get practical knowledge in using security testing tools, get sources and further readings on secure coding practices. Audience Developers wordtest

Description

The Java language and the Runtime Environment (JRE) were designed to be free from the most problematic common security vulnerabilities experienced in other languages, such as C/C++. However, software developers and architects should not only know how to use the various security features of the Java environment (positive security), but also be aware of the numerous vulnerabilities that are still relevant for Java development (negative security).

The introduction of security services is preceded by a brief overview of the foundations of cryptography, providing a common baseline for understanding the purpose and operation of the applicable components. The use of these components is presented through several practical exercises, where participants can try out the discussed APIs for themselves.

This course also covers the most frequent and severe programming flaws of the Java language and platform, including both typical bugs committed by Java programmers and language- and environment-specific issues. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by recommended coding guidelines and possible mitigation techniques.

Participants attending this course will

• Understand basic concepts of security, IT security, and secure coding for government
• Learn Web vulnerabilities beyond the OWASP Top Ten and know how to avoid them
• Learn to use various security features of the Java development environment
• Gain a practical understanding of cryptography
• Learn about typical coding mistakes and how to avoid them
• Receive information on recent vulnerabilities in the Java framework
• Obtain sources and further readings on secure coding practices

Audience

Developers

A variety of programming languages are available today to compile code for the .NET and ASP.NET frameworks. These environments provide robust means for developing secure applications; however, developers must understand how to apply architecture- and coding-level techniques to implement desired security features and mitigate vulnerabilities.

The aim of this course is to equip developers with practical, hands-on exercises that demonstrate how to prevent untrusted code from performing privileged actions, protect resources through strong authentication and authorization mechanisms, provide secure remote procedure calls, manage sessions effectively, explore different implementations for specific functionalities, and more.

The introduction of various vulnerabilities begins by presenting typical programming issues encountered when using .NET. The discussion on ASP.NET vulnerabilities also covers various environment settings and their impacts. Additionally, the course addresses ASP.NET-specific vulnerabilities, including general web application security challenges as well as unique issues such as attacks on ViewState or string termination attacks.

Participants attending this course will

• Understand fundamental concepts of security, IT security, and secure coding for government
• Learn about Web vulnerabilities beyond the OWASP Top Ten and how to avoid them
• Learn to utilize various security features of the .NET development environment
• Gain practical knowledge in using security testing tools
• Identify common coding mistakes and learn strategies to prevent them
• Receive information on recent vulnerabilities in .NET and ASP.NET
• Access sources and further readings on secure coding practices

Audience

Developers

The Combined SDL Core Training provides an in-depth understanding of secure software design, development, and testing through the Microsoft Secure Development Lifecycle (SDL). It offers a foundational overview of the key components of SDL, followed by practical techniques for identifying and addressing security flaws early in the development process.

During the development phase, the course covers common security-related programming bugs in both managed and native code. It presents various attack methods associated with these vulnerabilities along with effective mitigation strategies. These concepts are reinforced through hands-on exercises that offer participants a practical understanding of live hacking techniques. The training also introduces different security testing methodologies and demonstrates the effectiveness of various testing tools, allowing participants to apply these tools to previously discussed vulnerable code.

Participants attending this course will

Understand basic concepts of security, IT security, and secure coding for government.

Gain knowledge of the essential steps in the Microsoft Secure Development Lifecycle.

Learn secure design and development practices.

Understand secure implementation principles.

Grasp security testing methodologies.

• Access sources and further readings on secure coding practices.

Audience

Developers, Managers

After gaining familiarity with vulnerabilities and attack methods, participants learn about the general approach and methodology for security testing, as well as the techniques that can be applied to reveal specific vulnerabilities. Security testing should commence with information gathering about the system (ToC, i.e., Target of Evaluation), followed by thorough threat modeling to identify and rate all threats, leading to a risk analysis-driven test plan.

Security evaluations can occur at various stages of the Software Development Life Cycle (SDLC). Therefore, we discuss design review, code review, reconnaissance and information gathering about the system, testing the implementation, and testing and hardening the environment for secure deployment. Numerous security testing techniques are introduced in detail, such as taint analysis and heuristics-based code review, static code analysis, dynamic web vulnerability testing, and fuzzing. Various types of tools are presented that can be used to automate the security evaluation of software products, supported by a series of exercises where these tools are executed to analyze previously discussed vulnerable code. Real-life case studies enhance understanding of various vulnerabilities.

This course prepares testers and quality assurance (QA) staff to adequately plan and precisely execute security tests, select and use the most appropriate tools and techniques to uncover even hidden security flaws, thereby providing essential practical skills that can be applied on the next working day.

Participants attending this course will

• Understand basic concepts of security, IT security, and secure coding for government
• Learn about Web vulnerabilities beyond OWASP Top Ten and how to avoid them
• Learn client-side vulnerabilities and secure coding practices
• Understand security testing approaches and methodologies
• Gain practical knowledge in using security testing techniques and tools
• Access sources and further readings on secure coding practices

Audience

Developers, Testers

The Certified Penetration Testing Professional (CPENT) certification is a globally recognized validation of an individual’s knowledge and skills in the field of penetration testing or ethical hacking. CPENT-certified professionals exhibit their capability to identify, assess, and manage security vulnerabilities within network infrastructures. This certification signifies mastery of penetration testing methodologies, an understanding of legal and regulatory concerns, and technical expertise in attack vectors and countermeasures. For government agencies, CPENT-certified professionals are essential for safeguarding systems against malicious intruders. Thus, the CPENT certification serves as a robust assurance of a candidate's expert skills in securing networks and systems, which is crucial in the continually evolving cybersecurity landscape.

This is a comprehensive specialist-level program designed to equip organizations with the knowledge and skills necessary to effectively manage post-breach consequences. The program focuses on minimizing both financial and reputational impacts following an incident. Learning objectives are reinforced through practical application, with 40% of the course dedicated to hands-on experience with the latest tools, techniques, methodologies, and frameworks for government. This approach ensures that participants are well-prepared to handle real-world scenarios in a manner aligned with public sector workflows, governance, and accountability.

Description:

This class will immerse participants into an interactive environment where they will learn how to scan, test, hack, and secure their own systems. The lab-intensive setting provides each participant with in-depth knowledge and practical experience with essential security systems currently in use for government. Participants will start by understanding the mechanics of perimeter defenses before moving on to scanning and attacking their own networks, ensuring no real network is compromised. They will then explore how intruders escalate privileges and discover the steps necessary to secure a system. The curriculum also covers Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows, and Virus Creation.

Target Audience:

This course is designed to significantly benefit security officers, auditors, security professionals, site administrators, and anyone responsible for the integrity of network infrastructure in the public sector.

Format of the Course

• Interactive lecture and discussion sessions.
• Extensive exercises and practice opportunities.
• Hands-on implementation in a live-lab environment for government professionals.

Course Customization Options

• To request a customized training for this course, please contact Govtra to arrange.

Format of the Course

• Interactive lectures and discussions.
• Extensive exercises and practice sessions.
• Hands-on implementation in a live laboratory environment.

Course Customization Options

• To request a customized training for government, please contact us to arrange.