Limes Academy

The training course „ICS.201 OT Security Fundamentals“ is the perfect introduction to the topic of OT security. The course creates common understanding of OT security and provides guidance on how to work with it. Real incidents, practical knowledge from OT projects as well as case studies and findings from OT security assessments are used to teach participants how to understand and question the current security status of their OT environment.

The training „ICS.212 Certified OT Security Manager (COSM)“ provides those responsible for operations, project and production managers and decision-makers in general with the knowledge they need to implement security in industrial operations. Participants learn all necessary skills to recognize dangers early on, to increase the security level and to lastingly avoid security vulnerabilities. While organizational topics and process management are the main focus of this training, technical influencing factors are also discussed to better prepare the participants for future security decisions.

The training „ICS.221 Assessing OT“ provides participants with the basics to be able to professionally conduct security tests in industrial plants. Which tools should be used for which application? Which test cases are intrusi-ve and therefore less suitable for OT? What information is relevant in the context of an OT security audit? In this course, participants benefit in particular from the Limes Security experts’ many years of experience in conducting security assessments in an industrial environment.

In this mix of interactive workshop and classic training, participants are taught the most important terms and fundamental concepts of the 62443 series of standards. In group discussions and question rounds, the individual needs of the participants can be directly addressed. The experts from Limes Security also bring practical experience from years of applying the various parts of the standards in different industries, which difficulties and discussions repeatedly arise, and which approaches enable successful handling of the different standards. Concepts such as Zones & Conduits or Security Levels are also deepened in practical exercises.

The training „Secure Coding Web“ covers security concepts for the web, such as Transport Layer Security (TLS) and cross-origin resource sharing (CORS). It explains how session management can be securely implemented. It then details the anatomy of the most common web attacks, such as cross-site scripting, cross-site request forgery, and SQL injection, and discusses how to avoid them. In addition, more complex web attacks such as web cache poisoning, web socket injection attacks und attack on authentication frameworks like OpenID and OAuth2 are explained.Finally, best practices are explained to improve code quality through code reviews, and how to implement a secure software development process in your organization in general. Practical exercises in the different topics will be conducted for better understanding.

If you do not want to leave security and thus the quality of your products to chance, you must take a proactive approach. Only by integrating security into the development processes and by building an organization that knows how to deal professionally with security issues can high-quality products be created that meet market requirements. The training „Secure Product Development with IEC-62443-4-1“ teaches participants how security can be integrated into product development with the help of the IEC-62443-4-1 standard in order to make products lastingly secure.

The Security Testing Foundation training teaches the basic concepts of security testing. A structured proce-dure is presented along with how security tests for an application can be organized. Subsequently, cross-site scripting and SQL injection attacks will be discussed with a focus on web applications. Their anatomy will be explained and practiced using real-world examples. During the training, well-known hacking tools will be used again and again to give the participants a tangible picture of reality. Finally, tools are presented with which automated security scans can be carried out and we discuss how to deal with their results.

The IT security awareness training serves as a basis for every employee in the company to impart a basic understanding for security or to refresh pre-existing security knowledge. Training content can be individually tailored to the company (e.g. Incidents from the industry, standards and regulations that apply to the industry, hacking demos from the industry, internal company content such as own policies, links to own wikis and documents, listing internal company persons as security contacts, etc.).

In Zero Downtime, the cyber security simulation game, you become the defender of your corporate assets. Several teams compete against each other and learn playfully to simulate reality. The simulation game is based on a serious thought: The participants learn about current IT threat scenarios and adequate se-curity concepts as countermeasures at the forefront. Through the direct involvement of each individual, the learning content is firmly and sustainably anchored; at the same time teamwork is essential. In the end, the company that has best mastered the challenges is declared the winner. The simulation game is mode-rated by a Limes Security expert and the results are summarized briefly after each round. The participants play in groups online, or at a table with a game board in combination with a tablet. No special previous knowledge is required to participate, and the simula-tion game is also suitable for beginners.