Preview Image Limes Academy Awareness Training SEC321

SEC.321 Security Testing Foundation

The Security Testing Foundation training teaches the basic concepts of security testing. A structured procedure is presented along with how security tests for an application can be organized. Subsequently, cross-site scripting and SQL injection attacks will be discussed with a focus on web applications. Their anatomy will be explained and practiced using real-world examples. During the training, well-known hacking tools will be used again and again to give the participants a tangible picture of reality. Finally, tools are presented with which automated security scans can be carried out and we discuss how to deal with their results.

There are currently no public dates available

If you are interested in this training, we can run it as an In-house training course for your company at any time. Simply send us an inquiry using our form.

Request in-house training

Category: Tags: , ,

Description

Duration

2 Tage

Costs/participants
€ 1.620,- zzgl. VAT
Minimum number of participants
8 persons
Prerequisite

Experience in web technologies

What you can expect from
SEC.321 Security Testing Foundation

Targeted development of expertise for secure (I)IoT products

You will learn how to avoid vulnerabilities early on—through solid security knowledge and clear “dos and don’ts” for development and project work.

Practical learning with real attack scenarios

Our experienced trainers demonstrate how attackers operate—and which protective measures really work in practice. Theory and hands-on exercises are seamlessly integrated.

Customizable for your product range

The training can be tailored to your technologies, challenges, and issues—for maximum benefit in your business context.

What you will learn during this training course

The training can also be provided with a focus on security testing for embedded devices.

The web topics are then replaced by relevant security testing topics from firmware, hardware and system hardening, as well as content for testing proprietary protocols and interfaces.

Day 1

Introduction

  • Guidelines and standards
  • Threat modeling
  • Definition of scope and test cases
  • Preparation of the testing environment

Security testing for cryptography

  • Encryption
  • Hashes
  • Digital signatures
  • TLS

Security testing for web applications

  • OWASP Top 10 and OWASP ASVS
  • Testing with Burp Suite
  • Other tools for web application testing

Security testing for mobile applications

  • Exposed components
  • Locally stored data

Day 2

Security testing for authentication

  • Bypassing authentication schemes
  • Brute-forcing attacks
  • Directory traversal attacks
  • Privilege escalation

Security testing of propriety interfaces and protocols

  • Fuzzing
  • Analysis and testing tools

Security testing for system hardening

  • Hardening system
  • Discovery tools
  • Automatic vulnerability scans
  • Configuration testing

Collection and processing of results

  • What information is important?
  • Vulnerability management

After the training, participants will:

  • understand how attacks work and begin to think like an attacker.
  • master the use of automated testing tools in order to efficiently cover recurring test cases.
  • be able to document identified vulnerabilities in a meaningful way to simplify traceability and retesting.

What others say

Varied training and clearly presented. Pleasant atmosphere and helpful documents.

Awareness & Compliance Training

Relaxed atmosphere in the seminar and high competence of the trainers. Participants were well involved, which led to active discussions. The hands-on exercises worked smoothly and were well described. I will recommend Limes to others.

OT-Security Training

Topic was mega interesting and very informative. The presentation, overview, outline, lecture and speaker were very good and gave me a lot of insight into the topic. Clear delimitation of the topics and not focused on everything.

Product Security Training

Great presentation and speaker who conveyed the topic in a way that was easy to understand. The connection between MR/NIS2/CRA/IEC62443 is now clear to me. For me the walk through of IEC62443 was helpful so I don't have to read it myself but know which bullet points to look at. Good time management.

Product Security Training

The practical part included helpful case studies. Pleasant lecture style, good for following and listening as well as collaborating.

Awareness & Compliance Training

Sympathetic trainers who were helpful with questions, explained a lot using practical examples and gave pleasant explanations.

OT-Security Training

Overview of security requirements according to IEC 62443 was informative and the list of tools to find vulnerabilities in products with Ethernet interfaces was helpful. Good presentation of the topics and many questions were answered quickly.

Product Security Training
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client
client

Is your company or product
protected against hacker attacks?

With our penetration tests, we help you to identify vulnerabilities in your IT and OT environment and develop appropriate countermeasures.

Get to know our
trainers

Kerstin Reisinger

Kerstin Reisinger

is an Offensive Security Certified Professional and trainer for Industrial Security. As a long-standing, experienced project manager in complex OT security projects, she supports industrial companies and energy suppliers with a great deal of technical knowledge. She likes to incorporate this experience into her classes as war stories.

Sixtus Leonhardsberger

Sixtus Leonhardsberger

is an OT Security Specialist with a focus on penetration testing of OT environments and embedded devices/IoT devices. In addition to his passion for technical OT security topics, he also shares his experience from consulting projects on securing networks and architectures with the training participants.

Related products

  • Preview image Limes Academy Awareness Training SEC331
    Select options This product has multiple variants. The options may be chosen on the product page Quick View

    SEC.331 Secure Embedded & (I)IoT-Products Secure Embedded & (I)IoT-Products

     2.350,00
  • preview image Limes Academy Awareness Training ICS223
    Read more Quick View

    ICS.223 IEC 62443 Fundamentals, Concepts and Usage

  • vorschaubild zum Limes Academy Awareness Training SEC312
    Select options This product has multiple variants. The options may be chosen on the product page Quick View

    SEC.312 Cyber Resilience Act (CRA) for manufacturers of machinery and equipment

     940,00
  • vorschaubild zum Limes Academy Awareness Training SEC311
    Select options This product has multiple variants. The options may be chosen on the product page Quick View

    SEC.311 Secure Development Process for OT and (I)IoT

     2.025,00
Share