Description
3 days
€ 2.350,- zzgl. VAT
8 persons
No prior knowledge necessary
What you can expect from
SEC.331 Secure Embedded & (I)IoT-Products
Targeted development of expertise for secure (I)IoT products
You will learn how to avoid vulnerabilities early on—through solid security knowledge and clear “dos and don’ts” for development and project work.
Practical learning with real attack scenarios
Our experienced trainers demonstrate how attackers operate—and which protective measures really work in practice. Theory and hands-on exercises are seamlessly integrated.
Customizable for your product range
The training can be tailored to your technologies, challenges, and issues—for maximum benefit in your business context.
You are on the search for an individual In-house training for your team?
Take your OT security know-how to the next level.
What you will learn during this training course
Day 1 (Requirements)
Regulations and standards
- Regulations (NIS, CRA, RED, MR)
- IEC 62443
Security fundamentals
- Security management
- Roles, responsibilities and expertise
- Integrity protection (code signing)
- Supplier management (SBOM)
- Vulnerability monitoring (CVSS, CVE)
Threat Modeling
- Safety vs. security
- Threat modeling methodology
Day 2 (Design)
Secure by design
- Best practices
- Defense in depth, least privilege, least functionality, secure patterns, secure by default,…
- System hardening (Linux, Windows, RTOS …)
Security technologies
- Security components (TPM, Secure Element, SOC Features)
- Chain of trust (secure boot)
- Secure storage
- Secure interfaces and update
- Virtualization
- Audit/Logging
- Secure communication and protocols
Day 3 (Implementation & Verification)
Secure implementation
- Coding standards
- Reviews
Hardware security
Security testing
- Fuzzing
- Code analysis tools
- Binary analysis
After the training, participants will:
- Understand the need for “secure product development”
- understand and comprehend the basics of security (e.g. cryptography, secure design practices)
- know and be able to select relevant security components/modules for the system architecture (TPM, Secure Boot, Secure Storage,…)
- Know test tools and be able to use them in the development process
What others say
More than just training: your journey to secure product development starts here.
Find out how Limes Security can support you not only with training, but also with customized consulting, workshops and standards-compliant support for the secure development of your products.
Get to know our
trainers
Peter Panholzer
is veteran of the first hour for industrial security and secure software development. He is a certified ISO 27001 auditor, member of the OVE working group on IEC 62443, hacker and for over ten years trainer for secure coding. He loves to give the participants tricky tasks and to assist them with the right security tips.
Florian Gerstmayer
worked for several years as a project manager and embedded software developer, where he designed and implemented secure products. Thus, he knows from personal experience which topics need to be addressed in the management of systems, as well as implemented as a developer in a holistic concept, and is happy to pass this on to others.
