A hands-on, totally ‘gamified’, 2-day industrial training for software engineers who would like to up their security skills

Breaches or leaks happen on a daily basis. The most recent example is the Bulgarian tax hacking. An entire nation’s financial information was leaked. However most of these breaches are not the result of supernatural skillset possessed by hackers. It’s the result of a stupid problem, namely security bugs. Rather than being annoying, these special sort of bugs allow attackers gain unauthorized access to a computer system.

Software security is a continuous process. It is not a one-off exercise. It’s a cat and mouse game that requires a constant skillset improvement. We strongly believe that the cybersecurity game becomes easier to play once you have acquired a certain level of skillsets. We offer a 2-day training to help you achieve the first milestone.

What will you and your firm get

  • General awareness on security vulnerabilities and their potential impact.
  • In-breadth knowledge of the most critical web application security risks.
  • Basic penetration testing skills.
  • Essential skillset to permanently monitor your software systems for hacking attempts.

Part 1: Security Vulnerabilities and Countermeasures

In the first part of the course we will look into the most common web application vulnerabilities. We will cover some essential theoretical concepts first. After that we will deep-dive into cross-site scripting, injections, session management, cross-site request forgery, etc. All the theory is backed by hands-on exercises.

Part 2: Web Application Firewalls

In the second part of the course we will look into web-application firewalls (WAF). A WAF allows us to monitor for attacks, intercept and potentially strike back. Note that attacking the attackers might be illegal depending on your country’s legislation.

Part 3: The Street Fight

Battle of hackers

Part 3 means fooling around time is over. The participants will face each other in a realistic hacking scenario. Every participant will get an image of a vulnerable web application. Our in-house Codific Scoring Engine will launch a set of attacks against the application. The participants will need to figure out the attack specifics. For every successful attack the participants will lose defence points. Hence they should come up with defences for the attacks. Defences may not interfere with the proper functionality of the application. The purpose of the game is to come up with correct defences as quickly as possible. Participants will need to make sure that downtime remains minimal and existing functionality is not affected.

Part 3 is what is a modified version of an attack/defence type Capture The Flag event.

Part 4: The Tools

Hacking is largely an automation game. So in this part we will look into one of the most widely used tools, namely Burp. You can use Burp to automatically scan for potential threats. As a result you will be able to find potential problems in your web application faster.

Part 5: The Ultimate Epic Battle

The final part is a full-scale jeopardy-style Capture The Flag event. Participants will have to find as many vulnerabilities as possible in a web application. In addition to knowledge and skills, participants can win special prizes.

Contact us for a quote and the event organization at your own premises.