Certified Secure

Hands-On Trainings

During the Certified Secure hands-on trainings, the participants will work hands-on with various selected Certified Secure challenges. The Certified Secure instructor will provide the participants with expert guidance and extensive support for all the covered subjects. By experiencing security in a hands-on fashion, all the participants are able to develop their Hacker Mindset and applied cybersecurity skills.

Request quote

Basic

Hands-On Training

Training Duration
Maximum participants
8 hours
20 participants

During the basic training the participants will work hands-on with multiple security challenges and will complete both the Certified Secure Essential Security and Essential Specialties certifications. At the start of the training the Certified Secure instructor will provide the participants with relevant background information after which the participants will directly start to work hands-on with several SQL Injection and Path Traversal challenges. During the training, the Certified Secure instructor will provide expert knowledge and 1-on-1 guidance to all the participants.

The following subjects are covered in this training:

Hacker Mindset
Certified Secure Essential Security
Certified Secure Essential Specialties
Blackbox thinking and working
Finding and exploiting web application vulnerabilities
Selected SQL Injection and Path Traversal vulnerabilities

Intermediate

Hands-On Training

Training Duration
Maximum participants
8 hours
20 participants

The Certified Secure Intermediate Training is the logical next step after completing the basic training. This training introduces Cross-Site Scripting and network/server related vulnerabilities. All participants complete the Certified Secure Security Specialist certification.

All participants for the Certified Secure Intermediate training must have completed the Certified Secure Essential Security certification and have a score of at least 33% for the Certified Secure Essential Specialties certification.

The following subjects are covered in this training:

Hacker Mindset
Certified Secure Security Specialist
Same Origin Policy
Cross-Site Scripting vulnerabilities
Networking protocols (TCP/IP, HTTP, HTTPs)
Port, service and version scanning
Advanced SQL Injection and Path Traversal vulnerabilities
Finding and exploiting multiple web application and server vulnerabilities

Web/Server Security Specialist

Hands-On Training

Training Duration
Maximum participants
8 hours
20 participants

During the Web/Server Security Specialist training the participants will work hands-on and focus on finding and exploiting multiple intermediate web application and server vulnerabilities. All participants complete the Certified Secure Security Web Security Specialist and Server Security Specialist certifications. All participants for this training must have completed the Certified Secure Security Specialist certification.

The following subjects are covered in this training:

Hacker Mindset
Certified Secure Web Security Specialist
Certified Secure Server Security Specialist
Cross-Site Request Forgery (XSRF)
Client-side authentication vulnerabilities
Dynamic script uploading vulnerabilities
Default and predictable password vulnerabilities
Advanced port, service and version scanning
Finding and exploiting multiple web application and server vulnerabilities

Full Stack Security - The Salt Road

Hands-On Training

Training Duration
Maximum participants
16 hours
20 participants

In this intense full-stack security training the bug bounty program of the (fictitious) Salt Road online marketplace takes the center stage. The participants will work hands-on exposing multiple vulnerabilities in both the frontend (React), backend (Java Spring) mobile application (Android) and multiple Linux-based servers.

The training starts with a fun and relevant introduction where the Certified Secure instructor will discuss multiple recent vulnerabilities and high-impact cybersecurity incidents. After the introduction the participants will be in the right Hacker Mindset and will start hands-on with the first part of the Salt Road challenge.

The second day of the training focuses on further improving the Hacker Mindset of the participants. Using the Certified Secure LIVE training system all participants will be provided with real time access to an Android emulator and MiTM proxy, uncovering and experiencing realistic vulnerabilities in mobile applications.

This training covers both defense (mitigating the found vulnerabilities) and offense (finding and exploiting the vulnerabilities to the improve the Hacker Mindset of the participants). At the end of the training the lessons learned and best practices will be presented in the broader context of the Secure Development Lifecycle

The following subjects are covered in this training:

Frontend, backend and server/infrastructure security
Mobile Security (multiple hands-on iterations)
Intermediate (blind, stored, reflected) XSS vulnerabilities
Intermediate IDOR vulnerabilities
Intermediate RCE vulnerabilities
Intermediate server/infrastructure vulnerabilities
Information disclosure vulnerabilities
XML external entity vulnerabilities
Best practices (input validation, defense-in-depth, tooling etc.)

Chatty McChatFace

Hands-On Training

Training Duration
Maximum participants
8 hours
20 participants

The Secure Development Lifecycle (SDLC) and understanding, exploiting, mitigating and preventing XSS, XSRF and IDOR vulnerabilities take the center stage in the Chatty McChatFace training. The participants will work hands-on with the Chatty McChatFace challenge containing multiple iterations of selected vulnerabilities and possible mitigations. Working together with the Certified Secure instructor, the participants will gain an in-depth understanding of the presented vulnerabilities and the best method of mitigating and preventing these vulnerabilities.

For every vulnerability, Certified Secure will make available a “best practice” solution and overview of the common pitfalls. At the end of this module the Certified Secure instructor will discuss the presented material and the lessons learned in the broader context of the Secure Development Lifecycle.

The following subjects are covered in this training:

Intermediate Hacker Mindset
Hands-on XSS/XSRF/IDOR vulnerabilities (multiple iterations)
Preventing XSS/XSRF/IDOR vulnerabilities
Open-redirection and command injection vulnerabilities
Secure Development Lifecycle (SDLC)

Web Application Security Deep Dive

Hands-On Training

Training Duration
Maximum participants
8 hours
20 participants

The Web Application Security Deep Dive training takes the Hacker Mindset of the participants to the next level. The participants will work hands-on with multiple advanced Certified Secure challenges and will learn how to keep developing their Hacker Mindset. This training surpasses the “standard” vulnerabilities and introduces multiple new vulnerabilities and techniques.

The following subjects are covered in the Web Application Security Deep Dive training:

Advanced Hacker Mindset
Logic and state transition vulnerabilities
TOCTOU (Time-Of-Check-Time-Of-Use) vulnerabilities
Type Confusion vulnerabilities
MongoDB injection vulnerabilities
CSP bypass vulnerabilities
Selected Certified Secure advanced challenges

K8S Internal Network Security

Hands-On Training

Training Duration
Maximum participants
8 hours
20 participants

The Kubernetes and Internal Network Security training focusses on the security of the internal network. What happens once a frontend server is compromised? What risks are introduced or mitigated by using Kubernetes? The participants will work hands-on with a vulnerable K8S cluster and discover the answers to these questions.

The Certified Secure Kubernetes Internal Network Security training is suited for technical participants with an interest in infrastructure cybersecurity. All participants need to be comfortable on the Linux Command Line Interface (CLI).

The following subjects are covered in this training:

Internal network security (generic)
Kubernetes design and security
Docker / Docker Registry security
Microservice security
Elasticsearch security
Container / Isolation security

Modern Infrastructure Security

Hands-On Training

Training Duration
Maximum participants
8 hours
20 participants

The Modern Infrastructure Security training is based on a fully virtualized environment consisting of several virtualized machines, realistically emulating a medium-sized network. The Certified Secure “AMS” challenge takes the center stage in this training.

The participants will work hands-on and focus on finding vulnerabilities within the virtualized network. Multiple vulnerabilities in Puppet (configured management), Jenkins (automation) and Docker (containers) are included in this training. During the training the Certified Secure instructor will discuss all the relevant common pitfalls and best practices.

After completing this training, the participants will have a profound understanding of the importance of infrastructure security and the pros and cons of virtualization and docker containers, configuration management and automation.

The Certified Secure Modern Infrastructure Security training is suited for technical participants with an interest in infrastructure cybersecurity. All participants need to be comfortable on the Linux Command Line Interface (CLI).

The following subjects are covered in this training:

Infrastructure security (generic)
Backup security (Duplicity)
Automation security (Jenkins)
Configuration management security (Puppet)
Virtualization and Docker security
Network segmentation and firewalling

Wireless Security Bootcamp

Hands-On Training

Training Duration
Maximum participants
8 hours
20 participants

The Wireless Security Bootcamp training provides the participants with a fun and relevant introduction in the world of wireless security and network traffic analysis. The participants will work hands-on with an engaging multi-stage challenge where they are tasked with breaching the security of a building by analyzing the network traffic that can be found inside this building. After analyzing all the network traffic, the participants will gain access to a secure server room inside the building and will obtain the root password of a backup server.

The following subjects are covered in this training:

Wireless security (generic)
Wireless network analysis (Wireshark)
Wireless authentication and encryption (WPA, WPA2, WEP, WPA-PS)
Active attacks against wireless networks
Passive interception risks
Wireless cryptography
Wireless forensics

Case Study - Botnet Takedown

Hands-On Training

Training Duration
Maximum participants
8 hours
20 participants

The Botnet Takedown training is based on (IoT) malware that is being used to perform a DDoS attack. Working hands-on and together with their Certified Secure instructor the participants will analyze multiple network-based tracks and will uncover the owner of the DDoS botnet.

After completing the Certified Secure Botnet Takedown training all the participants will have decent understanding of networking and DDoS attacks and will be able to perform basic network analysis tasks.

The following subjects are covered in this training:

DDoS techniques – generic
Introduction IPv4/IPv6
Introduction botnets
Network analysis (Wireshark)
Netflow analysis (log files)
Memory analysis
Secure Sockets Layer (SSL)

Case Study - Fake Webshop

Hands-On Training

Training Duration
Maximum participants
8 hours
20 participants

During the Fake Webshop training the participants will work hands-on and analyze a “Fake Webshop” By analyzing several log files, network traffic tracks and publicly available resources the participants will uncover the owner of the Fake Webshop.

The following subjects are covered in this training:

Tactical thinking and teamwork
Setup and analysis of web shops
Internet based research (basics)
Log file analysis
Database workings and analysis
HTTP/HTTPs tracks
Registrars and domain registrations

More Information

Thanks for your interest in our Certified Secure LIVE trainings! Complete the form displayed below and we will contact you as soon as possible. We are also directly reachable at +31 70 3101340 or via email at info@certifiedsecure.com. Our privacy statement is applicable to this form.