Certified Secure

Hands-On Trainings

During the Certified Secure hands-on trainings, the participants will work hands-on with various selected Certified Secure challenges. The Certified Secure instructor will provide the participants with expert guidance and extensive support for all the covered subjects. By experiencing security in a hands-on fashion, all the participants are able to develop their Hacker Mindset and applied cybersecurity skills.

Request quote

Basic

Hands-On Training

Training Duration
Maximum participants
8 hours
20 participants

During the basic training the participants will work hands-on with multiple security challenges and will complete both the Certified Secure Essential Security and Essential Specialties certifications. At the start of the training the Certified Secure instructor will provide the participants with relevant background information after which the participants will directly start to work hands-on with several SQL Injection and Path Traversal challenges. During the training, the Certified Secure instructor will provide expert knowledge and 1-on-1 guidance to all the participants.

The following subjects are covered in this training:

Hacker Mindset
Certified Secure Essential Security
Certified Secure Essential Specialties
Blackbox thinking and working
Finding and exploiting web application vulnerabilities
Selected SQL Injection and Path Traversal vulnerabilities

Intermediate

Hands-On Training

Training Duration
Maximum participants
8 hours
20 participants

The Certified Secure Intermediate Training is the logical next step after completing the basic training. This training introduces Cross-Site Scripting and network/server related vulnerabilities. All participants complete the Certified Secure Security Specialist certification.

All participants for the Certified Secure Intermediate training must have completed the Certified Secure Essential Security certification and have a score of at least 33% for the Certified Secure Essential Specialties certification.

The following subjects are covered in this training:

Hacker Mindset
Certified Secure Security Specialist
Same Origin Policy
Cross-Site Scripting vulnerabilities
Networking protocols (TCP/IP, HTTP, HTTPs)
Port, service and version scanning
Advanced SQL Injection and Path Traversal vulnerabilities
Finding and exploiting multiple web application and server vulnerabilities

Web/Server Security Specialist

Hands-On Training

Training Duration
Maximum participants
8 hours
20 participants

During the Web/Server Security Specialist training the participants will work hands-on and focus on finding and exploiting multiple intermediate web application and server vulnerabilities. All participants complete the Certified Secure Security Web Security Specialist and Server Security Specialist certifications. All participants for this training must have completed the Certified Secure Security Specialist certification.

The following subjects are covered in this training:

Hacker Mindset
Certified Secure Web Security Specialist
Certified Secure Server Security Specialist
Cross-Site Request Forgery (XSRF)
Client-side authentication vulnerabilities
Dynamic script uploading vulnerabilities
Default and predictable password vulnerabilities
Advanced port, service and version scanning
Finding and exploiting multiple web application and server vulnerabilities

Full Stack Security - The Salt Road

Hands-On Training

Training Duration
Maximum participants
16 hours
20 participants

In this intense full-stack security training the bug bounty program of the (fictitious) Salt Road online marketplace takes the center stage. The participants will work hands-on exposing multiple vulnerabilities in both the frontend (React), backend (Java Spring) mobile application (Android) and multiple Linux-based servers.

The training starts with a fun and relevant introduction where the Certified Secure instructor will discuss multiple recent vulnerabilities and high-impact cybersecurity incidents. After the introduction the participants will be in the right Hacker Mindset and will start hands-on with the first part of the Salt Road challenge.

The second day of the training focuses on further improving the Hacker Mindset of the participants. Using the Certified Secure LIVE training system all participants will be provided with real time access to an Android emulator and MiTM proxy, uncovering and experiencing realistic vulnerabilities in mobile applications.

This training covers both defense (mitigating the found vulnerabilities) and offense (finding and exploiting the vulnerabilities to the improve the Hacker Mindset of the participants). At the end of the training the lessons learned and best practices will be presented in the broader context of the Secure Development Lifecycle

The following subjects are covered in this training:

Frontend, backend and server/infrastructure security
Mobile Security (multiple hands-on iterations)
Intermediate (blind, stored, reflected) XSS vulnerabilities
Intermediate IDOR vulnerabilities
Intermediate RCE vulnerabilities
Intermediate server/infrastructure vulnerabilities
Information disclosure vulnerabilities
XML external entity vulnerabilities
Best practices (input validation, defense-in-depth, tooling etc.)

Full Stack Security - Salt Recovery

Hands-On Training

Training Duration
Maximum participants
16 hours
20 participants

In this 2 day full-stack security training the Certified Secure Salt Road Recovery cybersecurity challenges take the center stage. During the training the participants will be working hands-on; finding, patching and exploiting multiple frontend, backend and infrastructure vulnerabilities. The main focus of this security training is to (further) improve the Hacker Mindset of the participants, enabling them to rapidly increase the overall security and cyber resilience of the products they are working on.

The training starts with a quick-paced and engaging introduction where the Certified Secure instructor will discuss and demonstrate a state-of-the-art vulnerability commonly found in cloud-based deployments, for example in deployments using the Google Cloud Platform. After the introduction, the Hacker Mindset of the participants will have received a kick-start and the first day of hands-on training will begin.

During the first day of the training the participants will be confronted with a large full-stack web-application. The participants will work hands-on to identify and exploit multiple vulnerabilities covering a broad spectrum of different technologies. Working together with the Certified Secure instructor, the participants will gain an in-depth understanding of the presented vulnerabilities and the best method of mitigating and preventing these vulnerabilities in their own products.

The second day of the training focuses on vulnerabilities in the (kubernetes and cloud based) infrastructure of the full-stack web-application. The participants will join a (fictional) “Red Team” and will work hands-on combining both analytical security skills, offensive security skills (identifying and exploiting infrastructure vulnerabilities), mobile security skills (reverse engineering) and defensive security skills (detecting, patching and mitigating the found vulnerabilities).

During the training the Certified Secure instructor will discuss the various vulnerabilities in the context of the Secure Development Lifecycle (SDLC/SPLC) and will highlight the importance and benefits of secure development, security testing, systems hardening and the Hacker Mindset.

Extra time will be allocated to give the participants hands-on guidance on how to integrate best-practices, security checklists and security tooling during their day-to-day work. By combining vulnerabilities and technologies relevant for sysops, development and testing teams in a single effective training, this full stack security training is an excellent match for all of your teams.

Applied Hacker Mindset
Modern web-application vulnerabilities
Modern infrastructure vulnerabilities
Cloud, Docker and Kubernetes vulnerabilities
Single Sign-On (oAuth2) vulnerabilities
JSON Web Token (JWT) vulnerabilities
Cross Site Scripting vulnerabilities
Cross Site Request Forgery vulnerabilities
GraphQL injection vulnerabilities
Command injection vulnerabilities
Metadata service vulnerabilities (cloud)
Effective input validation strategies
Authentication and authorization vulnerabilities
Google Kubernetes Engine (GKE) security

Full Stack Security - Solar Support

Hands-On Training

Training Duration
Maximum participants
16 hours
20 participants

The brand-new Certified Secure “Solar Support” challenge takes the center stage in this full stack security training. During this (2.0 days) hands-on security training the participants will be tasked with protecting the security of the customers of the (fictional) “Solar Support” space transportation and services company.

Working hands-on from a state-of-the-art mission control center, the participants will be confronted with a multitude of real-world security incidents, ranging from compromised supply chains, vulnerable backend- and frontend code, vulnerable microservices and mobile applications to insecure cloud deployments and compromised CI/CD pipelines.

With 1-on-1 expert guidance from dedicated Certified Secure instructors, the participants will take a deep-dive into the source-code, infrastructure and tooling of Solar Support and her customers, uncovering the root-cause vulnerabilities of the various incidents. The participants will gain a profound and in-depth understanding of all the presented vulnerabilities and will be provided with expert guidance on the best method of mitigating and preventing these vulnerabilities in their own projects.

By incorporating real-world incidents and vulnerabilities in a fun and realistic scenario, this Certified Secure full stack security training provides a highly-effective method to extend and improve the cybersecurity skills and Hacker Mindset of all of your development, sysops, devops and testing (QA) teams world-wide.

Applied hacker mindset
Modern web-application vulnerabilities
Modern infrastructure vulnerabilities
Introduction Threat modelling
Effective Security Tooling
CI/CD pipeline vulnerabilities
Disclosure of sensitive information vulnerabilities
Vulnerabilities in 3rd party components
Path Traversal vulnerabilities
Insecure Direct Object Reference (IDOR) vulnerabilities
State Management Vulnerabilities
Cross Site Request Forgery vulnerabilities
Cross Site Scripting Vulnerabilities
Security misconfiguration vulnerabilities
Mobile and client-side security (generic)
Single Sign-On vulnerabilities
Supply chain attacks
Dependency and Patch management
Docker and Kubernetes vulnerabilities

Chatty McChatFace

Hands-On Training

Training Duration
Maximum participants
8 hours
20 participants

The Secure Development Lifecycle (SDLC) and understanding, exploiting, mitigating and preventing XSS, XSRF and IDOR vulnerabilities take the center stage in the Chatty McChatFace training. The participants will work hands-on with the Chatty McChatFace challenge containing multiple iterations of selected vulnerabilities and possible mitigations. Working together with the Certified Secure instructor, the participants will gain an in-depth understanding of the presented vulnerabilities and the best method of mitigating and preventing these vulnerabilities.

For every vulnerability, Certified Secure will make available a “best practice” solution and overview of the common pitfalls. At the end of this module the Certified Secure instructor will discuss the presented material and the lessons learned in the broader context of the Secure Development Lifecycle.

The following subjects are covered in this training:

Intermediate Hacker Mindset
Hands-on XSS/XSRF/IDOR vulnerabilities (multiple iterations)
Preventing XSS/XSRF/IDOR vulnerabilities
Open-redirection and command injection vulnerabilities
Secure Development Lifecycle (SDLC)

Web Application Security Deep Dive

Hands-On Training

Training Duration
Maximum participants
8 hours
20 participants

The Web Application Security Deep Dive training takes the Hacker Mindset of the participants to the next level. The participants will work hands-on with multiple advanced Certified Secure challenges and will learn how to keep developing their Hacker Mindset. This training surpasses the “standard” vulnerabilities and introduces multiple new vulnerabilities and techniques.

The following subjects are covered in the Web Application Security Deep Dive training:

Advanced Hacker Mindset
Logic and state transition vulnerabilities
TOCTOU (Time-Of-Check-Time-Of-Use) vulnerabilities
Type Confusion vulnerabilities
MongoDB injection vulnerabilities
CSP bypass vulnerabilities
Selected Certified Secure advanced challenges

K8S Internal Network Security

Hands-On Training

Training Duration
Maximum participants
8 hours
20 participants

The Kubernetes and Internal Network Security training focusses on the security of the internal network. What happens once a frontend server is compromised? What risks are introduced or mitigated by using Kubernetes? The participants will work hands-on with a vulnerable K8S cluster and discover the answers to these questions.

The Certified Secure Kubernetes Internal Network Security training is suited for technical participants with an interest in infrastructure cybersecurity. All participants need to be comfortable on the Linux Command Line Interface (CLI).

The following subjects are covered in this training:

Internal network security (generic)
Kubernetes design and security
Docker / Docker Registry security
Microservice security
Elasticsearch security
Container / Isolation security

Wireless Security Bootcamp

Hands-On Training

Training Duration
Maximum participants
8 hours
20 participants

The Wireless Security Bootcamp training provides the participants with a fun and relevant introduction in the world of wireless security and network traffic analysis. The participants will work hands-on with an engaging multi-stage challenge where they are tasked with breaching the security of a building by analyzing the network traffic that can be found inside this building. After analyzing all the network traffic, the participants will gain access to a secure server room inside the building and will obtain the root password of a backup server.

The following subjects are covered in this training:

Wireless security (generic)
Wireless network analysis (Wireshark)
Wireless authentication and encryption (WPA, WPA2, WEP, WPA-PS)
Active attacks against wireless networks
Passive interception risks
Wireless cryptography
Wireless forensics

Case Study - Botnet Takedown

Hands-On Training

Training Duration
Maximum participants
8 hours
20 participants

The Botnet Takedown training is based on (IoT) malware that is being used to perform a DDoS attack. Working hands-on and together with their Certified Secure instructor the participants will analyze multiple network-based tracks and will uncover the owner of the DDoS botnet.

After completing the Certified Secure Botnet Takedown training all the participants will have decent understanding of networking and DDoS attacks and will be able to perform basic network analysis tasks.

The following subjects are covered in this training:

DDoS techniques – generic
Introduction IPv4/IPv6
Introduction botnets
Network analysis (Wireshark)
Netflow analysis (log files)
Memory analysis
Secure Sockets Layer (SSL)

More Information

Thanks for your interest in our Certified Secure LIVE trainings! Complete the form displayed below and we will contact you as soon as possible. We are also directly reachable at +31 70 3101340 or via email at info@certifiedsecure.com. Our privacy statement is applicable to this form.