Instructor-led Training Course Catalog

Similar documents
SECURITY TRAINING SECURITY TRAINING

TRAINING CURRICULUM 2017 Q2

90% of data breaches are caused by software vulnerabilities.

Descriptions for CIS Classes (Fall 2017)

Application. Security. on line training. Academy. by Appsec Labs

Education Brochure. Education. Accelerate your path to business discovery. qlik.com

Secure Development Lifecycle

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Aws Certified Solutions Architect Associate Level

Practical Guide to Securing the SDLC

Cybersecurity Education Catalog

Aws Certified Solutions Architect Associate Level

Aws Certified Solutions Architect Aaaeuroe Associate Level

Security Communications and Awareness

Table of Contents Computer Based Training - Security Awareness - General Staff AWA 007 AWA 008 AWA 009 AWA 010 AWA 012 AWA 013 AWA 014 AWA 015

Security Communications and Awareness

itsm003 v.3.0 DxCERTS IT & NIST Cybersecurity Digital Transformation (Dx) Enterprise Training Curriculum

Taking Control of Your Application Security

CLOUD SECURITY SPECIALIST Certification. Cloud Security Specialist

MARCH Secure Software Development WHAT TO CONSIDER

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

"Charting the Course to Your Success!" Securing.Net Web Applications Lifecycle Course Summary

Department of Management Services REQUEST FOR INFORMATION

INFORMATION ASSURANCE DIRECTORATE

Cloud Capacity Specialist Certification

Training Program Catalog SECURITY INNOVATION

Cybersecurity. Securely enabling transformation and change

Incident Response Services

Security In A Box. Modular Security Services Offering - BFSI. A new concept to Security Services Delivery.

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

CyberVista Certify cybervista.net

Transformation in Technology Barbara Duck Chief Information Officer. Investor Day 2018

CONTAINERIZATION ARCHITECT Certification. Containerization Architect

VMworld 2018 Call for Papers

Certified Ethical Hacker V9

CLOUD GOVERNANCE SPECIALIST Certification

An ICS Whitepaper Choosing the Right Security Assessment

elearning Course Catalog

Students should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite:

itsm003 v.3.0 DxCERTS IT & NIST Cybersecurity Workforce Development Training Curriculum & Management Program

Brochure. Security. Fortify on Demand Dynamic Application Security Testing

Global Security Consulting Services, compliancy and risk asessment services

.NET JAVA C ASE. Certified. Certified. Application Security Engineer.

Security Awareness, Training and Education Catalog

VMworld 2015 Track Names and Descriptions

itsm003 v.3.0 NISTCSF.COM NICE Training Curriculum & Workforce Planning Program

Threat Modeling for System Builders and System Breakers!! Dan Copyright 2014 Denim Group - All Rights Reserved

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Internet Scanner 7.0 Service Pack 2 Frequently Asked Questions

Securing Your Digital Transformation

Run the business. Not the risks.

NCSF Foundation Certification

Experience Security, Risk, and Governance

Symantec Security Monitoring Services

IT Technician Pathways Course Guide

Security as Code: The Time is Now. Dave Shackleford Founder, Voodoo Security Sr. Instructor, SANS

Getting Started with AWS Security

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

NEXT GENERATION SECURITY OPERATIONS CENTER

Sage Data Security Services Directory

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Professional Services Overview

ebook ADVANCED LOAD BALANCING IN THE CLOUD 5 WAYS TO SIMPLIFY THE CHAOS

Introducing Cyber Observer

Introduction to Big Data

CYBER RESILIENCE & INCIDENT RESPONSE

Automated, Real-Time Risk Analysis & Remediation

VMworld 2015 Track Names and Descriptions

Providing a Rapid Response to Meltdown and Spectre for Hybrid IT. Industry: Computer Security and Operations Date: February 2018

Application Security Training Program

Better skilled workforce

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

SIEMLESS THREAT DETECTION FOR AWS

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

Vulnerability Management

Christopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud

itsm003 v.3.0 NISTCSF.COM Role-Based IT & NIST Cybersecurity Curriculum Solutions

Cyber Security Program

Aws Certified Solutions Architect Ustoreore

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015

AGILE AND CONTINUOUS THREAT MODELS

Advanced Security Tester Course Outline

Azure DevOps. Randy Pagels Intelligent Cloud Technical Specialist Great Lakes Region

Best Practices in Securing a Multicloud World

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

Awareness and training programs OPTUS MACQUARIE UNIVERSITY CYBER SECURITY HUB

Choosing the Right Security Assessment

CSWAE Certified Secure Web Application Engineer

Continuous protection to reduce risk and maintain production availability

Certified Ethical Hacker (CEH)

CISM - Certified Information Security Manager. Course Outline. CISM - Certified Information Security Manager.

Cloud Essentials for Architects using OpenStack

Continuously Discover and Eliminate Security Risk in Production Apps

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

IoT & SCADA Cyber Security Services

EUROPEAN ICT PROFESSIONAL ROLE PROFILES VERSION 2 CWA 16458:2018 LOGFILE

Development*Process*for*Secure* So2ware

MOBILIZE YOUR ENTERPRISE WITH TELERIK SOLUTIONS

Computer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers

Bachelor of Science in Business Administration - Information Systems and Technology Major

Transcription:

Instructor-led Training Course Catalog January 2018 800.873.8193 sig-info@synopsys.com synopsys.com/software

GENERAL DISCLAIMER This document presents details about the training offerings from Synopsys at the time of its creation. Synopsys has used reasonable efforts to ensure that the information provided in this document is accurate and up-to-date, but details and offerings are subject to change. This document contains confidential information about Synopsys and its businesses. Copies of this document may only be provided, and disclosure of the information contained in it may only be made, with written prior agreement from Synopsys. Ownership and Disposal The information contained in this document is owned by Synopsys. The recipient shall dispose of the data as confidential waste and/or return the document to Synopsys upon request. The Synopsys difference Synopsys offers the most comprehensive solution for building integrity security and quality into your SDLC and supply chain. We ve united leading testing technologies, automated analysis, and experts to create a robust portfolio of products and services. This portfolio enables companies to develop customized programs for detecting and remediating defects and vulnerabilities early in the development process, minimizing risk and maximizing productivity. Synopsys, a recognized leader in application security testing, is uniquely positioned to adapt and apply best practices to new technologies and trends such as IoT, DevOps, CI/CD, and the Cloud. We don t stop when the test is over. We offer onboarding and deployment assistance, targeted remediation guidance, and a variety of training solutions that empower you to optimize your investment. Whether you re just starting your journey or well on your way, our platform will help ensure the integrity of the applications that power your business. For more information go to www.synopsys.com/software. Synopsys, Inc. 185 Berry Street, Suite 6500 San Francisco, CA 94107 USA U.S. Sales: 800.873.8193 International Sales: +1 415.321.5237 Email: sig-info@synopsys.com 2

Introduction 4 Our Curriculum 4 Introductory Attack and Defense 6 OWASP Top 10 7 Principles of Software Security 8 Defending Defending 9 Defending Android Defending C# Defending C and C++ Defending HTML5 Defending Java Defending JavaScript Defending ios Defending PHP Defending Python and Django Securing Securing Web Services 10 Attacking Attacking Web Applications 11 Workshops AWS DevOps 12 Mobile Security 13 Red Teaming 14 Threat Modeling 15 3

INTRODUCTION Synopsys s instructor-led courses are developed and taught by experts at the forefront of the software security field. Our instructors are certified security professionals who have hands-on experience working directly with clients on their security challenges. Our curriculum includes training modules for professionals just starting out with software security as well as those who are looking to develop more advanced skills. Synopsys continuously develops its courses to accommodate the rapid changes in software security. OUR CURRICULUM Synopsys s curriculum is a series of complementary courses designed to meet your organization s needs. You can select the courses that best match your level of experience, your role, and the development platforms in your organization. Our courses are grouped into the following software security activities: 1. Introductory New to software security? Consider our Principles of Software Security or Attack and Defense course. 2. Defending Learn defensive programming skills in context, in specific languages targeted to specific development platforms, so you can defend against attacks in your code. 3. Securing Learn how to identify common vulnerabilities and essential strategies to secure your deployment and tech stack from external threats. 4. Attacking Use your knowledge to test your applications for security vulnerabilities. 5. Workshops Adding a new capability? Try our RedTeaming, AWS DevOps, Mobile Security, and Threat Modeling workshops. We can work with you to select a curriculum that is right for your organization. 4

In-Person or Virtual Your Choice If you choose traditional instructor-led training, our certified instructors will travel to the location of your choice. Our instructors are trained to engage your audience through group discussion and interactive hands-on labs designed to simulate real-world environments. On-site instructors can make course adjustments to better complement the needs, interests, and experience-level of your participants. If you have a distributed workforce, your participants can avoid travel and time away from the office using our Virtual Instructor-led Training (VILT). VILT is separated into shorter sessions to optimize participant engagement. VILT can be delivered over consecutive working days or on a weekly basis, depending on your team s preference. Virtual training is a cost-conscious alternative for supporting your employees professional development. Synopsys utilizes a number of training strategies to assist in participant engagement, including hands-on labs using our cloud-based VM solution, breakout groups, live demonstrations, white boarding, videos, polling, and real-time assessments. Instructor-led courses are held on your schedule in the format that works best for you. 5

Attack and Defense Introductory Building security in is about building software right the first time, and this course teaches students to do just that. Organized around a few major themes (e.g., data at rest, data in motion, input validation, output encoding), this course teaches some common use cases we want to support, and how to design and implement them securely. This course is not tied to any particular language or domain. Different use cases come from different contexts (e.g., web, embedded, thick client, mobile). Each is presented with its standard attacks and the standard solutions that defend against those attacks. Rather than follow industry-standard security taxonomies that categorize mistakes, this course is organized around common software user stories, and how to do them securely. Topics include proper use of encryption, and handling of data across module boundaries, validation and encoding, and authentication and authorization issues. At the end of this course, students will have the foundational knowledge to expand their software security and learn specific engineering techniques such as defensive programming, threat modeling, and penetration testing. Architect QA and Testing IS Security Team 6

OWASP Top 10 Introductory This course focuses on the most important security defects found in web applications, covering all issues in the latest Open Web Application Security Project (OWASP) Top 10. Each topic describes a vulnerability and provides practical guidance for remediation. This course also demonstrates some of these vulnerabilities and provides hands-on exercises where students learn the impact of these security issues can have on web applications. s with experience in any programming language can benefit from this course. Architect QA and Testing IS Security Team 7

Principles of Software Security Introductory The key to proactive computer security involves getting a risk management handle on the software security problem. This half-day course, created by the experts who literally wrote the book on software security, encompasses software security awareness and best practices for a general audience. Everyone involved in software production requires baseline knowledge of software security problems and risks, along with an overall understanding of approaches for producing better software. The virtual classroom course is available with two flavors to choose from: Vanilla explains common problems in software security and describes an approach to infusing software security into the development process through risk management, software security touchpoints, and historical knowledge of software security vulnerabilities. Requirements focuses on introducing important cost-saving software security requirements early in the software development life cycle. QA and Testing IS Security Team 4 hours 8

Defending Your Code Defending Our Defending course series provides a comprehensive overview of the security issues and common pitfalls affecting applications developed in the specific language or platform. Each course concentrates on areas related to defensive programming techniques and includes code analysis and remediation exercises. The course is also supported by several interactive demonstrations and hands-on lab exercises. Defending Android Defending C# available in ASP.NET or Desktop emphasis Defending C and C++ available also in a two-day option Defending HTML5 Defending Java available in EE or SE emphasis Defending JavaScript available in React or Angular emphasis Defending ios available in Objective C or SWIFT emphasis Defending PHP Defending Python with Django 9

Securing Web Services Securing The Securing Web Services course is intended for developers, engineers, and architects who work with backend web services APIs which may not necessarily have a User Interface (UI) or a UI component. This course examines web services concepts and then takes a deep dive into several web services technologies such as WS-Security, Security Assertion Markup Language (SAML), and OAuth. This course also covers risks inherent to web services and how to properly threat model web services. Web service security is examined from the perspective of the message, the channel, and the service itself. The lab component of this course allows students to gain an understanding of and practice with some of the real-world security issues inherent to web services. The lab is intentionally written with a programming language and framework that are popular but with which most developers are not familiar: Python and Flask. This allows students to focus on secure design and secure coding concepts without being too concerned with the implementation details of a particular language. Architect QA and Testing 10

Attacking Web Applications Attacking Web applications are ubiquitous and plentiful. In fact, the web is the de facto delivery mechanism for both consumer-grade and business-critical functionality these days. As such, the web is also the most common target for application-level attacks. This hands-on one-day course describes the goals, processes and risks with attacking web applications. It introduces students to the basics of web application architecture and web security testing including the OWASP Top 10 vulnerabilities. A portion of the course is dedicated to lab exercises where students are provided the opportunity to test for the most commonly occurring web based vulnerabilities. The course also discusses other aspects of security testing including risk rating of findings, communicating findings to different groups and creating test plans. QA and Testing IS Security Team 11

AWS DevOps Workshop Cloud computing has grabbed the world s attention not only for its pervasive, on-demand, convenient usage, but for its ability to be vulnerable to data breaches and novel forms of attack. Since most software uses the cloud in various shared capacities (development, hosting, or integration with third-party code), threats from hackers are inevitable. This hands-on workshop equips students to understand this new landscape of converged infrastructure and shared services, its existing and emerging threats, and provides them with secure mitigation methods. The AWS DevOps Workshop course is a deep dive into cross- discipline information and perspective among developers, operations, and information security personnel. The course enables students to identify areas for crosspollination between development and operations that enhance application, infrastructure, and network security. This course assumes the following baseline student knowledge: Conceptual familiarity with: Common AWS services: EC2, VPC, RDS, KMS, and IAM Docker Chef, or another infrastructure-as-code tool such as Puppet, SaltStack, or Ansible Operational familiarity with: Linux CLI environment Architect QA and Testing IS Security Team 12

Mobile Security Workshop This modular course can be delivered as a one-day or two-day training. The following topics are available: Mobile First AppSec: Mobile First AppSec (application security) describes what application security teams must consider when testing mobile applications. Overview of Mobile Platforms: This module provides an overview of the architecture and security controls in today s two most popular mobile operating systems: Google s Android and Apple s ios. Protecting Client-side Code: Attackers target mobile applications for many reasons. This module presents the techniques and tools for making reverse engineering and tampering with mobile applications more difficult, as well as the limitations of these techniques. Mobile Payments: This module explores the attack surfaces of mobile payment architectures, including NFC-based (Near Field Communication) wallets. It examines the design of the mobile payment clients and the backend applications, reviews the known attacks against these systems, and explores countermeasures against these attacks. Architect 16 hours (2 days) 13

Red Teaming Workshop Organizations are continually faced with growing and evolving threats against their digital assets and infrastructure. Red Teaming is a goal-based assessment approach which allows organizations to gain insight into how their security posture is when faced with a real threat. This hands-on course introduces students to the concepts of Red Teaming and how it is different than traditional vulnerability testing. The course will also include guidance for the organization on creating and maintaining their own internal Red Teams. Lastly, students in this course will be introduced to the physical, social, and electronic testing methods which can be utilized during Red Team engagements. Available in one-day or two-day options: The 1-day course can be customized to focus solely on the business aspects of the program, the technical aspects of testing, or a mix of both within the allotted time. The 2-day course is intended for practitioners and managers who are looking to begin a red teaming program within their company. Management IS Security Team 16 hours (2 days) 14

Threat Modeling Workshop Penetration testing and secure code review can uncover many types of security issues in an application; however, there are defects that simply cannot be found with these traditional analysis techniques. Discovering weaknesses in the design of a system is the specific goal of threat modeling. Organizations benefit from this software design analysis because you can perform it without code to discover potential vulnerabilities early in the development cycle. This course details Synopsys threat modeling process and methodologies to teach students how to identify the assets, security controls, and threat agents for a given system. The course goes on to show how this information can be used to create a list of attacks and propose appropriate mitigations. The course focuses on system threat models used to build a holistic view of the security posture of a system based on the application and its associated infrastructure. The course is also supported by multiple hands-on lab exercises that allow students to learn by actually going through the threat model process. Architect QA and Testing IS Security Team 15

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback