Training & Workshops
Request Info
Learn. Implement. Protect.
Learn. Implement. Protect.
CERTIFIED PROGRAMS
The EC-Council CCISO Body of Knowledge covers all five the CCISO Information Security Management Domains in depth and was written by seasoned CISOs for current and aspiring CISOs. Domain 1 covers the Policy, Legal, and Compliance aspects of Governance. Domain 2 delves into the all-important topic of audit management from the CISO’s perspective and also covers IS controls. Domain 3 covers the Role of the CISO from a Project and Operations Management perspective. Domain 4 summarizes the technical aspects that CISOs manage in their day-to-day jobs, but from an executive standpoint. Domain 5 is all about Strategic Planning and Finance – crucial areas for C-Level executives to understand in order to succeed and drive information security throughout their organizations.
Underground Hacking tools:
The hacking tools and techniques in each of these five phases are provided in detail in an encyclopedic approach to help you identify when an attack has been used against your own targets. By using the same techniques as the bad guys, you can assess the security posture of an organization with the same approach these malicious hackers use, identify weaknesses and fix the problems before they are identified by the enemy, causing what could potentially be a catastrophic damage to your respective organization. We live in an age where attacks are all susceptible and come from anyplace at any time and we never know how skilled, well-funded, or persistent the threat will be. Throughout the CEH course, you will be immersed in a hacker’s mindset, evaluating not just logical, but physical security. Exploring every possible point of entry to find the weakest link in an organization. From the end user, the secretary, the CEO, mis-configurations, vulnerable times during migrations even information left in the dumpster.
Network administrators spends a lot of time with network environments, and are familiar with network components, traffic, performance and utilization, network topology, location of each system, security policy, etc.
Organizations can be much better in defending themselves from vicious attacks if the IT and network administrators equipped with adequate network security skills .Thus Network administrator can play a significant role in network defense and become first line of defense for any organizations.
Certified Network Defender (CND ) is a vendor-neutral, hands-on, instructor-led comprehensive network security certification training program. It is a skills-based, lab intensive program based on a job-task analysis and cyber security education framework presented by the National Initiative of Cyber security Education (NICE). The course has also been mapped to global job roles and responsibilities and the Department of Defense (DoD) job roles for system/network administrators. The course is designed and developed after extensive market research and surveys.
The program prepares network administrators on network security technologies and operations to attain Defense-in-Depth network security preparedness. It covers the protect, detect and respond approach to network security. The course contains hands-on labs, based on major network security tools and techniques which will provide network administrators real world expertise on current network security technologies and operations.
Course Description:
The ECSP.Net course will be invaluable to software developers and programmers alike to code and develop highly secure applications and web applications. This is done throughout the software life cycle that involves designing, implementing, and deployment of applications. .Net is widely used by organizations as a leading framework to build web applications. ECSP.Net teaches developers how to identify security flaws and implement security countermeasures throughout the software development life cycle to improve the overall quality of products and applications. EC-Council Certified Secure Programmer lays the foundation required by all application developers and development organizations to produce with greater stability and fewer security risks to the consumer. The Certified Secure Programmer standardizes the knowledge base for application development by incorporating the best practices followed by experienced experts in the various domains. This course is built with tons of labs peppered throughout the three days of training, offering participants critical hands on time to fully grasp the new techniques and strategies in secure programming.
ECSP-Java is comprehensive course that provides hands-on training covering Java security features, policies, strengths, and weaknesses. It helps developers understand how to write secure and robust Java applications and provides advanced knowledge in various aspects of secure Java development that can effectively prevent hostile and buggy code. The end result of security Java coding practices include saving valuable effort, money, time, and possibly the reputation of organizations using Java coded applications.
Software defects, bugs, and flaws in the logic of a program are consistently the cause for software vulnerabilities. Analysis by software security professionals has proven that most vulnerabilities are due to errors in programming. Hence, it has become crucial for organizations to educate their software developers about secure coding practices.
Attackers scan for security vulnerabilities in applications and servers and attempt to use these vulnerabilities to steal secrets, corrupt programs and data, and gain control of computer systems and networks. Sound programming techniques and best practices should be used to develop high quality code to prevent web application attacks. Secure programming is a defensive measure against attacks targeted towards application systems.
ADVANCED PROGRAMS
Each of the courses selected from the CAST Advanced Training Suite will be specifically designed to meet the needs of each individual, based according to their current skills and pace of learning to meet your organisation’s unique objectives and goals
CAST On-site expert/trainers will be flown down to your premise of choice at a date most suitable to you
CAST On-site allows students to receive training in more manageable sessions arranged over a spread of a few days that allowing for greater absorption of knowledge with an opportunity to practice and verify the new skills after each session prior to commencing the next one
With CAST On-site Advanced Security courses students will be able to take advantage of directly conversing with the chosen expert in matters unique to the student and your organisation
You can be rest assured that all challenges and objectives pertaining to your organisation’s goals can be discussed in an environment that ensures complete confidentiality
Each individual client receives the required high level of training that is benchmarked to international best practise and standards Each student receives a CAST Advanced Security Training Courseware that allows them to follow and revise the material that has been taught to them Upon completion of the course, each student will receive a CAST On-Site Advanced Security Training certificate of attendance.
Windows Infrastructure Hardening has become a mandatory step performed on a regular basis by any organization that sees security as a priority. Businesses nowadays are almost fully dependent on IT services, making the hardening and securing processes even more intense. The number of possible attack surfaces has emerged exponentially in direct relation to the increasingly competitive field of current technology we are witnessing where developers try to achieve more and more functionality from implemented solutions and applications.
The CAST 616: Securing Windows Infrastructure is designed with the single purpose of providing Info-Sec professionals with complete knowledge and practical skills necessary to secure their network infrastructure which is fast becoming if already not a top priority plus a major tech challenge for most security conscious organizations.
This 3 day training deep dives into the key aspects of solving infrastructure-related problems by appreciating the key elements of how Windows Internal Security mechanisms actually work and how it can be further optimized without jeopardizing or easing an organization’s IT Environment configuration settings which becomes common as time passes. Some of the highlights of this course are techniques used in Kernel Debugging, Malware hunting, deep diving into BitLocker and the automation of the whole hardening process.
Much thought was put into the course to be sure it worked and could be taught as a language agnostic course providing both the developer as well as management types to be exposed to how their own web site/web app could be compromised.
The course will require no special pen testing tools that are normally used during a course similar to this. The author expects that you simply understand program logic. If you know development techniques and have an architecture background you will walk away with a heightened sense of awareness about the things you do on a day to day basis.
To get the most from the course all participants should have at least some programming experience. This course is NOT language specific although program logic and design concepts both are an absolute must have.
NOTE: Students must be familiar with IT Security best practices, and have a good understanding of programming logic and common web technologies Course is designed for Developers.
With this course you can be among the few who transcend the old idea of the hacker having all the fun, take pride being the defender, form an offensive mindset to skillfully orchestrate robust and solid defenses and reinvent popular belief by beating the hacker at his own game.
You will be evaluating advanced hacking methods of defense fortification bringing you closer to establishing perfect security best practices and methodologies you can apply to secure environments. This course provides segmentation and isolation to reduce the effectiveness of the advanced persistent threats.
CAST 614 will cover fundamental areas of fortifying your defenses by discovering methods of developing a secure baseline and how to harden your enterprise architecture from the most advanced attacks. Once a strategy for a fortified perimeter is defined the course moves on to defending against the sophisticated malware that is on the rise today and the importance of live memory analysis and real time monitoring.
This course was put together focusing on what today’s Mobile Forensics practitioner requires, some of the advanced areas this course will be covering are the intricacies of manual Acquisition (physical vs. logical) & advanced analysis using reverse engineering understanding how the popular Mobile OSs are hardened to defend against common attacks and exploits.
CAST On-site provides personalized Advanced Security Courses to meet the needs of the individual or company and are planned to ensure maximum flexibility in terms of logistics, dates and cost issues. Our certified expert trainers are experienced educators and highly knowledgeable in their respective fields. CAST On-site prides itself on strict quality control principles at all times to ensure that clients receive the highest standard of training and service. CAST On-Site training is designed to add great value to your work force by increasing staff efficiency and skills ensuring improved productivity and output that far exceeds the value of the initial training costs.
SECURITY
About the Program:
- The ECSA pentest program takes the tools and techniques you learned in the Certified Ethical Hacker course (CEH) and elevates your ability into full exploitation by teaching you how to apply the skills learned in the CEH by utilizing EC-Council’s published penetration testing methodology.
- Focuses on pentesting methodology with an emphasis on hands-on learning
- The exam will now have a prerequisite of submitting a pentesting report
- The goal of these changes is to make passing ECSA more difficult; therefore making it a more respected certification
Information security plays a vital role in most organizations. Information security is where information, information processing, and communications are protected against the confidentiality, integrity, and availability of information and information processing. In communications, information security also covers trustworthy authentication of messages that covers identification of verifying and recording the approval and authorization of information, non-alteration of data, and the non-repudiation of communication or stored data.
This course prepares an individual as a complement to educational offerings in the domain of security and networking.
FIRST RESPONDERS
The IT incident management training program will enable students to be proficient in handling and responding to various security incidents such as network security incidents, malicious code incidents, and insider attack threats. In addition, students will learn about computer forensics and its role in handling and responding to incidents. The course also covers incident response teams, incident management training methods, and incident recovery techniques in detail. The ECIH certification will provide professionals greater industry acceptance as the seasoned incident handler.
This course will significantly benefit incident handlers, risk assessment administrators, penetration testers, cyber forensic investigators, venerability assessment auditors, system administrators, system engineers, firewall administrators, network managers, IT managers, IT professionals and anyone who is interested in incident handling and response.
About the Program:
Computer forensics is the application of computer investigation and analysis techniques in the interests of determining potential legal evidence. Evidence might be sought in a wide range of computer crimes or misuse, including but not limited to; theft of trade secrets, theft of or destruction of intellectual property, and fraud. Computer forensic investigators can draw from an array of methods for discovering data that resides in a computer system, or recovering deleted, encrypted, or damaged file information. The CHFI course will give participants the necessary skills to identify an intruder’s footprints and to properly gather the necessary evidence to prosecute. Many of today’s top tools of the forensic trade will be taught during this course, including software, hardware and specialized techniques. It is no longer a matter of “will your organization be comprised (hacked)?” but, rather, “when?” Today’s battle between corporations, governments, and countries are no longer fought only in the typical arenas of boardrooms or battlefields using physical force. Now, the battlefield starts in the technical realm, which ties into most every facet of modern day life.
A survey of 189 data center decision makers found a severe lack of IT preparation for natural and man-made disasters Faced with a potential catastrophe caused by anything from the weather to a malicious attack, companies need to make sure their IT disaster recovery training plans match best practices.
The EDRP course teaches you the methods in identifying vulnerabilities and takes appropriate countermeasures to prevent and mitigate failure risks for an organization. It also provides the networking professional with a foundation in disaster recovery course principles, including preparation of a disaster recovery plan, assessment of risks in the enterprise, development of policies, and procedures, and an understanding of the roles and relationships of various members of an organization, implementation of a plan, and recovering from a disaster.
This IT disaster recovery course takes an enterprise-wide approach to developing a disaster recovery plan. Students will learn how to create a secure network by putting policies and procedures in place, and how to restore a network in the event of a disaster.
OTHER PROGRAMS
This training is designed for anyone involved in the selection and implementation of VPN’s or digital certificates. Without understanding the cryptography at some depth, people are limited to following marketing hype. Understanding the actual cryptography allows you to know which one to select. A person successfully completing this course will be able to select the encryption standard that is most beneficial to their organization and understand how to effectively deploy that technology.
This course is excellent for ethical hackers and penetration testing professionals as most penetration testing courses skip cryptanalysis completely. Many penetration testing professionals testing usually don’t attempt to crack cryptography. A basic knowledge of cryptanalysis is very beneficial to any penetration testing.
Understanding the system vulnerabilities and learning tools to exploit the vulnerable systems can put anyone at an edge in the information and data security domain. Corporations are craving for the individuals who can contribute effectively in applying security measures on the compromised systems. Only identifying the threats are not going to help but documenting the findings in ethical manner and constantly evolving is equally important. We train the individuals for performing penetration testing in an organized manner so that once they are out in the market they are well crafted with the novel ways of handling the vulnerability.
Being an LPT (Master) means that you can find chinks in the armor of defense-in-depth network security models with the help of network pivoting, making exploit codes work in your favor, or by writing Bash, Python, Perl, and Ruby scripts. Your job description demands that you think on your feet, be creative in your approach, and not rely on the conventional techniques. Outsmarting and outmaneuvering the adversary is what sets you apart from the crowd.
Training &
Workshops
- Focuses on pentesting methodology with an emphasis on hands-on learning
- The exam will now have a prerequisite of submitting a pentesting report
- The goal of these changes is to make passing ECSA more difficult; therefore making it a more respected certification
EC-Councils’ ENSA certification looks at network security in a defensive view while the CEH certification looks at the security in an offensive mode. The ENSA program is designed to provide fundamental skills needed to analyze the internal and external security threats against a network, and to develop security policies that will protect an organization’s information. Students will learn how to evaluate network and Internet security issues and design, as well as how to implement successful security policies and firewall strategies. In addition, they will learn how to expose system and network vulnerabilities and defend against them.EC-Councils’ ENSA certification looks at network security in a defensive view while the CEH certification looks at the security in an offensive mode. The ENSA program is designed to provide fundamental skills needed to analyze the internal and external security threats against a network, and to develop security policies that will protect an organization’s information. Students will learn how to evaluate network and Internet security issues and design, as well as how to implement successful security policies and firewall strategies. In addition, they will learn how to expose system and network vulnerabilities and defend against them.