Durée de la formation : 2,03h
This course is an introduction to secure development practices related to various aspects of software development. Security architect Frank Moley introduces you to risk analysis, including proactive risk identifications. Frank then looks at the most common types of vulnerabilities that plague applications today, including client/server issues, with a heavy focus on web-based and embedded and IoT focused development. The course then gets into a primer of cryptography, the role it plays in security, and its proper use by looking at the vulnerabilities around its misuse. Frank finishes the course by looking at strategies for each phase of the software development lifecycle to build a secure application development lifecycle while considering the modern development practices.
Topics include:
Ce cours n´est disponible qu´en anglais. Si ce n´est pas un problème pour vous, soumettez votre demande.
Principles of Secure Coding offers a comprehensive exploration of secure coding practices, emphasizing the importance of incorporating security throughout the entire development process. This course will equip you with the skills and mindset necessary to protect your applications against potential threats, setting you on the path towards developing robust and resilient software.
Dive into essential security concepts such as authentication, authorization, encryption, and encoding. Learn the importance of version control and best practices for maintaining sensitive information. Engage with real-life and fictional security horror stories, including an exclusive tale from YouTube sensation Tom Scott, to gain insight into the potential consequences of insecure coding.
Explore secure coding techniques using C# as our primary language while emphasizing broader applicability to other programming languages. Delve into methods for safeguarding data, preventing information leaks, and mitigating vulnerabilities. Develop an understanding of security testing and code review processes to ensure your applications remain secure and compliant.
Continuing the course, we'll investigate the OWASP Top Ten security risks for 2021, enabling you to recognize and address recurring security issues. By diving deep into these prevalent concerns, you'll gain invaluable insight into the mindset and thought processes that often lead to security problems.
New! A bonus module examining three new online authentication methods and how they work, as well as how they fit into the context of encryption and security. Have you ever wondered how Google or Microsoft Authenticator works? We will dig into what is happening under the covers.
Seize the opportunity to enhance your software development skills with this course. Enroll today and propel your skills to new heights!
In this course, you will learn:
- Software developers looking to expand their knowledge in secure coding practices
- IT professionals seeking to understand and implement secure coding techniques
- Computer science students wanting to specialize in application security
- Web and mobile app developers aiming to enhance the security of their applications
- IT managers and team leads responsible for overseeing secure development practices
- Cybersecurity enthusiasts interested in learning about secure coding principles
- Freelance developers striving to ensure the security of their clients' projects
Learn how to investigate, respond to, and hunt for threats using Microsoft Sentinel, Microsoft Defender XDR and Microsoft Defender for Cloud. In this course you will learn how to mitigate cyberthreats using these technologies. Specifically, you will configure and use Microsoft Sentinel as well as utilize Kusto Query Language (KQL) to perform detection, analysis, and reporting. The course was designed for people who work in a Security Operations job role and helps learners prepare for the exam SC-200: Microsoft Security Operations Analyst.
The Microsoft Security Operations Analyst collaborates with organizational stakeholders to secure information technology systems for the organization. Their goal is to reduce organizational risk by rapidly remediating active attacks in the environment, advising on improvements to threat protection practices, and referring violations of organizational policies to appropriate stakeholders. Responsibilities include threat management, monitoring, and response by using a variety of security solutions across their environment. The role primarily investigates, responds to, and hunts for threats using Microsoft Sentinel, Microsoft Defender XDR, Microsoft Defender for Cloud, and third-party security products. Since the Security Operations Analyst consumes the operational output of these tools, they are also a critical stakeholder in the configuration and deployment of these technologies.
En tant que responsable de la sécurité ou DSI, vous devez mettre en place une politique de cybersécurité pour répondre aux menaces qui pèsent sur votre informatique. Pour cela, Pierre Cabantous vous propose de faire un tour de la cybersécurité en entreprise. Dans ce cours, vous étudierez la démarche d'un pirate, avant et après l'intrusion dans un système, à la suite de l'exploitation d'une vulnérabilité. Vous verrez comment gérer ces vulnérabilités par rapport à un niveau de risque que vous apprendrez à calculer. Vous aborderez aussi une des principales menaces encourues aujourd'hui par tout service accessible en ligne : les attaques par déni de service. Puis vous découvrirez comment protéger votre organisation aux niveaux technique et organisationnel, en suivant des bonnes pratiques, des process ainsi que des normes européennes comme le RGPD.
Topics include:
Ce cours n´est disponible qu´en anglais. Si ce n´est pas un problème pour vous, soumettez votre demande.
This course is in French only. If this is not a problem for you, by all means go ahead and apply.
Social engineering is a technique hackers use to manipulate end users and obtain information about an organization or computer systems. In order to protect their networks, IT security professionals need to understand social engineering, who is targeted, and how social engineering attacks are orchestrated. In this course, cybersecurity expert Lisa Bock discusses the methods a hacker might use, including embedding malicious links and attachments in emails and using mobile devices and social media to deploy an attack. She discusses the concept of "misuse of trust"—how hackers use charm, power, and influence to penetrate an organization—and why you need to be extra cautious with the disgruntled employee. Finally, Lisa discusses countermeasures security professionals can take to address these attacks. Note: This course maps to the Social Engineering competency of the Certified Ethical Hacker exam. You can review the exam objectives on the official EC-Council website.
Topics include:
- Visualizing the victim
- Recognizing an attack
- Using charm, power, and influence
- Manipulating with social media
- Preventing insider attacks
- Stealing identities
- Pen testing with social engineering
- Taking countermeasures
Ce cours n´est disponible qu´en anglais. Si ce n´est pas un problème pour vous, soumettez votre demande.
This course is in French only. If this is not a problem for you, by all means go ahead and apply.
Mobile devices are used for our most sensitive transactions, including email, banking, and social media. But they have a unique set of vulnerabilities, which hackers are all too willing to exploit. Security professionals need to know how to close the gaps and protect devices, data, and users from attacks. Join cybersecurity expert Malcolm Shore as he explores the two dominant mobile operating systems, Android and iOS, and shows ways to protect devices through analysis and testing. Watch this course to review the basics of mobile OS models, the toolsets you need for testing, and the techniques for detecting and preventing the majority of security flaws. These methods are recognized by EC Council as integral part of those looking to earn their Certified Ethical Hacker certification. The complete CEH BOK can be found at https://www.eccouncil.org/Certification/certified-ethical-hacker/CEH-What-You-Will-Learn.
Topics include:
- Statistic and dynamic analysis of mobile applications
- Testing on Android
- Analyzing Android applications
- Securing iOS applications
- Jailbreaking iOS for command-line access
- Analyzing iOS apps
Ce cours n´est disponible qu´en anglais. Si ce n´est pas un problème pour vous, soumettez votre demande.
This course is in French only. If this is not a problem for you, by all means go ahead and apply.
Wireless networks are convenient and popular, but poor configuration and encryption leave them open to attack. Hackers can use Wi-Fi vulnerabilities to infiltrate your entire network. Security professionals need to know how to detect, prevent, and counter these kinds of attacks using the latest tools and techniques—the subject of this course with cybersecurity expert Malcolm Shore. Malcolm covers everything from configuring basic security to understanding how hackers extract passwords, harvest connections at rogue access point, and attack networks via Bluetooth. He also explains how to select the right antennae for testing and introduces some sophisticated Windows and Linux tools to scan for vulnerabilities, including Acrylic, Ekahau, and Wireshark. By the end of the course, you should be able to shore up your wireless connections and gain confidence that your local network is safe to use. Note: This course is part of our test prep series for the Certified Ethical Hacker exam. Review the complete exam objectives at https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/.
Topics include:
- Selecting an antenna
- Configuring security
- Extracting WEP and network passwords
- Testing passwords
- Harvesting connections from rogue access points
- Attacking networks via Bluetooth
- Capturing wireless packets with Acrylic Wi-Fi
- Heat mapping with Ekahau
- Wi-Fi sniffing with Wireshark
- Testing the Internet of Things
Ce cours n´est disponible qu´en anglais. Si ce n´est pas un problème pour vous, soumettez votre demande.
This course is in French only. If this is not a problem for you, by all means go ahead and apply.
SMALS STANDARDS
L'équipe IAM, à savoir Identity & Access Management, ainsi que la cellule Network Security vous sont présentées.
Les deux équipes sont impliquées dans la pratique appliquée de la sécurité applicative chez Smals.
- Enseignant: Katleen Rolies
The number of IoT (Internet of Things) devices deployed is increasing exponentially, which presents significant security challenges. In this course, Lisa Bock covers topics related to the IoT and OT hacking domain from the CEH body of knowledge. Lisa dives into the myriad of security challenges that the IoT faces, highlighting the importance of conducting ethical hacking to unearth vulnerabilities within IoT and operational technology (OT) devices. The course covers strategies for managing OT and industrial control systems (ICS). Furthermore, Lisa outlines methods for executing attacks on IoT/OT systems along with ways to safeguard systems against potential attacks, to ensure participants are well-equipped to protect these technologies. To help apply these concepts, Lisa provides a list of resources for best practice frameworks and guidance on securing IoT/OT systems. At the end of the course, you will have a robust arsenal to navigate the complex landscape of IoT security.
Topics include:
Ce cours n´est disponible qu´en anglais. Si ce n´est pas un problème pour vous, soumettez votre demande.
This course is in French only. If this is not a problem for you, by all means go ahead and apply.
● Secure your computer, your network, and your data from 99% of all attacks on the Internet
● Find and fix weaknesses and harden your computer's security
● Keep yourself safe online, at home, at school, or at work
● Test for security vulnerabilities using the tricks the bad guys use
● Avoid phishing, viruses, ransomware, and online scams
Demande de formation
Security is a major concern in the DevOps world. There is a constant push for companies to move more quickly, and security teams struggle to keep up with testing. This has led to the rise of a new field: DevSecOps. This course introduces the concept of DevSecOps and explains how an organization can build out a DevSecOps program that helps teams integrate security into the application development pipeline. Learn about the role of APIs, containers, security as code, and automation, and how a continuous integration and delivery framework can help your organization run security tests as often as developers want. Instructor Tim Chase also introduces some free tools and resources for starting your DevSecOps journey.
Topics include:
- Recognize which groups make up DevOps.
- Identify what should be included in the DevSecOps process.
- Explain how API and security testing function.
- Indicate the challenges and benefits of CI/CD.
- Recognize the central repository for containers.
- Describe how to secure IaC.
- Identify where DevSecOps test results are placed.
Ce cours n´est disponible qu´en anglais. Si ce n´est pas un problème pour vous, soumettez votre demande.
This course is in French only. If this is not a problem for you, by all means go ahead and apply.
Durée de la formation : 2,22h
Ethical hacking involves testing to see if an organization's network is vulnerable to outside attacks. It's one of the most desired skills in an IT security professional. In this course, security ambassador Lisa Bock guides you through the System Hacking competency from the CEH Body of Knowledge. Find out how hackers are able to hack into a system and gain access. Learn about privilege escalation, keyloggers, and spyware. Plus, explore countermeasures that IT security professionals can take to prevent these attacks.
Topics include:
Ce cours n´est disponible qu´en anglais. Si ce n´est pas un problème pour vous, soumettez votre demande.