Training, workshops & courses offer
Our mission is to deliver more than security testing and make companies more secure by spreading security awareness and knowledge. For this reason, we design our workshops, training sessions, and courses with the most relevant challenges of today’s IT world in mind. We are convinced that security is crucial to the development of any new solution and adds significant value to it. Secure organizations nowadays are omnipresent and more attractive to their clients.
They’ve trusted us
Dedicated trainings, custom workshops and a large-scale learning platform
Security needs can be very different, from specialized training for a given technology to looking for a new method to increase security awareness among all technical people in the company.
We adjust the training course, examples, and exercises to best suit your case. However, if you want to explore a new field of IT security and need expert training that you have not found yet, we can prepare such training from scratch, especially for your case.
List of trainings
Hackflix & Skill
An interactive course in which, together with Buggy, we will guide your project team through the most common vulnerabilities we encounter in our security tests. A few seemingly insignificant bugs can lead to fatal consequences. Let’s prevent them!
This is a self-study online course on a dedicated e-learning platform, access to which starts at 80 USD per user.
The training has various applications thanks to the different approaches to security awareness. It may be used:
- As a part of the developers’ onboarding program,
- To promote security knowledge outside the security department,
- For effective technical training at scale according to current best practices in application security,
- As a building block for a security awareness program in your organization.
It is a fun alternative to one-shot security workshops that will help you make sure every participant is involved on a bigger scale.
The program is based on a TV series formula. There are 5 modules – we call them episodes. Each episode has its own story based on real-life cases of security issues that we have encountered in our daily work.
The students are involved in a dialogue with the character and solve exercises and quizzes to consolidate newly acquired knowledge. An interactive form of training allows for an engaging and modern way of consuming knowledge.
Threat Modeling Training
Equip your team with a hacker’s mindset, identify threats and attack vectors, and prepare your system for potential risks on your own. Introduce security early in your software development life cycle and your organization’s culture.
Threat modeling helps to take a wider perspective and understand cases in which you need to protect your essential assets. It is recommended to perform a threat modeling session not only before the start of security tests but also while considering new functionality for an existing application or before making any changes to your infrastructure.
This training is mostly held offline at your organization, but the Threat Modeling Training may be also conducted online.
Training objectives:
- Creating a solid basis for understanding different threat modeling methodologies,
- Getting to know a simplified threat modeling process using 3 key questions: What? Who? How?,
- Gaining practical experience with real-world examples,
- Being able to perform threat modeling at scale and implement it in various test cases.
Security Aware Developer
Security workshops for project teams that instill knowledge of common issues in application development. They are based on real-life attack scenarios and best practices for their prevention.
The scenarios presented during the workshops are based on our experience in penetration testing and infrastructure audits. We provide participants with a new perspective on security.
Our specialists can conduct this training both online and offline at your organization.
The main goals of the training are:
- Raising developers, architects, and testers’ awareness about application security issues, their causes, and possible outcomes,
- Showing lots of real-life examples,
- Discussing possible preventive measures and their pros and cons related to a vulnerability chain described in a given scenario.
Practical AWS Security Training
The growing number of intrusions into cloud environments shows that securing data and resources in cloud requires appropriate competencies. We offer training for project teams dedicated to AWS safety.
Our specialists can conduct this training both online and offline at your organization.
The key objectives of the Practical AWS Security Training are:
- providing a deep understanding of security aspects in AWS,
- showing common pitfalls and their consequences,
- sharing best practices in the protection of the most common AWS services,
- teaching how to perform cloud security assessment and detect security issues in practice,
- giving instructions on how to log and monitor potential security incidents,
- having great fun during laboratories based on real scenarios.
Purple Teaming
3 intensive days, 2 trainers, and 2 teams – red and blue – fighting for your application. Workshops created to improve both offensive and defensive security skills in your organization.
What’s innovative about this approach:
- we focus on attacking and defending a real application – YOUR application,
- we may find vulnerabilities in the application, so security reconnaissance is included 😉
- a unique combination of competition and cooperation,
- we can reconfigure the environment and make corrections live,
- we meet on-site – in your office.
Mobile Application Security Training
This training is intended for people participating in the process of developing applications for mobile platforms.
Its purpose is to teach how to implement patches to the application after receiving a security test report. After the training, you will know how to interpret the penetration test report and recreate the indicated vulnerabilities, what is a real impact on the risk, and how to implement corrections.
Our specialists conduct this training fully offline at your organization.
What will you learn?
- iOS and Android security,
- Analysis of security test reports,
- Secure communication between a mobile application and a server,
- Safe storage of sensitive data,
- Correct implementation of inter-application communication,
- Jailbreak/Root detection,
- Protection against reverse engineering,
- WebView security,
- Correct implementation of the above.
iOS Application Security Engineer
iASE is a unique self-study online course for developers, penetration testers, and all iOS security enthusiasts. The course is complete know-how filled with best practices, secure app development, and tips for OWASP MASVS compliance. After completing iASE and passing the exam, you will receive a certificate confirming your skills in the field of iOS security.
This course will provide you with:
- Complete pentest know-how – from basic security mechanisms and common iOS apps vulnerabilities to advanced pentesting tools and writing custom iOS tweaks.
- Industry best practices – the course is based on real-world attack scenarios and common iOS application security flaws with official security recommendations.
- Secure app development – step-by-step implementation of crucial security features in your application. Specific advice on what to watch out for.
- OWASP MASVS Compliance – developing software in line with the most recognizable security standards.
- Materials made by pentesters – knowledge from real-world security practitioners. Get the iDevices hacker mindset.
About the trainers
We are experienced penetration testers and security experts. Our specialists have conducted hundreds of training courses and workshops both offline and online. We also share our knowledge at diverse conferences worldwide, such as Black Hat, Objective by the Sea, No Hat, and many more. Our experts are experienced speakers and instructors.
Why is security knowledge important?
Education and constant improvement of skills in your team are the key components in enhancing the security of the application development. Having proper security knowledge may protect your organization against unwanted incidents right from the start, as achieving a secure IT environment through penetration testing alone at the end of development is inefficient. Never-ending test-and-fix cycles have a negative influence on the quality and timing of IT projects. This is why your IT specialists should know the fundamentals of security and be aware of possible issues. Companies investing in security training for their staff have shorter and more predictable development cycles.
That is why we have decided to share our IT security knowledge with teams developing and maintaining IT applications and systems. Following client consultations, we have developed an innovative approach to education that allowed us to create an engaging series of workshops, practical examples, and exercises.
Want to conduct training in your organization?
Security is an important part of today’s work, and we take it seriously at every step. We would be happy to help with the security of your organization and share our expertise.
If you are interested in any training or want to learn more about our offer – write to us or book a call – our security specialists will share all the details of each course, help to choose the right one for you, and tell you about the next steps.