FOR COMPANIES

SECURITY OF WEB APPLICATIONS

Digitization has allowed us to transfer many aspects of our lives to the Internet, but it has brought with it a number of new threats. One small programmer error can expose users to harm and generate multi-million losses for the company. During our training, participants will learn in an accessible way the processes invisible to the human eye that happen when, for example, we order a transfer, log in to an office or look for a recipe on a forum, and the risks associated with them. Additionally, practical exercises prepared by our specialists will allow you to thoroughly consolidate the acquired knowledge.

APPLICATION SECURITY FOR DEVELOPERS

Java application code analysis,
.NET application code analysis,
PHP application code analysis.

The block will discuss selected vulnerabilities of the server-side type. The presenters will show both errors in the source code itself and their practical use by the attacker. In addition, issues related to dependency security and code audit methodology will be discussed. The summary of this part of the training will be the presentation of the best practices of writing secure code of the selected technology.

NETWORK AND

INFRASTRUCTURE

SECURITY

The training is focused on scanning the network and detecting vulnerable services. It includes various means of remotely executing commands on servers and privilege escalation techniques that can be used to gain unauthorized access to administrative accounts.

INTRODUCTION TO RED TEAMING

The training consists of conducting a series of attack simulations that will reflect the methods of operation of cyber criminals, the social engineering, and the tools they use, based on modeled target-oriented scenarios.

C CODE ANALYSIS

AND LOCAL EXPLOITATION

The training covers the basics of the Linux operating system and its security model. It teaches reverse analysis of programs written in the C programming language and the practical use of found vulnerabilities in order to escalate privileges or obtain remote code execution.

Most of the services available on the Internet are based on Linux. Its knowledge is an integral part of a full security audit.

INTRODUCTION TO MALWARE ANALYSIS

The training concerns malware analysis, and tracking API calls. Thanks to it, you will learn how to decrypt network traffic, bypass certificate pinning, and obtain IoC (Indicators of Compromise) using static and dynamic analysis.

Malware analysis is an essential skill for any SOC incident response team as well as an application security auditor.

ESSENTIAL SECURITY

They say that the best defense is an attack - this is also the assumption of cybersecurity experts. During the training, our lecturers will show what safety looks like from the "red" side. Participants will have the opportunity to familiarize themselves with the basic Hacker's workshop, learn the basics of communication, the Linux operating system and understand the goals of attackers. Finally, they will have the opportunity to gain access to the golden grail of all hackers - executing commands on the server with escalation of privileges. Participants will also learn how to conduct a penetration test step by step and how to look for vulnerabilities, both manually and automatically. There will also be verification of the scope of the test and preparation of a report in which students will be able to boast about their findings.

MOBILE APPLICATIONS

Nowadays, an increasing part of users' lives is focused on a mobile device - the Phone. Our training takes this important aspect under the microscope. During the classes, participants will become familiar with the two most popular platforms (Android and iOS) from the inside. We will also discuss issues related to not only the mistakes programmers make in their applications, but also how the structure of mobile operating systems allows them to attack the user without the need to directly interact with their banking, SMS, etc. applications.

Report to us!

Name

Last name

E-mail

Phone number

Company

Thank you for reporting!

I consent to the processing of personal data provided in the form in accordance with the Personal Data Protection Act for the purpose of:

* contact by phone and provide information regarding the offered training in the field of cyber security.See terms of use

receiving information via e-mail regarding the offered training in the field of cyber security.

receiving from STM Academy Sp. z o. o. correspondence and commercial information regarding own and partners' products and services.

I have been informed that providing the telephone number is voluntary, but necessary to respond to the contact request and that I have the right to access, change, delete, and stop processing the data. The administrator of personal data is STM Academy Sp. zoo. with its registered office at ul. Żwirki i Wigury 16a, 02-092 Warsaw. You can find the Information Clause on page

CAREER DEVELOPMENT IN CYBERSEC

Our course is running stationary on weekends in Warsaw at Campus Business Garden at ul. Żwirki i Wigury 16a.

Classes are held in a spacious room equipped with the necessary equipment for each participant. There are two lecturers for each group - the main one and the supporting one. Groups may not exceed 20 people.

Classes are held on our proprietary cyber range platform - HackingDept. You will have access to it 24/7 during the training and 30 days after completing the course.

BENEFITS

1

Development of participants' competences in the field of cybersecurity

2

Easier communication between IT departments in the organization

3

Access to the proprietary cyber range platform 24/7 during the training and 30 days after completing the course

4

Opportunity to develop

careers in CyberSec and retraining of human resources

TEST DRIVE

We don't want to convince everyone that we are the best. Just sign up for a free 2-hour test drive and see for yourself that there is no more advanced training on the market.

Test Drive