3445 Associate courses

Duration 5 Days 30 CPD hours This course is intended for This intermediate course is designed for anyone who works on WebSphere related applications and projects, including administrators, IBM Business Partners, independent software vendors (ISVs), and consultants. Overview The objectives for this course are as follows:Use IBM Support Assistant to organize and analyze problem artifactsUse problem determination techniques to identify common problemsApply problem investigation approaches such as analysis and isolationGather diagnostic data problem artifacts by using administrative toolsTroubleshoot JVM-related problems such as hung threads, out of memory issues, and crashesUse IBM Support Assistant to run tools that analyze diagnostic dataIdentify and troubleshoot common problems with database connectionsConfigure and tune database connection poolsTroubleshoot WebSphere security problems associated with authentication, authorization, SSL, and Java 2 policiesIdentify and resolve Java EE application deployment problemsTroubleshoot HTTP request flow problems from web server to web containerIdentify and resolve application server startup failuresTroubleshoot problems associated with WebSphere default messaging and SI busTroubleshoot WebSphere installation problemsUse Intelligent Management features to configure health policies and tasksCommunicate effectively with IBM support teams This course teaches you how to manage WebSphere Application Server problems more skillfully within your organization by using problem determination tools and techniques. Outline Course introduction Overview of WebSphere Application Server systems and components Using the IBM Support Assistant Team Server 5.0 Exercise: Using the IBM Support Assistant Team Server 5.0 Problem determination methods Gathering diagnostic data Exercise: Gathering diagnostic data Introduction to JVM-related problems Exercise: Introduction to configuring garbage collection policies How to troubleshoot hangs Exercise: Troubleshooting hung threads How to troubleshoot crashes Exercise: Troubleshooting crashes Introduction to WebSphere out-of-memory problems Exercise: Troubleshooting an out-of-memory condition Introduction to database connection problems Exercise: Troubleshooting database connection problems Tuning and connection pool management problems Exercise: Troubleshooting a connection leak WebSphere security configuration problems Exercise: Troubleshooting security problems Application deployment problems Server start failures Exercise: Troubleshooting server start failures Request flow and web container problems Exercise: Troubleshooting request flow and web container problems Default messaging provider problem determination Exercise: Troubleshooting WebSphere default messaging WebSphere installation problems when using IBM Installation Manager Intelligent Management problem determination and problem determination tools Exercise: Configuring health management policies Course summary

Duration 3 Days 18 CPD hours This course is intended for This is an intermediate course for architects, system integrators, security administrators, network administrators, software engineers, technical support individuals, and IBM Business Partners who implement LPARs on IBM Power Systems. Overview Describe important concepts associated with managing POWER7 processor-based systems, such as Logical partitioning (LPAR), dynamic partitioning, virtual devices, virtual processors, virtual consoles, virtual Local Area Network (VLAN), and shared processors Describe the features of the PowerVM Editions. Use the System Planning Tool to plan an LPAR configuration Describe the functions of the HMC Configure and manage the HMC, including users and permissions, software, startup and shutdown, remote access features, network configuration, security features, HMC backup and restore options, and the HMC reload procedure Describe the rules associated with allocating resources, including dedicated processors, processing units for Micro-Partitions, memory, physical I/O for AIX and Linux partitions Configure and manage LPARs using the HMC Graphical User Interface (GUI) and HMC commands Interpret physical and AIX location codes and relate to the key hardware components Power on and power off the POWER7 system Use the HMC to back up and restore partition data In this course, students will learn the skills needed to become an effective administrator on IBM's POWER7-based systems that support Logical Partitioning (LPAR). Day 1 Introduction to partitioning Hardware system overview Hardware Management Console Day 2 Hardware Management Console (cont.) System Planning Tool HMC and managed system maintenance System power management Planning and configuring logical partitions Day 3 Planning and configuring logical partitions (cont.) Partition operations Dynamic resource allocation Exercise 9 Additional course details: Nexus Humans AN110 IBM Power Systems for AIX I - LPAR Configuration and Planning training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the AN110 IBM Power Systems for AIX I - LPAR Configuration and Planning course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

Duration 4 Days 24 CPD hours This course is intended for This is an intermediate-level programming course, designed for experienced .Net developers who wish to get up and running on developing well defended software applications. Real world programming experience with .Net is required. Overview Students who attend Attacking and Securing .Net Web Applications will leave the course armed with the skills required to recognize actual and potential software vulnerabilities and implement defenses for those vulnerabilities. This course begins by developing the skills required to fingerprint a web application and then scan it for vulnerabilities and bugs. Practical labs using current tools and techniques provide students with the experience needed to begin testing their own applications. Students also gain a deeper understanding of how attackers probe applications to understand the runtime environment as well as find potential weaknesses. This course the introduces developers to the most common security vulnerabilities faced by web applications today. Each vulnerability is examined from a .Net perspective through a process of describing the threat and attack mechanisms, recognizing associated vulnerabilities, and, finally, designing, implementing effective defenses. Practical labs reinforce these concepts with real vulnerabilities and attacks. Students are then challenged to design and implement the layered defenses they will need in defending their own applications. There is an emphasis on the underlying vulnerability patterns since the technologies, use cases, and methods of attack as constantly changing. The patterns remain the same through all the change and flux. This 'skills-centric' course is about 50% hands-on lab and 50% lecture, designed to train attendees in secure web application development, coding and design, coupling the most current, effective techniques with the soundest industry practices. Our instructors and mentors are highly experienced practitioners who bring years of current 'on-the-job' experience into every classroom. This lab-intensive course provides hands-on .Net security training that offers a unique look at .Net application security. Beginning with penetration testing and hunting for bugs in .Net web applications, you thoroughly examine best practices for defensively coding web applications, covering all the OWASP Top Ten as well as several additional prominent vulnerabilities. You will repeatedly attack and then defend various assets associated with fully functional web applications and services, driving home the mechanics of how to secure .Net web applications in the most practical of terms. Bug Hunting Foundation Why Hunt Bugs? Safe and Appropriate Bug Hunting/Hacking Scanning Web Applications Scanning Applications Overview Moving Forward from Hunting Bugs Removing Bugs Foundation for Securing Applications Principles of Information Security Bug Stomping 101 Unvalidated Data Injection Broken Authentication Sensitive Data Exposure XML External Entities (XXE) Broken Access Control Bug Stomping 102 Security Misconfiguration Cross Site Scripting (XSS) Deserialization/Vulnerable Components Insufficient Logging and Monitoring Spoofing, CSRF, and Redirects Moving Forward with Application Security Applications: What Next? .NET Issues and Best Practices Making Application Security Real Time Permitting Topics Cryptography Overview .NET Cryptographic Services

Duration 4 Days 24 CPD hours This course is intended for This is an intermediate -level programming course, designed for experienced Java developers who wish to get up and running on developing well defended software applications. Familiarity with Java and JEE is required and real world programming experience is highly recommended. Ideally students should have approximately 6 months to a year of Java and JEE working knowledge. Overview Students who attend Attacking and Securing Java Web Applications will leave the course armed with the skills required to recognize actual and potential software vulnerabilities and implement defenses for those vulnerabilities. This course begins by developing the skills required to fingerprint a web application and then scan it for vulnerabilities and bugs. Practical labs using current tools and techniques provide students with the experience needed to begin testing their own applications. Students also gain a deeper understanding of how attackers probe applications to understand the runtime environment as well as find potential weaknesses. This course the introduces developers to the most common security vulnerabilities faced by web applications today. Each vulnerability is examined from a Java/JEE perspective through a process of describing the threat and attack mechanisms, recognizing associated vulnerabilities, and, finally, designing, implementing, and testing effective defenses. Practical labs reinforce these concepts with real vulnerabilities and attacks. Students are then challenged to design and implement the layered defenses they will need in defending their own applications. There is an emphasis on the underlying vulnerability patterns since the technologies, use cases, and methods of attack as constantly changing. The patterns remain the same through all the change and flux. This 'skills-centric' course is about 50% hands-on lab and 50% lecture, designed to train attendees in secure web application development, coding and design, coupling the most current, effective techniques with the soundest industry practices. Our engaging instructors and mentors are highly experienced practitioners who bring years of current 'on-the-job' experience into every classroom. This lab-intensive course provides hands-on Java / JEE security training that offers a unique look at Java application security. Beginning with penetration testing and hunting for bugs in Java web applications, you embrace best practices for defensively coding web applications, covering all the OWASP Top Ten as well as several additional prominent vulnerabilities. You will repeatedly attack and then defend various assets associated with fully functional web applications and services, allowing you to experience the mechanics of how to secure JEE web applications in the most practical of terms. Bug Hunting Foundation Why Hunt Bugs? Safe and Appropriate Bug Hunting/Hacking Scanning Web Applications Scanning Applications Overview Moving Forward from Hunting Bugs Removing Bugs Foundation for Securing Applications Principles of Information Security Bug Stomping 101 Unvalidated Data Broken Authentication Sensitive Data Exposure XML External Entities (XXE) Broken Access Control Bug Stomping 102 Security Misconfiguration Cross Site Scripting (XSS) Deserialization/Vulnerable Components Insufficient Logging and Monitoring Spoofing, CSRF, and Redirects Moving Forward with Application Security Applications: What Next? Making Application Security Real

Duration 1 Days 6 CPD hours This course is intended for This course does not have any technical knowledge prerequisites for the learners, besides being proficient in using a computer and the Internet. IT and/or AI knowledge is a benefit but not a hard requirement. Given the rapid development of AI and the broad range of its applications in everyday life, it is crucial for anyone to attend this course to update their digital skills in an ever-changing world. It is expected that all learners have registered for a free account of OpenAI ChatGPT at https://chat.openai.com. Overview Discover how AI relates to other 4th industrial revolution technologies Learn about AI, ML, and associated cognitive services Overview of AI development frameworks, tools and services Evaluate the OpenAI ChatGPT4 / ChatGPT3.5 model features in more detail The core aim of this ?AI for beginners? course is to introduce its audience to Artificial Intelligence (AI) and Machine Learning (ML) technologies and allow them to understand the practical applications of AI in their everyday personal and professional life. Moreover, the course aims to provide a handful of demos and hands-on exercises to allow the learners to familiarize themselves with usage scenarios of OpenAI ChatGPT and other Generative AI (GenAI) models. The content of this course has been created primarily by using the OpenAI ChatGPT model. AI theoretical concepts. Introduction to AI, ML, and associated cognitive services (Computer vision, Natural language processing, Speech analysis, Decision making). How AI relates to other 4th industrial revolution technologies (cloud computing, edge computing, internet of things, blockchain, metaverse, robotics, quantum computing). AI model classification by utilizing mind maps and the distinctive role of Gen AI models. Introduction to the OpenAI ChatGPT model and alternative generative AI models. Familiarization with the basics of the ChatGPT interface (https://chat.openai.com). Talking about Responsible AI: Security, privacy, compliance, copyright, legal challenges, and ethical implications. AI practical applications Overview of AI development frameworks, tools and services. AI aggregators review. Hand-picked AI tool demos: a.Workplace productivity and the case of Microsoft 365 Copilot. b.The content creation industry. Create text, code, images, audio and video with Gen AI. c.Redefining the education sector with AI-powered learning. Evaluate the OpenAI ChatGPT4 / ChatGPT3.5 model features in more detail: a.Prompting and plugin demos. b.Code interpreter demos. Closing words. Discussion with an AI model on the future of AI. Additional course details: Nexus Humans AI for beginners training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the AI for beginners course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

Duration 5 Days 30 CPD hours This course is intended for Although there are no mandatory prerequisites, the course is particularly suited for the following audiences: Cybersecurity engineer Cybersecurity investigator Incident manager Incident responder Network engineer SOC analysts currently functioning at entry level with 2+ years of experience Overview After taking this course, you should be able to: Describe the types of service coverage within a SOC and operational responsibilities associated with each. Compare security operations considerations of cloud platforms. Describe the general methodologies of SOC platforms development, management, and automation. Explain asset segmentation, segregation, network segmentation, micro-segmentation, and approaches to each, as part of asset controls and protections. Describe Zero Trust and associated approaches, as part of asset controls and protections. Perform incident investigations using Security Information and Event Management (SIEM) and/or security orchestration and automation (SOAR) in the SOC. Use different types of core security technology platforms for security monitoring, investigation, and response. Describe the DevOps and SecDevOps processes. Explain the common data formats, for example, JavaScript Object Notation (JSON), HTML, XML, CommaSeparated Values (CSV). Describe API authentication mechanisms. Analyze the approach and strategies of threat detection, during monitoring, investigation, and response. Determine known Indicators of Compromise (IOCs) and Indicators of Attack (IOAs). Interpret the sequence of events during an attack based on analysis of traffic patterns. Describe the different security tools and their limitations for network analysis (for example, packet capture tools, traffic analysis tools, network log analysis tools). Analyze anomalous user and entity behavior (UEBA). Perform proactive threat hunting following best practices. The Performing CyberOps Using Cisco Security Technologies (CBRCOR) v1.0 course guides you through cybersecurity fundamentals and prepares you for the role of Information Security Analyst on a Security Operations Center team. You?ll learn to automate for security using cloud platforms and how to apply your knowledge to real-world scenarios Course Outline Understanding Risk Management and SOC Operations Understanding Analytical Processes and Playbooks Investigating Packet Captures, Logs, and Traffic Analysis Investigating Endpoint and Appliance Logs Understanding Cloud Service Model Security Responsibilities Understanding Enterprise Environment Assets Threat Tuning Threat Researching and Threat Intelligence Practices Understanding APIs Understanding SOC Development and Deployment Models Performing Security Analytics and Reports in a SOC Malware Forensics Basics Threat Hunting Basics Additional course details: Nexus Humans Cisco Performing CyberOps Using Cisco Security Technologies (CBRCOR) v1.0 training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the Cisco Performing CyberOps Using Cisco Security Technologies (CBRCOR) v1.0 course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

Duration 2 Days 12 CPD hours This course is intended for This is an intermediate level training course, designed for experienced Java developers and architects who need to identify, design, and implement web services. We will explore and apply the terminology, the specification, the processes and technologies specific to web services. Students should have at least a year of practical development experience with Java and servlets, and should be familiar with XML and JSON. Overview This 'skills-centric' course is about 50% hands-on lab and 50% lecture, designed to train attendees in core RESTful development skills, coupling the most current, effective techniques with the soundest industry practices. Working within in a hands-on learning environment, guided by our expert team, attendees will learn to: Understand and apply the basic concepts of REST Understand and intelligently discuss the similarities and differences between RESTful services and SOAP-based services Appreciate the security concerns associated with RESTful services Design, develop, and deploy real-world RESTful Services Effectively define and design endpoints Work with query parameters Determine the best format to use for exchanging data Understand the principles associated with HTTP methods and how to stay congruent to them Extend the semantics of the RESTful service beyond the HTTP methods Implement RESTful services using JAX-RS to Handle various HTTP methods Use different approaches for parameters Deal with content negotiation Work with different data formats including XML and JSON Handle exceptions Implement RESTful Java clients Develop JAX-RS Java clients using the JAX-RS 2.0 Client API Manage different Web targets Deal with content negotiation on the client Work with different data formats including XML and JSON Properly process server responses Implement JAX-RS Filters and Interceptors Intercept and manipulate service requests and responses Dynamically register interceptor to resources Understand the concept of NameBinding Discover asynchronous JAX-RS processing Implement an asynchronous JAX-RS service endpoint Register response listeners Geared for experienced Java developers, Java REST Essentials is a two day, lab-intensive services training course that introduces developers to the core concepts, principles, and Java implementations for RESTful services. Today's development environments are increasingly dominated by sophisticated tooling that makes the implementation of RESTful services less arduous. The proper design of these services is far more complex and demanding. Java RESTful Service Essentials focuses on providing an understanding of the fundamental principles and technologies that are used in building these services. This understanding is critical to being able to diagnose, troubleshoot, tune, and perform other lifecycle activities. Session: Working with REST Overview of REST Designing RESTful Services JAX-RS Lesson: Introduction to JAX-RS @Path: URI Matching JAX-RS Content Negotiation JAX-RS Request and Response JAX-RS Client API JAX-RS Filters and Interceptors Asynchronous JAX-RS Additional course details: Nexus Humans Java REST Essentials (TT7305) training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the Java REST Essentials (TT7305) course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

Duration 5 Days 30 CPD hours This course is intended for Senior Linux system administrators who use high-availability clustering and fault-tolerant shared storage technologies to maximize resiliency of production services. Overview Install and configure a Pacemaker-based high availability cluster. Create and manage highly available services. Troubleshoot common cluster issues. Work with shared storage (iSCSI) and configure multipathing. Implement Logical Volume Manager (LVM) in cluster-aware configurations. Configure GFS2 file systems on storage shared by multiple nodes. Deploy reliable, available critical production services in a high availability cluster In the Red Hat High Availability Clustering (RH436) course, you will learn how to provide highly available network services to a mission-critical enterprise environment through the deployment and management of shared storage and server clusters. Created for senior Linux system administrators, this 4-day course strongly emphasizes lab-based activities. You will set up a cluster of systems running the Pacemaker component of the Red Hat Enterprise Linux High-Availability Add-On, and deploy Linux-based services such as web servers and databases on that cluster. Cluster storage components from the Resilient Storage Add-On are also covered; installations and applications that require multiple cluster nodes can access the same storage simultaneously. This includes Logical Volume Manager (LVM) Shared Volume Groups, Red Hat Global File System 2 (GFS2), and Device-Mapper Multipath. This course is based on Red Hat Enterprise Linux 8.3. Prerequisites Red Hat Certified System Administrator (RHCSA) exam (EX200) and associated courses. Red Hat Cerfitied Engineer (RHCE) exam (EX294) and associated courses. 1 - Creating high availability clusters Create a basic high availability cluster. 2 - Managing cluster nodes and quorum Manage node membership in the cluster and describe how it impacts cluster operation. 3 - Isolating malfunctioning cluster nodes Isolate unresponsive cluster nodes to protect data and recover services and resources after a failure. 4 - Creating and configuring resources Create basic resources and resource groups to provide highly available services. 5 - Troubleshooting high availability clusters Identify, diagnose, and fix cluster issues. 6 - Automating cluster and resource deployment Deploy a new high availability cluster and cluster resources using Ansible automation. 7 - Managing two-node clusters Operate two-node clusters while identifying and avoiding issues specific to a two-node cluster configuration. 8 - Accessing iSCSI storage Configure iSCSI initiators on your servers to access block-based storage devices provided by network storage arrays or Ceph storage clusters. 9 - Accessing storage devices resiliently Configure resilient access to storage devices that have multiple access paths. 10 - Configuring LVM in clusters Select, configure, and manage the correct LVM configuration for use in your cluster. 11 - Providing storage with the GFS2 cluster file system Use the GFS2 cluster file system to simultaneously pProvide tightly coupled shared storage that can be accessed by multiple nodes. 12 - Eliminating single points of failure Identify and eliminate single points of failure in your cluster to decrease risk and increase average service availability. Note: Course outline is subject to change with technology advances and as the nature of the underlying job evolves. For questions or confirmation on a specific objective or topic, please contact a training specialist. Additional course details: Nexus Humans Red Hat High Availability Clustering (RH436) training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the Red Hat High Availability Clustering (RH436) course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

The Power of Self Esteem | Register here to attend a Taster 'You Yourself As Much As Anybody In The Entire Universe deserve Your Love and Affection' Self-esteem is our idea of our own basic worth, and it has its roots in our childhood. Early on, our self worth is associated with how others see us or it is linked with our achievements. No matter what we do in life, we can still feel disappointed because our self-esteem depends on others or on what we perceive as our successes or failures. Find out how you can change this! This taster event introduces you to a 2-day Course with MTL Licensed Facilitators, Champions and Coaches Issy Crocker & Pam Barmby which is taking place in March 2024. In a warm and supportive atmosphere the course teaches you simple and practical tools. Audio material summarizes each session, so you can continue to apply what you learned after the course is over. If you engage in Continuing Professional Development this course counts up to 18 CPD hours. You will receive a certificate after we receive your completed post-course evaluation. This course forms part of The More To Life Programme. Course Dates: Sat 2- Sun 3 March 2024 | 9am - 7pm (BST) Location: Wadsworth Community Centre, Billy Lane, Old Town, Hebden Bridge, West Yorkshire HX7 8RY If you want to find out more, contact: Issy.crocker@moretolife.org or phone 07832 288439 or pam.barmby@moretolife.org or phone 07484 215770 If you want to register for the course before attending the Taster, please complete this form https://form.jotform.com/230802833166352

Duration 2 Days 12 CPD hours This course is intended for The intended audience for this comprehensive course on Information Assurance and STIGs includes professionals with roles such as: IT professionals - System administrators, network engineers, and security analysts who are responsible for maintaining and securing IT infrastructure and web applications. Developers - Software engineers and web developers who design, implement, and maintain web applications, and need to integrate security best practices throughout the development process. Project teams - Cross-functional teams that collaborate on application development projects, including members from development, testing, and deployment teams. Technical leads - Senior software engineers or architects who oversee technical aspects of projects and ensure the implementation of secure design and coding practices. Project managers - Professionals responsible for planning, executing, and closing projects, ensuring that security requirements are met throughout the project lifecycle. Overview Working in an interactive learning environment, guided by our application security expert, you'll explore: The concepts and terminology behind defensive coding Threat Modeling as a tool in identifying software vulnerabilities based on realistic threats against meaningful assets The entire spectrum of threats and attacks that take place against software applications in today's world The role that static code reviews and dynamic application testing to uncover vulnerabilities in applications The vulnerabilities of programming languages as well as how to harden installations The basics of Cryptography and Encryption and where they fit in the overall security picture The requirements and best practices for program management as specified in the STIGS The processes and measures associated with the Secure Software Development (SSD) The basics of security testing and planning Understand the concepts and terminology behind defensive coding Understand Threat Modeling as a tool in identifying software vulnerabilities based on realistic threats against meaningful assets Learn the entire spectrum of threats and attacks that take place against software applications in today's world Discuss the role that static code reviews and dynamic application testing to uncover vulnerabilities in applications Understand the vulnerabilities of programming language as well as how to harden installations Understand the basics of Cryptography and Encryption and where they fit in the overall security picture Understand the fundamentals of XML Digital Signature and XML Encryption as well as how they are used within the web services arena Understand the requirements and best practices for program management as specified in the STIGS Understand the processes and measures associated with the Secure Software Development (SSD) Understand the basics of security testing and planning The Information Assurance (STIG) Overview is a comprehensive two-day course that delves into the realm of Information Assurance, empowering you to enhance your cybersecurity skills, understand the essentials of STIGs, and discover cutting-edge web application security practices. This immersive experience is tailored for IT professionals, developers, project teams, technical leads, project managers, testing/QA personnel, and other key stakeholders who seek to expand their knowledge and expertise in the evolving cybersecurity landscape. The course focuses on the intricacies of best practices for design, implementation, and deployment, inspired by the diverse and powerful STIGs, ultimately helping participants become more proficient in application security.The first half of the course covers the foundations of DISA's Security Technical Implementation Guides (STIGs) and learn the ethical approach to bug hunting, while exploring the language of cybersecurity and dissecting real-life case studies. Our expert instrtors will guide you through the importance of respecting privacy, working with bug bounty programs, and avoiding common mistakes in the field.The next half delves into the core principles of information security and application protection, as you learn how to identify and mitigate authentication failures, SQL injections, and cryptographic vulnerabilities. You?ll gain experience with STIG walkthroughs and discover the crucial steps for securing web applications.Throughout the course, you'll also explore the fundamentals of application security and development, including checklists, common practices, and secure development lifecycle (SDL) processes. You?ll learn from recent incidents and acquire actionable strategies to strengthen your project teams and IT organizations. You'll also have the opportunity to explore asset analysis and design review methodologies to ensure your organization is prepared to face future cybersecurity challenges. DISA's Security Technical Implementation Guides (STIGs) The motivations behind STIGs Requirements that the various software development roles must meet Implementing STIG requirements and guidelines Why Hunt Bugs? The Language of CyberSecurity The Changing Cybersecurity Landscape AppSec Dissection of SolarWinds The Human Perimeter Interpreting the 2021 Verizon Data Breach Investigation Report First Axiom in Web Application Security Analysis First Axiom in Addressing ALL Security Concerns Lab: Case Study in Failure Safe and Appropriate Bug Hunting/Hacking Working Ethically Respecting Privacy Bug/Defect Notification Bug Bounty Programs Bug Hunting Mistakes to Avoid Principles of Information Security Secuity Is a Lifecycle Issue Minimize Attack Surface Area Layers of Defense: Tenacious D Compartmentalize Consider All Application States Do NOT Trust the Untrusted Identification and Authentication Failures Applicable STIGs Quality and Protection of Authentication Data Proper hashing of passwords Handling Passwords on Server Side Session Management HttpOnly and Security Headers Lab: STIG Walk-Throughs Injection Applicable STIGs Injection Flaws SQL Injection Attacks Evolve Drill Down on Stored Procedures Other Forms of Server-Side Injection Minimizing Injection Flaws Client-side Injection: XSS Persistent, Reflective, and DOM-Based XSS Best Practices for Untrusted Data Lab: STIG Walk-Throughs Applications: What Next? Common Vulnerabilities and Exposures CWE/SANS Top 25 Most Dangerous SW Errors Strength Training: Project Teams/Developers Strength Training: IT Organizations Cryptographic Failures Applicable STIGs Identifying Protection Needs Evolving Privacy Considerations Options for Protecting Data Transport/Message Level Security Weak Cryptographic Processing Keys and Key Management Threats of Quantum Computing Steal Now, Crack Later Threat Lab: STIG Walk-Throughs Application Security and Development Checklists Checklist Overview, Conventions, and Best Practices Leveraging Common AppSec Practices and Control Actionable Application Security Additional Tools for the Toolbox Strength Training: Project Teams/Developers Strength Training: IT Organizations Lab: Recent Incidents SDL Overview Attack Phases: Offensive Actions and Defensive Controls Secure Software Development Processes Shifting Left Actionable Items Moving Forward Lab: Design Study Review Asset Analysis Asset Analysis Process Types of Application-Related Assets Adding Risk Escalators Discovery and Recon Design Review Asset Inventory and Design Assets, Dataflows, and Trust Boundaries Risk Escalators in Designs Risk Mitigation Options