163 Courses in Cardiff delivered Online

Duration 2 Days 12 CPD hours This course is intended for This Introductory-level course is targeted for aspiring web developers who have software development experience or background. The course can also be adjusted for non-developers upon request. Overview This 'skills-focused' course is approximately 50% hands-on, combining expert lecture, real-world demonstrations and group discussions with machine-based practical labs and exercises. Our instructors are highly experienced practitioners who bring years of current 'on-the-job' experience into every classroom. Introduction to HTML5/ CSS3 and Responsive Design Basics is a hands-on basic web development course geared for developers who need to understand what the latest in web technologies and responsive design practices that are central to targeting the entire spectrum of user platforms and browsers. This comprehensive course provides a balanced mixture of theory and practical labs designed to take students through HTML5 and CSS3. Students who attend this course will leave this course armed with the new skills to design, implement, and deploy robust, flexible, and safe web applications. HTML Define HTML and review its history Look at XHTML and its relationship to HTML Identify HTML limitations and improvements HTML5 HTML5 Overview HTML5 Semantic Structure HTML5 Forms HTML5 Media Delivery CSS Learn the basics of CSS Meaning of cascading in CSS Declaring CSS within your HTML page Creating styles in an external CSS file Control how to display and position HTML elements Overriding standard tag behavior Adding new classes Using custom classes in your page CSS3 Overview What is new in CSS3 The Advantages of CSS3 Browser Support for CSS3 CSS3 Advanced Selectors Selecting Using Attributes Selecting Using DOM Structure Complex Selecting using Pseudo-Classes Selecting Using UI Components and State CSS3 Visual Effects Font Options, Opacity, and Color Distributing Content Across Columns Working with Borders and Boxes Working with Vendor Prefixes Functional Techniques HTML5 JavaScript API Cross-Domain Messaging Working with Web Storage Offline with Application Cache Geolocation: What, Why, and How Responsive Web Design (RWD) Adapting to Varying Screen Sizes Scaling Page and Text Content Scaling and Adapting for Media Options for Adjusting Media Additional course details: Nexus Humans Web Essentials | Introduction to HTML5, CSS3 and Responsive Design (TT4002) training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the Web Essentials | Introduction to HTML5, CSS3 and Responsive Design (TT4002) course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

BGP training course description A detailed study of BGP, from the basics of how it works through to advanced issues such as route reflectors, policy, filtering, route selection and routing registries. The course culminates with a study of an industrial strength BGP template illustrating important issues such as bogon filtering. Practical hands on with routers follow the major sessions to reinforce the theory. A multiple choice exam, leading to the LAIT III certification, is available after the course. The exam consists of 60 questions and lasts 2 hours. What will you learn Connect enterprises to the Internet, and ISPs to each other. Describe how BGP works. List, describe and configure the main BGP attributes. Implement and troubleshoot BGP. Work with route aggregation and calculate CIDR prefixes in seconds. Influence traffic paths with BGP. BGP training course details Who will benefit: Anyone who will be working with BGP. Prerequisites: TCP/IP Foundation for engineers Definitive IP routing for engineers. Duration 5 days BGP training course contents Basic BGP IGPs, EGPs, What's BGP? BGP RIB, in/out process, tables peers, adding routes. Hands on Simple configuration and troubleshooting. The Internet and peering ASs, AS numbers, Internet structure, ISP types, ISP network design, IXs, peering vs. transit, public/ private peering, bi/multi-lateral peering. Hands on AS information gathering. How BGP works Incremental updates, Path vector protocols, BGP protocol stack, the BGP header, message types, NLRI, withdrawn routes, route refresh, route dampening. Hands on More troubleshooting, packet analysis. MBGP and IPv6 Multiprotocol routing, AFI, SAFI, MBGP and multicasts, IPv6, MPLS VPNs. Hands on IPv6 BGPv4 aggregation CIDR, benefits, techniques, shortcuts, configuring BGP aggregation, leaking routes. Hands on Reducing routing table size. BGP path selection BGP attributes, attribute types, route selection order, Local preference, AS prepend, MEDs. Hands on Influencing traffic with BGP. BGP routing policies What is policy? Examples, route filtering, AS filtering, REs, applying preference selectively, peer groups. Hands on Sophisticated policies. RIPE and routing registries RIRs, Allocations, assignments, PI vs. PA. Objects, RPSL, routing registry, Hands on The RIPE database. Automating BGP configuration Automation tools, whois, IRRToolSet, Bogon lists, tracking bogon lists, HTTP, Peering, routing registries, DNS. Communities What is a community? Community names, communities for: peer types and geography. RFC 1998, default communities. Hands on Setting local preference on other routers. Route servers What are route servers? LINX route servers, route server policy control, What are route collectors, Looking glasses. Hands on Setting up and working with a route server. Peer relationships IBGP, EBGP, next hop self, advertising routes into/out of BGP, synchronisation. Hands on IBGP, troubleshooting a large BGP network. Route reflectors and confederations Full mesh IBGP, Route reflectors, RR configuration and design, confederations, migration issues. Hands on RR configuration. BGP architectures Stub vs. transit AS, when to use BGP, multihoming strategies and issues, default routes. Multihop EBGP, load balancing. Hands on Multihoming. BGP security RFC 7454, security steps, BGP TTL security, filters, RPKI, ROAs, rsync, rrdp, validators. A secure BGP template. Hands on RPKI prefix validation.

LINX 3 training course description A detailed study of BGP, from the basics of how it works through to advanced issues such as route reflectors, policy, filtering, route selection and routing registries. The course culminates with a study of an industrial strength BGP template illustrating important issues such as bogon filtering. Practical hands on with routers follow the major sessions to reinforce the theory. A multiple choice exam, leading to the LAIT III certification, is available after the course. The exam consists of 60 questions and lasts 2 hours. What will you learn Connect enterprises to the Internet, and ISPs to each other. Describe how BGP works. List, describe and configure the main BGP attributes. Implement and troubleshoot BGP. Work with route aggregation and calculate CIDR prefixes in seconds. Influence traffic paths with BGP. LINX 3 training course details Who will benefit: Network engineers. Prerequisites: LAIT I and II OR CCNP and take LAIT I and LAIT II exams whilst on this course. Duration 5 days LINX 3 training course contents Basic BGP IGPs, EGPs, What's BGP? BGP RIB, in/out process, tables peers, adding routes. Hands on Simple configuration and troubleshooting. The Internet and peering ASs, AS numbers, Internet structure, ISP types, ISP network design, IXs, peering vs. transit, public/ private peering, bi/multi-lateral peering. Hands on AS information gathering. How BGP works Incremental updates, Path vector protocols, BGP protocol stack, the BGP header, message types, NLRI, withdrawn routes, route refresh, route dampening. Hands on More troubleshooting, packet analysis. MBGP and IPv6 Multiprotocol routing, AFI, SAFI, MBGP and multicasts, IPv6, MPLS VPNs. Hands on IPv6 BGPv4 aggregation CIDR, benefits, techniques, shortcuts, configuring BGP aggregation, leaking routes. Hands on Reducing routing table size. BGP path selection BGP attributes, attribute types, route selection order, Local preference, AS prepend, MEDs. Hands on Influencing traffic with BGP. BGP routing policies What is policy? Examples, route filtering, AS filtering, REs, applying preference selectively, peer groups. Hands on Sophisticated policies. RIPE and routing registries RIRs, Allocations, assignments, PI vs. PA. Objects, RPSL, routing registry, Hands on The RIPE database. Automating BGP configuration Automation tools, whois, IRRToolSet, Bogon lists, tracking bogon lists, HTTP, Peering, routing registries, DNS. Communities What is a community? Community names, communities for: peer types and geography. RFC 1998, default communities. Hands on Setting local preference on other routers. Route servers What are route servers? LINX route servers, route server policy control, What are route collectors, Looking glasses. Hands on Setting up and working with a route server. Peer relationships IBGP, EBGP, next hop self, advertising routes into/out of BGP, synchronisation. Hands on IBGP, troubleshooting a large BGP network. Route reflectors and confederations Full mesh IBGP, Route reflectors, RR configuration and design, confederations, migration issues. Hands on RR configuration. BGP architectures Stub vs. transit AS, when to use BGP, multihoming strategies and issues, default routes. Multihop EBGP, load balancing. Hands on Multihoming. BGP security RFC 7454, security steps, BGP TTL security, filters, RPKI, ROAs, rsync, rrdp, validators. A secure BGP template. Hands on RPKI prefix validation.

Linux training course description A Linux foundation appropriate for all flavours of Linux, focussed on getting network engineers up and running with Linux. The command line is used throughout. The course progresses from the basics of Linux commands onto useful tools such as grep, then shell features such as piping and then onto shell scripting. Administration aspects covered are the tasks network engineers are most likely to encounter such as software installation. Hands on exercises concentrate on network related tasks such as installing net-snmp and using shell scripts to provide network automation. What will you learn Use Linux commands to perform a variety of tasks from manipulating files to handling processes. Create and edit files with vi. Work with permissions. Write simple shell scripts. Install software packages. Configure base networking. Linux training course details Who will benefit: Network engineers. Prerequisites: TCP/IP Foundation Duration 5 days Linux training course contents What is Linux? Linux distributions, open source software. Getting started Logging in, changing passwords, logging out. Hands on Basics and root access. Linux basics Command structure. The Linux manuals, basic commands (who, date, tty, uname, echo, banner...). Hands on Using the CLI. Connecting to a network IP configuration, DHCP, static addressing, routing, ifconfig, ping, netstat, traceroute, dig. Hands on Network configuration and testing. Managing Software Package Concepts, Comparison of package formats, RPM, rpm Commands, Yum, Debian Packages, dpkg, apt-cache, apt-get, dselect, aptitude, Converting Between Package Formats, Dependencies and Conflicts, Startup Script Problems, Shared Libraries, Library Management Hands on Installing network packages such as nmap and net-snmp. Processes and log files ps, kill, background processes, at, exec, priorities. Managing Linux log files. Syslogd. Setting the time. Cron and cronjobs. Managing Processes, the Kernel: The First Process. Hands on Controlling daemons and services. Setting up a TFTP server. Filesystem commands Home directories, manipulating files and directories, Filesystem layout, Pathnames, hard and symbolic links. Viewing files. Hands on Exploring the filesystem, working with network device configuration files. The Linux editors ed, vi, shell escapes, .exrc. Hands on Editing network device configuration files. Extracting data from files grep, find, cut, sort and paste… Hands on Working with syslog files. Permissions Theory, chmod, chown, newgrp. Hands on Handling permission problems. The shell Metacharacters, piping and redirection. Hands on Running SNMP commands and working with their output. Basic shell scripting What are shell scripts? Simple scripts, control structures. Variable. Setting variables, using variables, set, scope, export, sourcing, environmental variables, read. Positional parameters: $0 to $9, $#, $* and others. shift parameter substitution. Control statements: The test command, if , while loops, for loops, the case statement. Hands on Automating network tasks. Customising your environment Environmental variables, stty, .profile and other startup files. Hands on Customising Linux. Introduction to administration The root user, su. Managing users and groups. Hands on The power of root. Archiving files Backups, tar, cpio, dd, gzip. Hands on Working with tar files. Booting Linux and Editing Files Installing Boot Loaders, GRUB Legacy, GRUB 2, Alternative Boot Loaders, the Boot Process, Boot Messages, Runlevels and the Initialization Process, Runlevel Functions, Runlevel Services, Alternative Boot Systems , Upstart, system. Hands on Installing network services on Linux.

Network+ training course description This network+ course covers the TCP/IP side of the exam. For delegates to pass the exam it is important that they meet the prerequisites, self study is also required. An intensive hands on IP foundation. The course focuses on all parts of TCP/IP including layers 4 to 7 on end stations as well as layer 3 on routers. The TCP/IP protocols are also studied to enable delegates to be able to troubleshoot TCP/IP using Wireshark. Hands on sessions are used to reinforce the theory rather than teach specific manufacturer equipment. What will you learn Use ping, traceroute and other tools to diagnose faults on a network. Configure IP on PCs and routers. Plan IP addresses and subnets. Analyse IP and TCP packets using an analyser. Troubleshoot TCP/IP. Network+ training course details Who will benefit: Those wishing to pass the Network+ exam. Prerequisites: Introduction to data communications & networking Duration 5 days Network+ training course contents What is TCP/IP? TCP and IP are protocols, 7 layer model, network layers, hardware/software layers, internetworking, protocols, What is IP? What is TCP? The internet, The IAB, RFCs. Ping and Wireshark Host configuration, IP addresses, subnet masks, default gateways, ping. Hands on Base configuration. Testing with ping. Analysing packets with Wireshark. Switches and Wireshark Switches versus hubs, layer 2 forwarding table, flooding, broadcasts. Hands on Building a switched based network. Configuring network devices Configuration options, console port, putty, telnet. Hands on Configuring switches, telnet. IP IP packet format, protocol field, TTL, DiffServ, fragments, ICMP. Hands on IP packet analysis. IP addressing 32 bits, dotted decimal, rules, networks, role of subnet masks, simple subnetting, prefix notation. Broadcasts, special use addresses. Hands on Planning and implementing addressing. IP and the lower layers ARP, media not supporting ARP. Hands on ARP. Routing What are routers? What routers do, default gateways, routing and addressing, routing tables, ways to update routing tables. Hands on Building a routed network, traceroute. Routing protocols IGPs and EGPs, RIP, RIPv2, Why not to use RIP, OSPF, OSPF metrics, convergence, distance vector protocols, link state protocols. Hands on OSPF, analysing routing tables, loopbacks. Network simulators Network simulators, EVE-NG, GNS3, CML. Hands on Using EVE-NG. Subnetting Subnetting to the bit level, ranges, how prefixes are used. Hands on Subnetting. VLANS and IP addressing What are VLANs, tagging, 802.1Q, Inter VLAN routing. Hands on Inter VLAN routing. TCP and UDP Layer 4, port numbers, client ports, broadcasts multicasts and layer 4, UDP header, TCP header, connections, ACK, sliding windows, options, connection states. Sockets. Hands on Analysing TCP packets. IPv4 address configuration Private addresses, NAT, NAPT, dynamic addressing, DHCP, link local addresses. Hands on DHCP, NAT. IPv6 What is IPv6, 128 bit addresses, address formats, IPv6 address allocation, header format, migration, dual stack, tunnelling, NAT64, DNS64. Hands on IPv6 setup troubleshooting. IPv6 address configuration Static addressing, EUI-64 addresses, IPv6 address order, SLAAC, DHCPv6. Hands on SLAAC. Applications Clients, servers, HTTP, Email, resource sharing, VoIP, video, terminal emulation, remote desktop. Network management and SNMP. Hands on Servers, TFTP, VoIP packet analysis. DNS Names and addresses, hosts file, how DNS works. FQDNs, DNS client configuration. Hands on Troubleshooting DNS. Security Firewalls, firewall architectures, DMZ, how firewalls work, proxy servers, filtering, ACLs, IDS, VPNs, authentication, encryption, tunnels, secure protocols. Hands on Firewalls, SSH Troubleshooting Methods, tools. Using the 7 layer model. Troubleshooting toolkits. Hands on Fixing the network.

Definitive 802.1X training course description A hands-on training course concentrating solely on 802.1X. Hands on sessions follow major chapters to reinforce the theory. What will you learn Describe 802.1X. Explain how 802.1X works Configure 802.1X Troubleshoot 802.1X. Definitive 802.1X training course details Who will benefit: Technical network staff. Technical security staff. Prerequisites: SIP for engineers Duration 2 days Definitive 802.1X training course contents Introduction What is 802.1X? Authentication access, 802.3, 802.11. IEEE, 802, 802.1X-2001, 802.1X-2010. Architecture Supplicant, Authenticator, Authentication server, EAP, EAPOL, RADIUS, Diameter. Port configuration 802.1X in a switch environment. Hands on Configuring 802.1X. How it works Controlled ports, uncontrolled ports. Authentication flow chart, Initialisation, initiation, negotiation, authentication. Hands on 802.1X packet analysis. 802.1X and 802.11 WiFi, WiFi security. Hands on 802.1X WiFi port access. EAP Extensible Authentication Protocol, RFC 3748, RFC 5247. EAP methods: Weak, MD5, LEAP, Strong: TTLS, TLS, FAST. Encapsulation: 802.1X, PEAP, RADIUS, Diameter, PPP. 802.1X accounting RADIUS, accounting messages, 802.1X accounting AV pairs. 8021.X and VLANS VLANs, Guest VLAN, restricted VLAN, voice VLAN. Hands on VLAN assignments with 802.1X.

Zeroconf and Bonjour training course description A hands on training course focusing on Microsoft and Apple implementations of Zeroconf. The course covers all three main areas: Interface configuration, name resolution and service discovery. Hands on with Apple Bonjour and Microsoft UPnP compliment all the major theory sessions. What will you learn Explain how mDNS and LLMNR work. Explain how DNS-SD and SSDP work. Recognise the role of service discovery gateways. Zeroconf and Bonjour training course details Who will benefit: Technical staff working with Zeroconf. Developers using Zeroconf. Prerequisites: TCP/IP Foundation for engineers Duration 2 day Zeroconf and Bonjour training course contents What is Zeroconf? Zeroconf, architecture, Microsoft UPnP, Apple, Bonjour, devices, components. Home networks, enterprise networks, BYOD. Plug and play without Zeroconf DHCP, DNS, A, PTR, SRV records, DDNS. Hands on DHCP configuration. Address selection IPv4 link local addresses, IPv6 link local addresses. Hands: Addresses without DHCP. Name resolution mDNS, finding names, announcing names, .local DNS namespace, LLMNR. Hands on Names without DNS. Role of multicasting Multicast addresses, multicasts and switches, multicasts and routers. Hands on Multicasts, TTL. Service discovery DNS-SD, SRV and TXT lookups, SSDP, HTTP. Hands on Browsing for services Zeroconf in a routed environment Service Discovery gateways, configuration, service filters, DNS-LLQ, NAT-PMP. Miscellaneous Security, automatic multicast addresses, wireless auto configuration.

Duration 5 Days 30 CPD hours This course is intended for This introductory-level, fast-paced course is for skilled web developers new to React who have prior experienced working HTML5, CSS3 and JavaScript. Overview Our engaging instructors and mentors are highly experienced practitioners who bring years of current 'on-the-job' experience into every classroom. Working in a hands-on learning environment, guided by our expert team, attendees will learn about and explore: A basic and advanced understanding of React components An advanced, in-depth knowledge of how React works A complete understanding of using Redux How to build, validate, and populate interactive forms How to use inline styles for perfect looking components How to test React components How to build and use components How to get control of your build process A deep understanding of data-driven modeling with props and state How to use client-side routing for pages in your apps How to debug a React application Mastering React is a comprehensive hands-on course that aims to be the single most useful resource on getting up to speed quickly with React. Geared for more experienced web developers new to React, this course provides students with the core knowledge and hands-on skills they require to build reliable, powerful React apps. After the first few modules, you?ll have a solid understanding of React?s fundamentals and will be able to build a wide array of rich, interactive web apps with the framework. The first module is an introduction to the new functionality in ECMAScript 6 (JavaScript). Client-side routing between pages, managing complex state, and heavy API interaction at scale are also covered. This course consists of two parts. In the first part of the course students will explore all the fundamentals with a progressive, example-driven approach. You?ll create your first apps, learn how to write components, start handling user interaction, and manage rich forms. We end the first part by exploring the inner workings of Create React App (Facebook?s tool for running React apps), writing automated unit tests, and building a multi-page app that uses client-side routing. The latter part of the course moves into more advanced concepts that you?ll see used in large, production applications. These concepts explore strategies for data architecture, transport, and management: Redux is a state management paradigm based on the Flux architecture. Redux provides a structure for large state trees and allows you to decouple user interaction in your app from state changes. GraphQL is a powerful, typed, REST API alternative where the client describes the data it needs. Hooks is the powerful, new way to maintain state and properties with functional components and the future of React according to Facebook. ES6 Primer (Optional) Prefer const and let over var Arrow functions Modules Object.assign() Template literals The spread operator and Rest parameters Enhanced object literals Default arguments Destructuring assignments Your first React Web Application Setting up your development environment JavaScript ES6 /ES7 Getting started What?s a component? Our first component Building the App Making the App data-driven Your app?s first interaction Updating state and immutability Refactoring with the Babel plugin transform-class-properties JSX and the Virtual DOM React Uses a Virtual DOM Why Not Modify the Actual DOM? What is a Virtual DOM? Virtual DOM Pieces ReactElement JSX JSX Creates Elements JSX Attribute Expressions JSX Conditional Child Expressions JSX Boolean Attributes JSX Comments JSX Spread Syntax JSX Gotchas JSX Summary Components A time-logging app Getting started Breaking the app into components The steps for building React apps from scratch Updating timers Deleting timers Adding timing functionality Add start and stop functionality Methodology review Advanced Component Configuration with props, state, and children ReactComponent props are the parameters PropTypes Default props with getDefaultProps() context state Stateless Components Talking to Children Components with props.children Forms Forms 101 Text Input Remote Data Async Persistence Redux Form Modules Unit Testing & Jest Writing tests without a framework What is Jest? Using Jest Testing strategies for React applications Testing a basic React component with Enzyme Writing tests for the food lookup app Writing FoodSearch.test.js Routing What?s in a URL? React Router?s core components Building the components of react-router Dynamic routing with React Router Supporting authenticated routes Intro to Flux and Redux Why Flux? Flux is a Design Pattern Flux implementations Redux & Redux?s key ideas Building a counter The core of Redux The beginnings of a chat app Building the reducer() Subscribing to the store Connecting Redux to React Intermediate Redux Using createStore() from the redux library Representing messages as objects in state Introducing threads Adding the ThreadTabs component Supporting threads in the reducer Adding the action OPEN_THREAD Breaking up the reducer function Adding messagesReducer() Defining the initial state in the reducers Using combineReducers() from redux React Hooks Motivation behind Hooks How Hooks Map to Component Classes Using Hooks Requires react 'next' useState() Hook Example useEffect() Hook Example useContext() Hook Example Using Custom Hooks Using Webpack with Create React App JavaScript modules Create React App Exploring Create React App Webpack basics Making modifications Hot reloading; Auto-reloading Creating a production build Ejecting Using Create React App with an API server When to use Webpack/Create React App Using GraphQL Your First GraphQL Query GraphQL Benefits GraphQL vs. REST GraphQL vs. SQL Relay and GraphQL Frameworks Chapter Preview Consuming GraphQL Exploring With GraphiQL GraphQL Syntax 101 . Complex Types Exploring a Graph Graph Nodes ; Viewer Graph Connections and Edges Mutations Subscriptions GraphQL With JavaScript GraphQL With React

Duration 2 Days 12 CPD hours This course is intended for This is an introduction to database security course for intermediate skilled team members. Attendees might include DBAs, system administrators, developers and other enterprise team members. Ideally, students should have approximately 6 months to a year of database working knowledge. Overview Students who attend Securing Databases will leave the course armed with the skills required to recognize actual and potential database vulnerabilities, implement defenses for those vulnerabilities, and test those defenses for sufficiency. This course introduces students to the most common security vulnerabilities faced by databases today. Each vulnerability is examined from a database perspective through a process of describing the threat and attack mechanisms, recognizing associated vulnerabilities, and, finally, designing, implementing, and testing effective defenses. Multiple practical demonstrations reinforce these concepts with real vulnerabilities and attacks. Students will learn how to design and implement the layered defenses they will need in defending their own databases. Securing Databases is an essential training course for DBAs and developers who need to produce secure database applications and manage secure databases. Data, databases, and related resources are at the heart of most IT infrastructures. These assets can have high value from a business, regulatory, and liability perspective, and must be protected accordingly. This course showcases demonstrations on how to repeatedly attack and then defend various assets associated with a fully functional database. This approach illustrates the mechanics of how to secure databases in the most practical of terms. Security experts agree that the least effective approach to security is 'penetrate and patch'. It is far more effective to 'bake' security into an application throughout its lifecycle. After spending significant time trying to defend a poorly designed (from a security perspective) database application, students will learn how to build secure their databases and applications, starting at project inception. Securing Databases Foundation Why Hunt for Security Defects? Fingerprinting Databases Principles of Information Security Database Security Vulnerabilities Database Security Concerns Vulnerabilities Cryptography Overview Database Security Database Security What Next? Secure Development Lifecycle (SDL) SDL Process Overview Taking Action Now Asset Analysis Design Review Making Application Security Real

Duration 2 Days 12 CPD hours This course is intended for The intended audience for this comprehensive course on Information Assurance and STIGs includes professionals with roles such as: IT professionals - System administrators, network engineers, and security analysts who are responsible for maintaining and securing IT infrastructure and web applications. Developers - Software engineers and web developers who design, implement, and maintain web applications, and need to integrate security best practices throughout the development process. Project teams - Cross-functional teams that collaborate on application development projects, including members from development, testing, and deployment teams. Technical leads - Senior software engineers or architects who oversee technical aspects of projects and ensure the implementation of secure design and coding practices. Project managers - Professionals responsible for planning, executing, and closing projects, ensuring that security requirements are met throughout the project lifecycle. Overview Working in an interactive learning environment, guided by our application security expert, you'll explore: The concepts and terminology behind defensive coding Threat Modeling as a tool in identifying software vulnerabilities based on realistic threats against meaningful assets The entire spectrum of threats and attacks that take place against software applications in today's world The role that static code reviews and dynamic application testing to uncover vulnerabilities in applications The vulnerabilities of programming languages as well as how to harden installations The basics of Cryptography and Encryption and where they fit in the overall security picture The requirements and best practices for program management as specified in the STIGS The processes and measures associated with the Secure Software Development (SSD) The basics of security testing and planning Understand the concepts and terminology behind defensive coding Understand Threat Modeling as a tool in identifying software vulnerabilities based on realistic threats against meaningful assets Learn the entire spectrum of threats and attacks that take place against software applications in today's world Discuss the role that static code reviews and dynamic application testing to uncover vulnerabilities in applications Understand the vulnerabilities of programming language as well as how to harden installations Understand the basics of Cryptography and Encryption and where they fit in the overall security picture Understand the fundamentals of XML Digital Signature and XML Encryption as well as how they are used within the web services arena Understand the requirements and best practices for program management as specified in the STIGS Understand the processes and measures associated with the Secure Software Development (SSD) Understand the basics of security testing and planning The Information Assurance (STIG) Overview is a comprehensive two-day course that delves into the realm of Information Assurance, empowering you to enhance your cybersecurity skills, understand the essentials of STIGs, and discover cutting-edge web application security practices. This immersive experience is tailored for IT professionals, developers, project teams, technical leads, project managers, testing/QA personnel, and other key stakeholders who seek to expand their knowledge and expertise in the evolving cybersecurity landscape. The course focuses on the intricacies of best practices for design, implementation, and deployment, inspired by the diverse and powerful STIGs, ultimately helping participants become more proficient in application security.The first half of the course covers the foundations of DISA's Security Technical Implementation Guides (STIGs) and learn the ethical approach to bug hunting, while exploring the language of cybersecurity and dissecting real-life case studies. Our expert instrtors will guide you through the importance of respecting privacy, working with bug bounty programs, and avoiding common mistakes in the field.The next half delves into the core principles of information security and application protection, as you learn how to identify and mitigate authentication failures, SQL injections, and cryptographic vulnerabilities. You?ll gain experience with STIG walkthroughs and discover the crucial steps for securing web applications.Throughout the course, you'll also explore the fundamentals of application security and development, including checklists, common practices, and secure development lifecycle (SDL) processes. You?ll learn from recent incidents and acquire actionable strategies to strengthen your project teams and IT organizations. You'll also have the opportunity to explore asset analysis and design review methodologies to ensure your organization is prepared to face future cybersecurity challenges. DISA's Security Technical Implementation Guides (STIGs) The motivations behind STIGs Requirements that the various software development roles must meet Implementing STIG requirements and guidelines Why Hunt Bugs? The Language of CyberSecurity The Changing Cybersecurity Landscape AppSec Dissection of SolarWinds The Human Perimeter Interpreting the 2021 Verizon Data Breach Investigation Report First Axiom in Web Application Security Analysis First Axiom in Addressing ALL Security Concerns Lab: Case Study in Failure Safe and Appropriate Bug Hunting/Hacking Working Ethically Respecting Privacy Bug/Defect Notification Bug Bounty Programs Bug Hunting Mistakes to Avoid Principles of Information Security Secuity Is a Lifecycle Issue Minimize Attack Surface Area Layers of Defense: Tenacious D Compartmentalize Consider All Application States Do NOT Trust the Untrusted Identification and Authentication Failures Applicable STIGs Quality and Protection of Authentication Data Proper hashing of passwords Handling Passwords on Server Side Session Management HttpOnly and Security Headers Lab: STIG Walk-Throughs Injection Applicable STIGs Injection Flaws SQL Injection Attacks Evolve Drill Down on Stored Procedures Other Forms of Server-Side Injection Minimizing Injection Flaws Client-side Injection: XSS Persistent, Reflective, and DOM-Based XSS Best Practices for Untrusted Data Lab: STIG Walk-Throughs Applications: What Next? Common Vulnerabilities and Exposures CWE/SANS Top 25 Most Dangerous SW Errors Strength Training: Project Teams/Developers Strength Training: IT Organizations Cryptographic Failures Applicable STIGs Identifying Protection Needs Evolving Privacy Considerations Options for Protecting Data Transport/Message Level Security Weak Cryptographic Processing Keys and Key Management Threats of Quantum Computing Steal Now, Crack Later Threat Lab: STIG Walk-Throughs Application Security and Development Checklists Checklist Overview, Conventions, and Best Practices Leveraging Common AppSec Practices and Control Actionable Application Security Additional Tools for the Toolbox Strength Training: Project Teams/Developers Strength Training: IT Organizations Lab: Recent Incidents SDL Overview Attack Phases: Offensive Actions and Defensive Controls Secure Software Development Processes Shifting Left Actionable Items Moving Forward Lab: Design Study Review Asset Analysis Asset Analysis Process Types of Application-Related Assets Adding Risk Escalators Discovery and Recon Design Review Asset Inventory and Design Assets, Dataflows, and Trust Boundaries Risk Escalators in Designs Risk Mitigation Options