fbpx

Training with Iverson classes

Training is not a commodity – all training centres are not the same. Iverson Associates Sdn Bhd is the most established, the most reputable, and the top professional IT training provider in Malaysia. With a large pool of experienced and certified trainers, state-of-the-art facilities, and well-designed courseware, Iverson offers superior training, a more impactful learning experience and highly effective results.

At Iverson, our focus is on providing high-quality IT training to corporate customers, meeting their learning needs and helping them to achieve their training objectives. Iverson has the flexibility to provide training solutions whether for a single individual or the largest corporation in a well-paced or accelerated training programme.

Our courses continue to evolve along with the fast-changing technological advances. Our instructor-led training services are available on a public and a private (in-company) basis. Some of our courses are also available as online, on demand, and hybrid training.

Decoding Web Application Hacking and Security
Web Application Hacking and Security has challenges derived from the engaging iLab environments of EC Council – from Certified Ethical Hacker (CEH) to the Certified Penetration Testing Professional (CPENT); from Certified Application Security Engineer (CASE) .Net to Java. But Web Application Hacking and Security goes beyond this to more difficult scenarios as you advance through each problem.

Web Application Hacking and Security is like a Capture-The-Flag (CTF) competitions meant to test your hacking skills. But you can keep on trying until you achieve the goal. Test your skills and work alone to solve complex problems or follow the instructor as they do a walkthroughs to help you learn Web Application Hacking and Security.

Watch your name rise on the leader board, a place where you’ll see who’s cracking the most challenges, who’s making the most progress, who’s cranking out the [email protected]$!

What is included
Video tutorials – 1 year access
Break the Code labs (24 challenges) – 3 months access
Exam – Exam Dashboard validity period of 30 days from the day user activates exam dashboard

 

Exam and Certification
The Web Application Hacking and Security exam assesses candidates’ skills and proficiency on a broad spectrum of OWASP Top-10 web application vulnerabilities and attack vectors. Web Application Hacking and Security Exam is a fully online, remotely proctored practical exam that challenges candidates through a grueling 6-hour performance based, hands-on exam.

The exam focuses on candidates’ proficiency in performing a web application security assessment in real life stressful scenario. Candidates who score more than 60% will earn the Certified Web Application Security Associate certification, candidates who score more than 75% will be awarded the Certified Web Application Security Professional certification and candidates who score more than 90% attain the prestigious Certified Web Application Security Expert certification!

Additional Info

  • Certification Course only
  • Exam Price Exclude
  • Duration 1 Year Access
  • Audience

    If you are tasked with implementing, managing, or protecting web applications, then this course is for you. If you are a cyber or tech professional who is interested in learning or recommending mitigation methods to a myriad of web security issues and want a pure hands-on program, then this is the course you have been waiting for.

    • Penetration Tester

    • Ethical Hacker

    • Web Application Penetration

    • Tester/Security Engineer

    • Auditor

    • Red Team Engineer

    • Information Security Engineer

    • Risk/Vulnerability Analyst

    • Vulnerability Manager

    • Incident responder

  • Prerequisities

    Pre-requisite

    It is recommended to have:

    • Good understanding of web application working

    • Basic working knowledge of the Linux command line

    • Basic knowledge of OSes and file systems

    • Basic knowledge of Bash and/or Python scripting

     

    Host System Requirement

    Minimum Hardware Requirements for the Host OS:

    • CPU: Intel i3(3.6 GHz per core) 64-bit/AMD Ryzen 3(3.6 GHz per core)

    • RAM: 8 GB

    • HDD: 60 GB available space

    • Peripherals: External or Integrated Webcam

     

    Software Requirements for the Host OS:

    • Operating system: Windows 8.1 x64 or later/ MAC OSX

    • Virtualization Software: Any latest solution such as VMware Player/VMware Workstation 8.0/VMware Fusion 7.0 or later, Hyper-V, VirtualBox

    • Browser: Any modern browser such as Chrome, Firefox, Internet Explorer

    • Internet: A stable Internet connection with a minimum of 5mbps Download and 1mbps Upload speeds. It is recommended to use hard-wired connection instead of wireless.

     

    Virtual Machine Resource Requirement

    Your virtual machine should be able to run penetration testing Linux distribution such as Parrot Security/Kali Linux or your own penetration testing toolkit.

     

    VPN Software: The virtual machine should be installed with OpenVPN Connect client software. You can download it at https://openvpn.net/download-open-vpn/. The Parrot Security/Kali Linux distros come pre-installed with the OpenVPN client.

  • At Course Completion

    Unlike many Capture-the-Flag challenges and Vulnerable Virtual Machines, Web Application Hacking and Security provides the challenger with the ability to follow an instructor as they make their way through the challenges. The instructor will present alternatives, do scans, upload malicious payloads, and crack passwords from their home computer just like you.

    – But don’t rely on the walkthrough; challenge yourself and see how far you can get. Play some of the walkthroughs, then pause and try some more.

    In the process, you will learn about application vulnerabilities and web application hacking. Even though this will prove useful for other CTF contests, and in cracking VVMs, it will be even more useful to your career as you learn to defend your applications and progress to Web Application Hacking and Security.

     

    Course Outline

    • Advanced Web Application Penetration Testing

    • Advanced SQL Injection (SQLi)

    • Reflected, Stored and DOM-based Cross Site Scripting (XSS)

    • Cross Site Request Forgery (CSRF) – GET and POST Methods

    • Server-Side Request Forgery (SSRF)

    • Security Misconfigurations

    • Directory Browsing/Bruteforcing

    • CMS Vulnerability Scanning

    • Network Scanning

    • Auth Bypass

    • Web App Enumeration

    • Dictionary Attack

    • Insecure Direct Object Reference Prevention (IDOR)

    • Broken Access Control

    • Local File Inclusion (LFI)

    • Remote File Inclusion (RFI)

    • Arbitrary File Download

    • Arbitrary File Upload

    • Using Components with Known Vulnerabilities

    • Command Injection

    • Remote Code Execution

    • File Tampering

    • Privilege Escalation

    • Log Poisoning

    • Weak SSL Ciphers

    • Cookie Modification

    • Source Code Analysis

    • HTTP Header modification

    • Session Fixation

    • Clickjacking

  • Module 1 Content

    • Advanced Web Application Penetration Testing

    • Advanced SQL Injection (SQLi)

    • Reflected, Stored and DOM-based Cross Site Scripting (XSS)

    • Cross Site Request Forgery (CSRF) – GET and POST Methods

    • Server-Side Request Forgery (SSRF)

    • Security Misconfigurations

    • Directory Browsing/Bruteforcing

    • CMS Vulnerability Scanning

    • Network Scanning

    • Auth Bypass

    • Web App Enumeration

    • Dictionary Attack

    • Insecure Direct Object Reference Prevention (IDOR)

    • Broken Access Control

    • Local File Inclusion (LFI)

    • Remote File Inclusion (RFI)

    • Arbitrary File Download

    • Arbitrary File Upload

    • Using Components with Known Vulnerabilities

    • Command Injection

    • Remote Code Execution

    • File Tampering

    • Privilege Escalation

    • Log Poisoning

    • Weak SSL Ciphers

    • Cookie Modification

    • Source Code Analysis

    • HTTP Header modification

    • Session Fixation

    • Clickjacking

RM2,950.00(+RM177.00 Tax)

EC-Council’s Certified Penetration Tester (CPENT) program teaches you how to perform an effective penetration test in an enterprise network environment that must be attacked, exploited, evaded, and defended. If you have only been working in flat networks, CPENT’s live practice range will teach you to take your skills to the next level by teaching you how to pen test IoT systems, OT systems, how to write your own exploits, build your own tools, conduct advanced binaries exploitation, double pivot to access hidden networks, and also customize scripts/exploits to get into the innermost segments of the network.

  • The course is presented through an enterprise network environment that must be attached, exploited, evaded, and defended
  • EC-Council’s CPENT gives the industry an ability to assess a Pen Tester’s skills across a broad spectrum of “network zones”
  • What makes the CPENT different is the requirement to be provided a variety of different scoped of ework so that the candidate can “think on their feet”
  • The result of this is that there are different zones representing different types of testing
  • Anyone attempting the test will have to perfume their assessment against these different zones

Additional Info

  • Certification Course & Certificate
  • Course Code CPENT
  • Price RM8100
  • Exam Price Include
  • Exam Code CPENT
  • Duration 5 Days
  • CertificationInfo EC-Council Certified Security Analyst
  • Principals EC-Council
  • Schedule

    11-15 Jan 2021

    15-19 Mar 2021

    31 May - 4 Jun 2021

    26-30 Jul 2021

    2-6 Aug 2021

    27 Sep - 1 Oct 2021

    8-12 Nov 2021

  • Audience
    • Ethical Hackers
    • Penetration Testers
    • Information Security Consultant
    • Security Analyst
    • Security Engineer
    • Network server administrators
    • Firewall Administrators
    • Security Testers
    • System Administrators and Risk Assessment professionals
  • Prerequisities

    There are no defined pre-requisite for the exam, but it is strongly recommend that candidates to attempt the CEH (Practical) and/ or ECSA (Practical) prior to attempting CPENT

    Extensive knowledge of penetration testing across multiple disciplines extending from windows, IoTs, inline defenses to automation, operational technology, and advanced skills in binary exploitation. The certification tests the knowledge of tester not only on automated tools but manual testing skills as well.

  • Module 1 Title Course Outline
  • Module 1 Content

    Module 01: Introduction to Penetration Testing

    Module 02: Penetration Testing Scoping and Engagement

    Module 03: Open Source Intelligence (OSINT)

    Module 04: Social Engineering Penetration Testing

    Module 05: Network Penetration Testing – External

    Module 06: Network Penetration Testing– Internal

    Module 07: Network Penetration Testing – Perimeter Devices

    Module 08: Web Application Penetration Testing

    Module 09: Wireless Penetration Testing

    Module 10: IoT Penetration Testing

    Module 11: OT/SCADA Penetration Testing

    Module 12: Cloud Penetration Testing

    Module 13: Binary Analysis and Exploitation

    Module 14: Report Writing and Post Testing Actions

  • Module 2 Title Single Exam, Dual Certification
  • Module 2 Content

    CPENT is a fully online, remotely proctored practical exam that challenges candidates through a grueling 24-hour performance-based, hands-on exam. The exam is broken into 2 practical exams of 12-hours each that will test your perseverance and focus by forcing you to outdo yourself with each new challenge. Candidates have the option to choose either 2 12-hour exams or one 24-hour exam.

     

    Candidates who score more than 70% will earn the CPENT certification. Candidates who score more than 90% attain the prestigious LPT (Master) credential!

     

    Exam features:

    • Choose your challenge! Either two 12-Hour sessions or a single 24-Hour exam!

    • EC-Council specialists proctor the entire exam – Validity is not in question.

    • Score at least 70% and become a CPENT

    • Score at least 90% and earn the highly regarded LPT (Master) designation!

     

    To be a LPT (Master) means that you can find chinks in the armor of defense-in-depth network security models with the help of network pivoting, making exploit codes work in your favor, or by writing Bash, Python, Perl, and Ruby scripts. The live range CPENT exam demands that you think on your feet, be creative in your approach, and not rely on the conventional techniques.

     

    Outsmarting and out maneuvering the adversary is what sets you apart from the crowd. The CPENT’s hands-on exam offers a challenge like no other by simulating a complex network in real time. This experience will test your perseverance and focus by forcing you to outdo yourself with each new challenge.

  • Module 3 Title CPENT Benefits
  • Module 3 Content
    • 100% mapped with the NICE framework.
    • 100% methodology-based penetration testing program.
    • Blends both manual and automated penetration testing approaches.
    • Designed with the most common penetration testing practices offered by the best service providers.
    • Maps to all major Job Portals. Role Title: Penetration Tester and Security Analyst.
    • Provides strong reporting writing guidance.
    • Gives a real-world experience through an Advanced Penetration Testing Range.
    • Provides candidates with standard Pen test for use in the field.
RM8,100.00(+RM486.00 Tax)
* Training Dates:

The Red Hat Certified Specialist in Identity Management exam (EX362) tests your knowledge, skills, and ability to create, configure, and manage Red Hat® Enterprise Linux authentication services and integrate those services with a variety of Red Hat and non-Red Hat products and technologies.

By passing this exam, you become a Red Hat Certified Specialist in Identity Management, which also counts toward becoming a Red Hat® Certified Architect (RHCA®).

This exam is based on Red Hat Enterprise Linux 7, Red Hat Satellite Server 6, Red Hat Ansible Tower 2, and Microsoft Windows 10 Active Directory.

Additional Info

  • Certification Certificate only
  • Price RM1800
  • Exam Price Include
  • Exam Code EX362
  • Duration 0.5 Days
  • CertificationInfo Red Hat Certified Specialist in Identity Management
  • Principals Red Hat
  • Audience

    These audiences may be interested in becoming a Red Hat Certified Specialist in Directory Services and Authentication:

    • Any Red Hat Certified Engineer (RHCE) who wishes to become a Red Hat Certified Architect (RHCA).
    • System administrators who want to demonstrate the ability to configure authentication services and link other products to those services.
  • Prerequisities
    • Be a Red Hat Certified System Administrator (RHCSA) or have comparable work experience and skills (Red Hat Certified Engineer (RHCE) certification recommended)
    • Take the Red Hat Security: Identity Management and Active Directory Integration (RH362) course or have comparable work experience
    • Review the Red Hat Certified Specialist in Directory Services and Authentication exam objectives
    • While not required, experience with these products is also recommended:
      • Red Hat Satellite Server 6.3
      • Red Hat Ansible Tower
      • Microsoft Active Directory Server 2016
RM1,800.00(+RM108.00 Tax)

The Red Hat Certified Specialist in Security: Linux exam validates your knowledge and abilities in securing Red Hat® Enterprise Linux®.

By passing this exam, you become a Red Hat Certified Specialist: Linux, which also counts toward becoming a Red Hat Certified Architect (RHCA®).

This exam is based on Red Hat Enterprise Linux version 7.5.

Additional Info

  • Certification Certificate only
  • Price RM1800
  • Exam Price Include
  • Exam Code EX415
  • Duration 0.5 Days
  • CertificationInfo Red Hat Certified Specialist in Security: Linux
  • Principals Red Hat
  • Audience

    These audiences may be interested in becoming a Red Hat Certified Specialist in Security: Linux:

    • System administrators responsible for managing large enterprise environments
    • System administrators responsible for securing their organization's infrastructure
    • Red Hat Certified Engineers interested in pursuing the Red Hat Certified Architect (RHCA) credential
  • Prerequisities
    • Be a Red Hat Certified System Administrator or have comparable work experience and skills (Red Hat Certified Engineer would be even better)
    • Review the Red Hat Certified Specialist in Security: Linux exam objectives or have comparable work experience using Red Hat OpenStack Platform.
RM1,800.00(+RM108.00 Tax)

The Certified Ethical Hacker (CEH) credential is the most trusted ethical hacking certification and accomplishment recommended by employers globally. It is the most desired information security certification and represents one of the fastest-growing cyber credentials required by critical infrastructure and essential service providers. Since the introduction of CEH in 2003, it is recognized as a standard within the information security community. CEH v11 continues to introduce the latest hacking techniques and the most advanced hacking tools and exploits used by hackers and information security professionals today. The Five Phases of Ethical Hacking and the original core mission of CEH remain valid and relevant today: “To beat a hacker, you need to think like a hacker.”

CEH provides an in-depth understanding of ethical hacking phases, various attack vectors, and preventative countermeasures. It will teach you how hackers think and act maliciously so that you will be better positioned to set up your security infrastructure and defend future attacks. Understanding system weaknesses and vulnerabilities help organizations strengthen their system security controls to minimize the risk of an incident. CEH was built to incorporate a hands-on environment and systematic process across every ethical hacking domain and methodology, giving you the opportunity to work towards proving the required knowledge and skills needed to perform the job of an ethical hacker. You will be exposed to an entirely different posture towards the responsibilities and measures required to be secure. In its 11th version, CEH continues to evolve with the latest operating systems, tools, tactics, exploits, and technologies.

Additional Info

  • Certification Course & Certificate
  • Course Code CEH
  • Price RM6200
  • Exam Price Include
  • Exam Code 312-50
  • Duration 5 Days
  • CertificationInfo Certified Ethical Hacker
  • Principals EC-Council
  • Schedule

    4-8 Jan 2021 (Penang)

    22-26 Feb 2021

    8-12 Mar 2021 (Penang)

    19-23 Apr 2021

    14-18 Jun 2021

    21-25 Jun 2021 (Penang)

    5-9 Jul 2021

    23-27 Aug 2021

    27 Sep - 1 Oct 2021 (Penang)

    25-29 Oct 2021

    29 Nov - 3 Dec 2021 (Penang)

    13-17 Dec 2021

     

  • Audience
    • Information Security Analyst / Administrator
    • Information Assurance (IA) Security Officer
    • Information Security Manager / Specialist
    • Information Systems Security Engineer / Manager
    • Information Security Professionals / Officers
    • Information Security / IT Auditors
    • Risk / Threat/Vulnerability Analyst
    • System Administrators
    • Network Administrators and Engineers
  • Module 1 Title Introduction to Ethical Hacking
  • Module 2 Title Footprinting and Reconnaissance
  • Module 3 Title Scanning Networks
  • Module 4 Title Enumeration
  • Module 5 Title Vulnerability Analysis
  • Module 6 Title System Hacking
  • Module 7 Title Malware Threats
  • Module 8 Title Sniffing
  • Module 9 Title Social Engineering
  • Module 10 Title Denial-of-Service
  • Module 11 Title Session Hijacking
  • Module 12 Title Evading IDS, Firewalls, and Honeypots
  • Module 13 Title Hacking Web Servers
  • Module 14 Title Hacking Web Applications
  • Module 15 Title SQL Injection
  • Module 16 Title Hacking Wireless Networks
  • Module 17 Title Hacking Mobile Platforms
  • Module 18 Title IoT and OT Hacking
  • Module 19 Title Cloud Computing
  • Module 20 Title Cryptography
RM6,200.00(+RM372.00 Tax)
* Training Dates:

The CISA Boot Camp is specifically designed to provide CISA candidates with the effective skills necessary to develop, manage, and supervise programs to defend against unauthorized admittance to information.

Additional Info

  • Certification Course & Certificate
  • Course Code CISA
  • Price RM8000
  • Exam Price Include
  • Duration 5 Days
  • CertificationInfo Certified Information System Auditor
  • Principals EC-Council
  • Schedule

    1-5 Feb 2021

    5-9 Apr 2021

    31 May - 4 Jun 2021

    21-25 Jun 2021 (Penang)

    9-13 Aug 2021

    4-8 Oct 2021

    13-17 Dec 2021

  • Audience

    This training is only intended for individuals preparing for the CISA Certification exam. A minimum of five years of professional information systems auditing, control or security work experience is required for certification.

  • Prerequisities
  • At Course Completion
  • Module 1 Title The IS Audit Process
  • Module 1 Content
    • ISACA IS Auditing Standards, Guidelines and Procedures and Code of Professional Ethics
    • IS auditing practices and techniques
    • Techniques to gather information and preserve evidence (e.g., observation, inquiry, interview, CAATs, electronic media)
    • The evidence life cycle (e.g., the collection, protection, chain of custody)
    • Control objectives and controls related to IS (e.g., CobiT)
    • Risk assessment in an audit context
    • Audit planning and management techniques
    • Reporting and communication techniques (e.g., facilitation, negotiation, conflict resolution)
    • Control self-assessment (CSA)
    • Continuous audit techniques
       
  • Module 2 Title IT Governance
  • Module 2 Content
    • The purpose of IT strategies, policies, standards and procedures for an organization and the essential elements of each
    • IT governance frameworks
    • The processes for the development, implementation and maintenance of IT strategies, policies, standards and procedures (e.g., protection of information assets, business continuity and disaster recovery, systems and infrastructure lifecycle management, IT service delivery and support)
    • Quality management strategies and policies
    • Organizational structure, roles and responsibilities related to the use and management of IT
    • Generally accepted international IT standards and guidelines
    • Enterprise IT architecture and its implications for setting long-term strategic directions
    • Risk management methodologies and tools
    • The use of control frameworks (e.g., CobiT, COSO, ISO 17799)
    • The use of maturity and process improvement models (e.g., CMM, CobiT)
    • Contracting strategies, processes and contract management practices 2.12 practices for monitoring and reporting of IT performance (e.g., balanced scorecards, key performance indicators [KPI])
    • Relevant legislative and regulatory issues (e.g., privacy, intellectual property, corporate governance requirements)
    • IT human resources (personnel) management
    • IT resource investment and allocation practices (e.g., portfolio management return on investment (ROI))
  • Module 3 Title Systems and Infrastructure Life Cycle
  • Module 3 Content
    • Benefits management practices, (e.g., feasibility studies, business cases)
    • Project governance mechanisms (e.g., steering committee, project oversight board)
    • Project management practices, tools, and control frameworks
    • Risk management practices applied to projects
    • Project success criteria and risks
    • Configuration, change and release management in relation to development and maintenance of systems and/or infrastructure
    • Control objectives and techniques that ensure the completeness, accuracy, validity, and authorization of transactions and data within IT systems applications
    • Enterprise architecture related to data, applications, and technology (e.g., distributed applications, web-based applications, web services, n-tier applications)
    • Requirements analysis and management practices (e.g., requirements verification, traceability, gap analysis)
    • Acquisition and contract management processes (e.g., evaluation of vendors, preparation of contracts, vendor management, escrow)
    • System development methodologies and tools and an understanding of their strengths and weaknesses (e.g., agile development practices, prototyping, rapid application development [RAD], object-oriented design techniques)
    • Quality assurance methods
    • The management of testing processes (e.g., test strategies, test plans, test environments, entry and exit criteria)
    • Data conversion tools, techniques, and procedures
    • System and/or infrastructure disposal procedures
    • Software and hardware certification and accreditation practices
    • Post-implementation review objectives and methods (e.g., project closure, benefits realization, performance measurement)
    • System migration and infrastructure deployment practices
  • Module 4 Title IT Service Delivery and Support
  • Module 4 Content
    • Service level management practices
    • Operations management best practices (e.g., workload scheduling, network services management, preventive maintenance)
    • Systems performance monitoring processes, tools, and techniques (e.g., network analyzers, system utilization reports, load balancing)
    • The functionality of hardware and network components (e.g., routers, switches, firewalls, peripherals)
    • Database administration practices
    • The functionality of system software including operating systems, utilities, and database management systems Capacity planning and monitoring techniques
    • Processes for managing scheduled and emergency changes to the production systems and/or infrastructure including change, configuration, release, and patch management practices
    • Incident/problem management practices (e.g., help desk, escalation procedures, tracking)
    • Software licensing and inventory practices
    • System resiliency tools and techniques (e.g., fault tolerant hardware, elimination of single point of failure, clustering)
  • Module 5 Title Protection of Information Assets
  • Module 5 Content
    • The techniques for the design, implementation and monitoring of security (e.g., threat and risk assessment, sensitivity analysis, privacy impact assessment)
    • Logical access controls for the identification, authentication, and restriction of users to authorized functions and data (e.g., dynamic passwords, challenge/response, menus, profiles)
    • Logical access security architectures (e.g., single sign-on, user identification strategies, identity management)
    • Attack methods and techniques (e.g., hacking, spoofing, Trojan horses, denial of service, spamming)
    • Processes related to monitoring and responding to security incidents (e.g., escalation procedures, emergency incident response team)
    • Network and Internet security devices, protocols, and techniques (e.g., SSL, SET, VPN, NAT)
    • Intrusion detection systems and firewall configuration, implementation, operation, and maintenance
    • Encryption algorithm techniques (e.g., AESRSA)
    • Public key infrastructure (PKI) components (e.g., certification authorities, registration authorities) and digital signature techniques
    • Virus detection tools and control techniques
    • Security testing and assessment tools (e.g., penetration testing, vulnerability scanning)
    • Environmental protection practices and devices (e.g., fire suppression, cooling systems, water sensors)
    • Physical security systems and practices (e.g., biometrics, access cards, cipher locks, tokens)
    • Data classification schemes (e.g., public, confidential, private, and sensitive data)
    • Voice communications security (e.g., voice over IP)
    • The processes and procedures used to store, retrieve, transport, and dispose of confidential information assets
    • Controls and risks associated with the use of portable and wireless devices (e.g., PDAs, USB devices, Bluetooth devices)
  • Module 6 Title Business Continuity and Disaster Recovery
  • Module 6 Content
    • Data backup, storage, maintenance, retention and restoration processes, and practices
    • Regulatory, legal, contractual, and insurance issues related to business continuity and disaster recovery
    • Business impact analysis (BIA)
    • The development and maintenance of the business continuity and disaster recovery plans
    • Business continuity and disaster recovery testing approaches and methods
    • Human resources management practices as related to business continuity and disaster recovery (e.g., evacuation planning, response teams)
    • Processes used to invoke the business continuity and disaster recovery plans
    • Types of alternate processing sites and methods used to monitor the contractual agreements (e.g., hot sites, warm sites, cold sites)
  • Module 7 Content
  • Module 8 Content
  • Module 9 Content
  • Module 10 Content
  • Module 11 Content
  • Module 12 Content
  • Module 13 Content
  • Module 14 Content
  • Module 15 Content
  • Module 16 Content
  • Module 17 Content
  • Module 18 Content
  • Module 19 Content
  • Module 20 Content
  • Module 21 Content
  • Module 22 Content
  • Module 23 Content
  • Module 24 Content
  • Module 25 Content
RM8,000.00(+RM480.00 Tax)
* Training Dates:

Additional Info

  • Certification Course & Certificate
  • Course Code CISM
  • Price RM8000
  • Exam Price Include
  • Duration 4 Days
  • CertificationInfo Certified Information Security Manager
  • Principals EC-Council
  • Schedule

    18-21 Jan 2021

    15-18 Mar 2021

    3-6 May 2021

    12-15 Jul 2021

    6-9 Sep 2021

    8-11 Nov 2021

  • Module 1 Title Testing-Taking Tips and Study Techniques*
  • Module 1 Content
    • Preparation for the CISM exam
    • Submitting Required Paperwork
    • Resources and Study Aids
    • Passing the Exam the First Time
  • Module 2 Title Information Security Governance*
  • Module 2 Content
    • Asset Identification
    • Risk Assessment
    • Vulnerability Assessments
    • Asset Management
  • Module 3 Title Information Risk Management*
  • Module 3 Content
    • Asset Classification and Ownership
    • Structured Information Risk Assessment Process
    • Business Impact Assessments
    • Change Management
  • Module 4 Title Information Security Program Development*
  • Module 4 Content
    • Information Security Strategy
    • Program Alignment of Other Assurance Functions
    • Development of Information Security Architectures
    • Security Awareness, Training, and Education
    • Communication and Maintenance of Standards, Procedures, and Other
    • Documentation
    • Change Control
    • Lifecycle Activities
    • Security Metrics
  • Module 5 Title Information Security Program Management*
  • Module 5 Content
    • Security Program Management Overview
    • Planning
    • Security Baselines
    • Business Processes
    • Security Program Infrastructure
    • Lifecycle Methodologies
    • Security Impact on Users
    • Accountability
    • Security Metrics
    • Managing Resources
  • Module 6 Title Incident Management and Response*
  • Module 6 Content
    • Response Management Overview
    • Importance of Response Management
    • Performing a Business Impact Analysis
    • Developing Response and Recovery Plans
    • The Incident Response Process
    • Implementing Response and Recovery Plans
    • Response Documentation
    • Post-Event Reviews
  • Module 7 Title Review and Q&A Session*
  • Module 7 Content
    • Final Review and Test Prep
RM8,000.00(+RM480.00 Tax)
* Training Dates:

Gain core knowledge and experience to successfully implement and manage security programs in this official (ISC)2 CISSP course.


This course is the most comprehensive review of information security concepts and industry best practices, and covers the eight domains of the official CISSP CBK (Common Body of Knowledge). You will gain knowledge in information security that will increase your ability to successfully implement and manage security programs in any organization or government entity. You will learn how to determine who or what may have altered data or system information, potentially affecting the integrity of those asset and match an entity, such as a person or a computer system, with the actions that entity takes against valuable assets, allowing organizations to have a better understanding of the state of their security posture. Policies, concepts, principles, structures, and standards used to establish criteria for the protection of information assets are also covered in this course.


This five-day program is comprised of a total of eight domains and includes:
• Official (ISC)2 Guide to the CISSP Common Body of Knowledge® (CBK)
• Official (ISC)2 CISSP Training Handbook
• Official (ISC)2 CISSP Flash Cards
• CISSP Certification Exam Voucher

Additional Info

  • Certification Course & Certificate
  • Course Code CISSP
  • Price RM7500
  • Exam Price Include
  • Duration 5 Days
  • CertificationInfo Certified Information Systems Security Professional
  • Principals EC-Council
  • Schedule

    25-29 Jan 2021

    1-5 Mar 2021

    19-23 Apr 2021

    3-7 May 2021

    7-11 Jun 2021

  • Audience
    • Anyone whose position requires CISSP certification
    • Individuals who want to advance within their current computer security careers or migrate to a related career
  • Prerequisities

    Professionals with at least five years of experience and who demonstrate a globally recognized level of competence, as defined in the CISSP Common Body of Knowledge (CBK) in two or more of the eight security domains.

  • At Course Completion

    In-depth coverage of the eight domains required to pass the CISSP exam:
    1. Security and Risk Management
    2. Asset Security
    3. Security Engineering
    4. Communications and Network Security
    5. Identity and Access Management
    6. Security Assessment and Testing
    7. Security Operations
    8. Software Development Security

  • Module 1 Title Domain 1 Security and Risk Management
  • Module 1 Content

    1.1 Understand and apply concepts of confidentiality, integrity, and availability
    1.2 Evaluate and apply security governance principles
    1.3 Determine compliance requirements
    1.4 Understand legal and regulatory issues that pertain to information security in a global context
    1.5 Understand, adhere to, and promote professional ethics
    1.6 Develop, document, and implement security policy, standards, procedures, and guidelines
    1.7 Identify, analyze, and prioritize Business Continuity (BC) requirements
    1.8 Contribute to and enforce personnel security policies and procedures
    1.9 Understand and apply risk management concepts
    1.10 Understand and apply threat modeling concepts and methodologies
    1.11 Apply risk-based management concepts to the supply chain
    1.12 Establish and maintain a security awareness, education, and training program

  • Module 2 Title Domain 2 Asset Security
  • Module 2 Content

    2.1 Identify and classify information and assets
    2.2 Determine and maintain information and asset ownership
    2.3 Protect privacy
    2.4 Ensure appropriate asset retention
    2.5 Determine data security controls
    2.6 Establish information and asset handling requirements

  • Module 3 Title Domain 3 Security Architecture and Engineering
  • Module 3 Content

    3.1 Implement and manage engineering processes using secure design principles
    3.2 Understand the fundamental concepts of security models
    3.3 Select controls based upon systems security requirements
    3.4 Understand security capabilities of information systems (e.g., memory protection, Trusted Platform Module (TPM), encryption/decryption)
    3.5 Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements

  • Module 4 Title Domain 4 Communication and Network Security
  • Module 4 Content

    4.1 Implement secure design principles in network architectures
    4.2 Secure network components
    4.3 Implement secure communication channels according to design

  • Module 5 Title Domain 5 Identity and Access Management (IAM)
  • Module 5 Content

    5.1 Control physical and logical access to assets
    5.2 Manage identification and authentication of people, devices, and services
    5.3 Integrate identity as a third-party service
    5.4 Implement and manage authorization mechanisms
    5.5 Manage the identity and access provisioning lifecycle

  • Module 6 Title Domain 6 Security Assessment and Testing
  • Module 6 Content

    6.1 Design and validate assessment, test, and audit strategies
    6.2 Conduct security control testing
    6.3 Collect security process data (e.g., technical and administrative)
    6.4 Analyze test output and generate report
    6.5 Conduct or facilitate security audits

  • Module 7 Title Domain 7 Security Operations
  • Module 7 Content

    7.1 Understand and support investigations
    7.2 Understand requirements for investigation types
    7.3 Conduct logging and monitoring activities
    7.4 Securely provisioning resources
    7.5 Understand and apply foundational security operations concepts
    7.6 Apply resource protection techniques
    7.7 Conduct incident management
    7.8 Operate and maintain detective and preventative measures
    7.9 Implement and support patch and vulnerability management
    7.10 Understand and participate in change management processes
    7.11 Implement recovery strategies
    7.12 Implement Disaster Recovery (DR) processes
    7.13 Test Disaster Recovery Plans (DRP)
    7.14 Participate in Business Continuity (BC) planning and exercises
    7.15 Implement and manage physical security
    7.16 Address personnel safety and security concerns

  • Module 8 Title Domain 8 Software Development Security
  • Module 8 Content

    8.1 Understand and integrate security in the Software Development Life Cycle (SDLC)
    8.2 Identify and apply security controls in development environments
    8.3 Assess the effectiveness of software security
    8.4 Assess security impact of acquired software
    8.5 Define and apply secure coding guidelines and standards

RM7,500.00(+RM450.00 Tax)
* Training Dates:

This course teaches you the methods in identifying vulnerabilities and takes appropriate countermeasures to prevent and mitigate failure risks for an organization. It also provides the networking professional with a foundation in disaster recovery principles, including preparation of a disaster recovery plan, assessment of risks in the enterprise, development of policies, and procedures, and understanding of the roles and relationships of various members of an organization, implementation of the plan, and recovering from a disaster. This course takes an enterprise-wide approach to developing a disaster recovery plan. Students will learn how to create a secure network by putting policies and procedures in place, and how to restore a network in the event of a disaster. EDRP course was certified for meeting the CNSS 4016 Advanced Level training standard for Risk Analyst by the United States Government National Security Agency (NSA).

Additional Info

  • Certification Course & Certificate
  • Course Code EDRP
  • Price RM4982
  • Exam Price Include
  • Exam Code 312-76
  • Duration 5 Days
  • CertificationInfo EC-Council Disaster Recovery Professional
  • Principals EC-Council
  • Schedule

    8-12 Mar 2021

    14-18 Jun 2021

    20-24 Sep 2021

    13-17 Dec 2021

  • Audience

    Network server administrators, firewall administrators, systems administrators, application developers, and IT security officers.

  • Module 1 Title Introduction to Disaster Recovery and Business Continuity
  • Module 2 Title Nature and Causes of Disasters
  • Module 3 Title Emergency Management
  • Module 4 Title Laws and Acts
  • Module 5 Title Business Continuity Management
  • Module 6 Title Disaster Recovery Planning Process
  • Module 7 Title Risk Management
  • Module 8 Title Facility Protection
  • Module 9 Title Data Recovery
  • Module 10 Title System Recovery
  • Module 11 Title Backup and Recovery
  • Module 12 Title Centralized and Decentralized System Recovery
  • Module 13 Title Windows Data Recovery Tools
  • Module 14 Title Linux, Mac and Novell Netware Data Recovery Tools
  • Module 15 Title Incident Response
  • Module 16 Title Role of Public Services in Disaster
  • Module 17 Title Organizations Providing Services during Disasters
  • Module 18 Title Organizations Providing Disaster Recovery Solutions
  • Module 19 Title Case Studies
RM4,700.00(+RM282.00 Tax)
* Training Dates:

The Certified Application Security Engineer (CASE) credential is developed in partnership with large application and software development experts globally.
The CASE credential tests the critical security skills and knowledge required throughout a typical software development life cycle (SDLC), focusing on the importance of the implementation of secure methodologies and practices in today’s insecure operating environment.


The CASE certified training program is developed concurrently to prepare software professionals with the necessary capabilities that are expected by employers and academia globally.It is designed to be a hands-on, comprehensive application security course that will help software professionals create secure applications.
The training program encompasses security activities involved in all phases of the Software Development Lifecycle (SDLC): planning, creating, testing, and deploying an application.


Unlike other application security trainings, CASE goes beyond just the guidelines on secure coding practices and includes secure requirement gathering, robust application design, and handling security issues in post development phases of application development.
This makes CASE one of the most comprehensive certifications on the market today. It is desired by software application engineers, analysts, testers globally, and respected by hiring authorities.

The Purpose of CASE Is

  • To ensure that application security is no longer an afterthought but a foremost one.
  • To lay the foundation required by all application developers and development organizations, to produce secure applications with greater stability and fewer security risks to the consumer, therefore, making security a foremost thought.
  • To ensure that the organizations mitigate the risk of losing millions due to security compromises that may arise with every step of application development process.
  • To help individuals develop the habit of giving importance to security sacrosanct of their job role in the SDLC, therefore opening security as the main domain for testers, developers, network administrator etc.

Additional Info

  • Certification Course & Certificate
  • Course Code CASE.NET
  • Price RM4700
  • Exam Price Include
  • Exam Code 312-93
  • Duration 3 Days
  • CertificationInfo Certified Application Security Engineer
  • Principals EC-Council
  • Schedule

    1-3 Feb 2021

    4-6 Apr 2021

    11-13 Aug 2021

    13-15 Dec 2021

  • Audience
    • .NET Developers with a minimum of 2 years of experience and individuals who want to become application security engineers/analysts/testers
    • Individuals involved in the role of developing, testing, managing, or protecting wide area of applications
  • Module 1 Title Understanding Application Security, Threats, and Attacks
  • Module 1 Content
    • What is a Secure Application
    • Need for Application Security 
    • Most Common Application Level Attacks
      • SQL Injection Attacks 
      • Cross-site Scripting (XSS) Attacks
      • Parameter Tampering
      • Directory Traversal
      • Cross-site Request Forgery (CSRF) Attack
      • Denial-of-Service (DoS) Attack
    • Denial-of-Service (DoS): Examples
      • Session Attacks
    • Cookie Poisoning Attacks
    • Session Fixation
    • Why Applications become Vulnerable to Attacks
      • Common Reasons for Existence of Application Vulnerabilities
      • Common Flaws Existed due to Insecure Coding Techniques
      • Improper Input Validation
      • Insufficient Transport Layer Protection
      • Improper Error Handling
      • Insecure Cryptographic Storage
      • Broken Authentication and Session Management
      • Unvalidated Redirects and Forwards
      • Insecure Direct Object References
      • Failure to Restrict URL Access
    • What Constitutes a Comprehensive Application Security?
      • Application Security Frame
      • 3W’s in Application Security
    • Insecure Application: A Software Development Problem
      • Solution: Integrating Security in Software Development Life Cycle (SDLC)
      • Functional vs Security Activities in SDLC
      • Advantages of Integrating Security in SDLC
      • Microsoft Security Development Lifecycle (SDL)
    • Software Security Standards, Models, and Frameworks
      • The Open Web Application Security Project (OWASP)
      • OWASP TOP 10 Attacks-2017
      • The Web Application Security Consortium (WASC)
      • WASC Threat Classification
      • Software Security Framework
    • Software Assurance Maturity Model (SAMM)
    • Building Security in Maturity Model (BSIMM)
      • BSIMM vs OpenSAMM 
  • Module 2 Title Security Requirements Gathering
  • Module 2 Content
    • Importance of Gathering Security Requirements
      • Security Requirements
      • Gathering Security Requirements
      • Why We Need Different Approach for Security Requirements Gathering
      • Key Benefits of Addressing Security at Requirement Phase
      • Stakeholders Involvement in Security Requirements Gathering 
      • Characteristics of Good Security Requirement: SMART
      • Types of Security Requirements
      • Functional Security Requirements
      • Security Drivers
    • Security Requirement Engineering (SRE)
    • SRE Phases
      • Security Requirement Elicitation
      • Security Requirement Analysis
      • Security Requirement Specification
      • Security Requirement Management
    • Common Mistakes Made in Each Phase of SRE
    • Different Security Requirement Engineering Approaches/Model 
    • Abuse Case and Security Use Case Modeling
    • Abuse Cases
    • Threatens Relationship
    • Abuse Case Modeling Steps
    • Abuse Cases: Advantages and Disadvantages
    • Abuse Case Template
    • Security Use Cases
    • Security Use Cases are Abuse Case Driven
    • Modeling Steps for Security Use Cases
    • Mitigates Relationship
    • Abuse Case vs Security Use Case
    • Security Use Case: Advantages and Disadvantages
    • Security Use Case Template
    • Security Use Case Guidelines
    • Example 1: Use Case for Online Bidding System
    • Example 1: Abuse Case for Online Bidding System
    • Example 1: Security Use Case for Online Bidding System
    • Example 2: Use Case for ATM System
    • Example 2: Abuse Case for ATM System
    • Example 2: Security Use Case for ATM System
    • Example 3: Use Case for E-commerce System
    • Example 3: Abuse Case for E-commerce System
    • Example 3: Security Use Case for E-commerce System
    • Effectiveness of Abuse and Security Case
    • Abuser and Security Stories
    • Textual Description Template: Abuser Stories and Security Stories
    • Examples: Abuser Stories and Security Stories
    • Effectiveness of Abuser and Security Stories
    • Abuser Stories: Advantages and Disadvantages
    • Security Quality Requirements Engineering (SQUARE)
      • SQUARE Effectiveness
      • SQUARE Process
      • SQUARE: Advantages and Disadvantages 
    • Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE)
      • OCTAVE Effectiveness
      • OCTAVE Steps
      • OCTAVE: Advantages and Disadvantages
  • Module 3 Title Secure Application Design and Architecture
  • Module 3 Content
    • Relative Cost of Fixing Vulnerabilities at Different Phases of SDLC
    • Secure Application Design and Architecture
    • Goal of Secure Design Process
    • Secure Design Actions
    • Security Requirement Specifications 
    • Secure Design Principles
    • Threat Modeling 
    • Secure Application Architecture 
    • Secure Design Principles
    • Define Secure Design principles
    • Secure Design Principles
    • Security through obscurity
    • Secure the Weakest Link
    • Use Least Privilege Principle
    • Secure by Default
    • Fail Securely
    • Apply Defense in Depth
    • Do Not Trust User Input
    • Reduce Attack Surface
    • Enable Auditing and Logging
    • Keep Security Simple
    • Separation of Duties
    • Fix Security Issues Correctly
    • Apply Security in Design Phase
    • Protect Sensitive Data
    • Exception Handling
    • Secure Memory Management
    • Protect Memory or Storage Secrets
    • Fundamentals of Control Granularity
    • Fault Tolerance
    • Fault Detection
    • Fault Removal
    • Fault Avoidance
    • Loose Coupling
    • High Cohesion
    • Change Management and Version Control
    • Threat Modeling
    • Threat Modeling Phases 
    • Attack Surface Evaluation
    • Threat Identification
    • Impact Analysis
    • Control Recommendations
    • Threat Modeling Process
    • Identify Security Objective
    • Application Overview
    • Decompose Application
    • Identify Threats
    • Identify Vulnerabilities
    • Identify Security Objective
    • How to Identify Security Objectives
    • Create an Application Overview
    • Draw the End-to-End Deployment Architecture
    • Identify Various User Roles
    • Identify Use Cases Scenarios
    • Identify Technologies
    • Identify Application Security Mechanisms
    • Decompose Application
      • Prepare and Document Threat Model Information
    • Example: Threat Model Information
      • Identify the External Dependencies
    • External Dependencies: Example
      • Identify the Entry Points
    • Entry Points: Example
      • Identify the Assets
    • Assets: Example
      • Identify the Trust Levels
    • Trust Levels: Example
      • Define Trust Levels to Entry points 
      • Define Trust Levels to Assets
      • Perform Application Modelling using Data Flow Diagrams (DFDs)
      • Determine the Threats: Identify the Goal of an Attacker and Create Threat Profile 
    • Example: Attacker’s Goal/Threat Profile and Vulnerabilities Associated
      • Determine the Threats: Create a Security Profile 
      • Identify the Threats
    • The STRIDE Model
      • Example: Threat Categorized and Identified using STRIDE 
    • Determine Countermeasures and Mitigation Security Controls 
    • Document the Threats
    • Rating the Threats
    • Rating the Threats: DREAD Model
    • Secure Application Architecture
    • Design Secure Application Architecture
  • Module 4 Title Secure Coding Practices for Input Validation
  • Module 4 Content
    • Input Validation
    • Why Input Validation?
    • Input Validation Specification
    • Input Validation Approaches
    • Client-side Input Validation
    • Server-side Input Validation
    • Client-Server Input Validation Reliability
    • Input Filtering
    • Input Filtering Technique o Black Listing  o White Listing
    • Input Filtering using a Regular Expression
    • Secure Coding Practices for Input Validation: Web Forms
    • ASP.NET Validation Controls
    • Set of ASP.NET Validation Controls
    • Required Field Validation Control
    • Range Validation Control
    • Comparison Validation Control
    • Regular Expression Validation Control
    • Custom Validation Control
    • Validation Summary Control
    • SQL Injection Attack Defensive Techniques 
    • Using Parameterized Queries
    • Using Parameterized Stored Procedures
    • Using Escape Routines to Handle Special Input Characters
    • Using a Least-privileged Database Account
    • Constraining Input
    • XSS Attack Defensive Techniques
    • Output Encoding
    • Encoding Unsafe Output using HtmlEncode
    • Encoding Unsafe Output using UrlEncode 
    • Anti-XSS Library
    • Encoding Output using Anti-XSS Library
    • Directory Traversing Defensive Technique
    • Additional Techniques to Prevent Directory Traversal
    • Secure Coding Practices for Input Validation: ASP.NET Core
    • Input Validation using ModelState Object
    • Input Validation using Data Annotation
    • Input Validation using Custom Validation Attributes
    • Input Validation using Remote Validation
    • SQL Injection Attack Defensive Techniques
    • Sanitize Inputs using Casting
    • Using Parameterized Queries
    • Using Stored Procedures
    • Using ORM (Object Relation Model)
    • XSS Defensive Techniques
      • Enable Content Security Policy
      • URL Encoding User Input
    • Open Redirect Defensive Techniques
      • Implement LocalRedirect()
      • Disable X-Frame-Options
      • Enable Cross Origin Request Sharing
      • Enable Cross Origin Request Sharing (CORS) with Middleware
        • Guidelines for Secure (CORS) Configuration
    • Directory Traversing Defensive Techniques
    • Disable Directory Listing
    • Disable Non-standard Content Types
    • Secure Static Files
    • Secure Coding Practices for Input Validation: MVC
    • XSS Defensive Techniques
    • Enable Content Security Policy
    • MVC Output Encoding
    • Output Encoding using Anti-XSS Library
    • Parameter Tampering Defensive Techniques
    • Accept Data from Trusted Sources
    • Encrypt and Decrypt Key Values
    • Implement LocalRedirect()
    • Open Redirect Defensive Techniques
  • Module 5 Title Secure Coding Practices for Authentication and Authorization
  • Module 5 Content
    • Authentication and Authorization
    • Authentication
    • Authorization
    • Common Threats on User Authentication and Authorization
    • Account Hijacking
    • Man-in-the-middle 
    • Phishing
    • Unauthorized Access
    • Information Leakage
    • Privilege Escalation
    • Sniffing
    • Authentication and Authorization: Web Forms
    • .NET Authentication and Authorization
    • Different Level of Authentication 
    • ASP.NET Authentication
    • Enterprise Services Authentication
    • SQL Server Authentication
    • ASP.NET Authentication
    • ASP.NET Authentication Modes 
      • Forms Authentication
      • Passport Authentication
      • Custom Authentication
        • Implementing Custom Authentication Scheme
      • Windows Authentication
        • Basic Authentication
        • Digest Authentication
        • Integrated Windows Authentication
        • Certificate Authentication
        • Anonymous Authentication
    • Selecting an Appropriate Authentication Method
    • Determining an Authentication Method
    • Enterprise Services Authentication
    • SQL Server Authentication
    • Mixed Mode Authentication
    • Windows Authentication
    • Different Level of Authorization 
    • ASP.NET Authorization 
    • Enterprise Services Authorization
    • SQL Server Authorization
    • ASP.NET Authorization 
    • URL Authorization
    • File Authorization
    • What is Impersonation?
    • Impersonation Options
    • Impersonation is Disabled
    • Impersonation Enabled
    • Impersonation Enabled for a specific Identity
    • Delegation
    • Code-based Authorization
    • Explicit Authorization
    • Declarative Authorization
    • Imperative Authorization
    • Authorization using ASP.NET Roles
    • Enterprise Services Authorization
    • SQL Server Authorization
    • User-defined Database Roles
    • Application Roles 
    • Fixed Database Roles
    • Authentication and Authorization: ASP.NET Core
    • ASP.NET Core Authentication
    • AspNetCore.Identity
    • ASP.NET Core Authentication
    • Implementing Identity on ASP.NET Core (Templates)
    • ASP.NET Core External Provider Authentication
    • Open Source Authentication Providers
    • Enabling ASP.Net Core Identity
    • Asp.Net Core Token-based Authentication
    • JWT-JSON Web Token
    • Configuring JSON Web Token Authentication
    • Creating JWT Authentication
    • Using Jquery to Access JWT
    • IdentityServer4 Authentication
    • Implement ASP.NET Identity with IdentityServer
    • Configure Windows Authentication
    • Windows Authentication
    • Impersonation
    • ASP.NET Core Authorization  
    • ASP.NET Core Role-based Authorization
    • ASP.NET Core Role Authorization Policy
    • Claim-based Authorization 
    • Custom Policy-based Authorization 
    • Resource-based Authorization
    • View-based Authorization
    • Authentication and Authorization: MVC
    • Authentication and Authorization
    • MVC Authentication Filter
    • Implementing Single Sign-On
    • Authentication using Third-party Identity Provider
    • Implement Page Access Control with Standard Action Filters
    • Authentication and Authorization Defensive Techniques: Web Forms
    • Securing Forms Authentication Tickets
    • Use Strong Hashing Algorithms to Validate Data
    • Use Strong Encryption Algorithm to Secure Form Authentication Data
    • Secure Form Authentication Cookies using SSL
    • Securing Forms Authentication Credentials 
    • Preventing Session Hijacking using Cookieless Authentication
    • Avoiding Forms Authentication Cookies from Persisting using DisplayRememberMe Property 
    • Avoiding Forms Authentication Cookies from Persisting using  RedirectFromLoginPage Method
    • Avoiding Forms Authentication Cookies from Persisting using SetAuthCookie Method 
    • Avoiding Forms Authentication Cookies from Persisting using GetRedirectUrl Method 
    • Avoiding Forms Authentication Cookies from Persisting using  FormsAuthenticationTicket Constructor
    • Securing Passwords with minRequiredPasswordLength
    • Securing Passwords with minRequiredNonalphanumericCharacters 
    • Securing Passwords with passwordStrengthRegularExpression
    • Restricting Number of Failed Logon Attempts
    • Securing Application by using Absolute URLs for Navigation
    • Securing Applications from Authorization Bypass Attacks
    • Creating Separate Folder for Secure Pages in Application
    • Validating Passwords on CreateUserWizard Control using Regular Expressions
    • Authentication and Authorization Defensive Techniques: ASP.NET Core
    • Configure Identity Services
      • Password Policy
      • User Lockout
      • Sign in 
      • Configure Identity User Validation Settings
      • Configure Application's Cookie Settings
      • Configure Identity Services: Cookie Settings
      • Enforcing SSL
      • HTTP Strict Transport Security (HSTS) 
    • Authentication and Authorization Defensive Techniques: MVC
      • Implement AllowXRequestsEveryXSecondsAttribute to Prevent Brute Force Attack
      • MVC Page Access Control: Custom Security Filter
      • Page Access Control: Third-party Libraries
      • Implementing Control-level Protection
      • Implementing Account Lockout
    • Forcing HTTPS Protocol using [RequireHttps]  Implement AllowAnonymous Action Filter
  • Module 6 Title Secure Coding Practices for Cryptography
  • Module 6 Content
    • Cryptographic 
    • Ciphers
    • Block Cipher Modes
    • Symmetric Encryption Keys
    • Asymmetric Encryption Keys
    • Functions of Cryptography
    • Use of Cryptography to Mitigate Common Application Security Threats
    • Cryptographic Attacks
    • Techniques Attackers Use to Steal Cryptographic Keys
    • What should you do to Secure .NET Applications from Cryptographic Attacks?
    • .NET Cryptography Namespaces
    • .NET Cryptographic Class Hierarchy
    • Symmetric Encryption
    • SymmetricAlgorithm Class
    • Members of the SymmetricAlgorithm Class
    • Programming Symmetric Data Encryption and Decryption in .NET
    • Symmetric Encryption: Defensive Coding Techniques
    • Securing Information with Strong Symmetric Encryption Algorithm
    • Vulnerability in using ECB Cipher Mode
    • Padding
      • Padding Modes
    • None
    • Zero Padding
    • PKCS #7 Padding 
    • ANSIX923 Padding
    • ISO10126 Padding
      • Problem with Zeros Padding
    • Securing Symmetric Encryption Keys from Brute Force Attacks
    • Resisting Cryptanalysis Attack using Large Block Size
    • Generating Non-Predictable Cryptographic Keys using RNGCryptoServiceProvider
    • Storing Secret Keys and Storing Options
      • Protecting Secret Keys with Access Control Lists (ACLs)
      • Protecting Secret Keys with DPAPI
    • Self Protection for Cryptographic Application
    • Encrypting Data in the Stream using CryptoStream Class 
    • Asymmetric Encryption
    • AsymmetricAlgorithm Class
    • Members of the AsymmetricAlgorithm Class
    • Programming Asymmetric Data Encryption and Decryption in .NET
    • Asymmetric Encryption: Defensive Coding Techniques
    • Securing Asymmetric Encryption using Large Key Size
    • Storing Private Keys Securely
    • Problem with Exchanging Public Keys
    • Exchanging Public Keys Securely
    • Asymmetric Data Padding
    • Protecting Communications with SSL
    • Hashing
    • Hashing Algorithms Class Hierarchy in .NET
    • Hashing in .Net 
    • Members of the HashAlgorithm Class
    • Programming Hashing for Memory Data
    • Programming Hashing for Streamed Data
    • Imposing Limits on Message Size for Hash Code Security
    • Setting Proper Hash Code Length for Hash Code Security
    • Message Sizes and Hash Code Lengths Supported by the .NET Framework Hashing Algorithms  
    • Securing Hashing using Keyed Hashing Algorithms
    • Digital Signatures
    • Attacker's Target Area on Digital Signatures
    • Security Features of Digital Signatures 
    • .NET Framework Digital Signature Algorithms
    • Digital Certificates
    • .NET Support for Digital Certificates
    • X509Store
    • X509Certificate and X509Certificate2
    • X509Certificate2 Collection
    • Programming Digital Signatures using Digital Certificates
    • XML Signatures
    • Need for Securing XML Files 
    • Securing XML Files using Digital Signatures
    • Programming a Digital Signature for a Sample XML File
    • ASP.NET Core Specific Secure Cryptography Practices
    • ASP.NET Core Data Protection
    • Data Protection Machine-wide Policy
    • Data Protection Configuration
    • Key Persistence
    • Key Lifetime
    • Application Name
    • Automatic Key Generation
    • Algorithm
    • Generating a Random String
    • Hashing String
    • Storing App Secrets in Secure Place
    • Securing Application settings using Azure Key Vault
  • Module 7 Title Secure Coding Practices for Session Management
  • Module 7 Content
    • Session Management
    • Types of Tokens
    • Session Tokens
    • Authentication Tokens
    • Basic Security Principles for Session Management Tokens
    • Common Threats to Session Management
    • Session Hijacking Attack 
    • Account Hopping Attack 
    • Session Fixation Attack
    • Token Prediction Attack
    • Token Brute-force Attack
    • Cross-site Request Forgery Attack
    • Cross-site Scripting Attack
    • Session Replay Attack
    • Token Manipulation Attack
    • Phishing Attack
    • ASP.NET Session Management Techniques
    • Client-Side State Management
    • Client-Side State Management using Cookies
    • Client-Side State Management using Hidden Fields
    • Client-Side State Management using ViewState
    • Client-Side State Management using Control State
    • Client-Side State Management using Query Strings 
    • Server-Side State Management
    • Server-Side State Management using Application Object 
    • Server-Side State Management using Session Object
      • In Process Mode
      • Out-of-Process Session Mode (State Server Mode)
      • SQL-backed Session State o Server-side State Management Using Profile Properties
    • Defensive Coding Practices against Broken Session Management
    • Session Hijacking
    • Securing ASP.NET Application from Session Hijacking
    • Implementing SSL to Encrypt Cookies
    • Setting a Limited Time Period for Expiration
    • Avoid using Cookieless Sessions
    • Avoid using UseUri Cookieless Sessions
    • Avoid Specifying Cookie Modes to AutoDetect
    • Avoid Specifying Cookie Modes to UseDeviceProfile
    • Enabling regenerateExpiredSessionID for Cookieless Sessions
    • Resetting the Session when User Logs Out
    • Token Prediction Attack
    • Generating Lengthy Session Keys to Prevent Guessing
    • Session Replay Attack
    • Defensive Techniques for Session Replay Attack
    • Session Fixation
    • Session Fixation Attack

              -      Securing ASP.NET Application from Session Fixation Attack

    • Cross-site Script Attack on Sessions
    • Preventing Cross-site Scripting Attack using URL Rewriting
    • Rewrite the application URL for each session
    • Expiring application URLs automatically
    • Preventing Session Cookies from Client-side Scripts Attacks
    • Cross-site Request Forgery Attack
    • Implementing the Session Token to Mitigate CSRF Attacks
    • Additional Defensive Techniques to Mitigate CSRF Attack
    • Cookie-based Session Management
    • Persistent Cookies Information Leakage
    • Avoid Setting the Expire Attribute to Ensure Cookie Security
    • Ensuring Cookie Security using the Secure Attribute
    • Ensuring Cookie Security using the HttpOnly Attribute
    • ViewState-based Session Management
    • ViewState Data Tampering Attack
    • ViewState oneClick Attacks
    • Securing ViewState
    • Securing ViewState with Hashing
    • Securing ViewState with Encryption
    • Securing ViewState by Assigning User-specific Key 
    •  ASP.NET CORE: Secure Session Management Practices
    • Enabling Session State 
    • Implementing the CSRF Token to Mitigate CSRF Attacks
    • Mitigating CSRF Attacks in JavaScript, AJAX and Single Page Applications
    • Angular-Antiforgery Integration -AJAX
    • Improve Session Security with Nwebsec Session Security Library 

    Checklist for Secure Session Management

  • Module 8 Title Secure Coding Practices for Error Handling
  • Module 8 Content
    • What are Exceptions/Runtime Errors?
    • Handled Exceptions
    • Unhandled Exceptions
    • Need of Secure Error/Exception Handling 
    • Consequences of Detailed Error Message
    • Exposing Detailed Error Messages
    • Considerations: Designing Secure Error Messages
    • Secure Exception Handling
    • Handling Exceptions in an Application 
    • Code-Level Exception Handling
    • Page-Level Exception Handling
    • Application-Level Exception Handling
    • Defensive Coding practices against Information Disclosure
      • Avoid Displaying Detailed Error Messages
    • Defensive Coding practices against Improper Error Handling
    • Avoid Throwing Generic Exceptions 
    • Avoid Catching Generic Exceptions
    • Avoid Swallowing the Exceptions
    • Cleanup Code Vulnerability 
    • Vulnerability in Re-throwing Exception
    • Managing Unhandled Errors
    • Unobserved Exception Vulnerability
    • ASP.NET Core: Secure Error Handling Practices
    • ASP.NET Core Error Handling
    • Inspect Exception During Development
    • Implement Custom Error Handler
    • Configure Pages with HTTP Status Codes
    • Startup Exception Handling
    • Do’s and Don’ts in Exception Handling
    • Checklist for Proper Exception Handling
    • Secure Auditing and logging
    • What is Logging and Auditing?
    • Need of Secure Logging and Auditing
    • Common Threats to Logging and Auditing
    • Denial of Service
    • Log Wiping 
    • Log Bypass 
    • Log Tampering  
    • What Should be Logged?
    • What Should NOT be Logged?
    • Where to Perform Event Logging?
    • File-System-based Logging System
    • Database-based Logging System
    • Performing Log Throttling in ASP.NET Health Monitoring System 
    • Tracing in .NET
    • Writing Trace Output to Windows Event Log using EventLogTraceListener
    • Tracing Security Concerns and Recommendations
    • Secure Auditing and Logging Best Practices
    • Protecting Log Records
      • Fixing the Logs
    • Auditing and Logging Security Checklists
  • Module 9 Title Static and Dynamic Application Security Testing (SAST & DAST)
  • Module 9 Content
    • Static Application Security Testing
    • Static Application Security Testing (SAST)
    • Objectives of SAST
    • Why SAST
    • Skills required for SAST
    • What to look for in SAST
    • Common Vulnerabilities Identified Through SAST
    • Types of SAST
    • Automated Source Code Analysis
    • Manual Source Code Review
    • Where does Secure Code Review Fit in SDLC?
    • SAST Steps
    • SAST Activities-flow Chart
    • Recommendation for Effective SAST
    • SAST Deliverable
    • Automated Source Code Analysis
    • Static Code Analysis Using Checkmarx Static Code Analysis
    • Static Code Analysis Using Visual Code Grepper (VCG)
    • Static Code Analysis Using HP Fortify
    • Static Code Analysis Using Rational AppScan Source Edition
    • Selecting Static Analysis Tool
    • Manual Secure Code Review
    • Manual Secure Code Review for Most Common Vulnerabilities
    • Code Review for PCI DSS Compliance
    • Code Review for Blacklisting Validation Approach
    • Code Review for Client Side Validation Approach
    • Code Review for Non-parametrized SQL Query
    • Review Code for Non-parameterized Stored Procedure
    • Code Review for XSS Vulnerability
    • Review Code for Unvalidated Redirects and Forwards
    • Code Review for Weak Password Authentication 
    • Code Review for Hard-Coded Passwords
    • Code Review for Clear-text credentials in for Authentication 
    • Code Review for Unencrypted Form Authentication Tickets
    • Code Review for Clear-text Connection strings
    • Code Review for Weak Password Length
    • Code Review for Inappropriate Authorization 
    • Code Review for use of Weak Hashing Algorithm
    • Code Review for use of Weak Encryption Algorithm
    • Code Review for Use of SSL 
    • Code Review for use of URL for Storing Session Tokens
    • Code Review for Cookies Persistence
    • Code Review for Allowing More Number of Failed Login attempts
    • Code Review for providing Relative path to Redirect Method
    • Code Review for Use of Server.Transfer() Method
    • Code Review for Keeping both Public and Restricted pages in Same folder 
    • Code Review for use of Weak Encryption Algorithm 
    • Code Review for use of ECB Cipher Mode 
    • Code Review for use of Zero Padding
    • Code Review for use of Small Key Size
    • Code Review for use of Small Block Size
    • Code Review for Cryptographic Keys Generation Mechanism
    • Code Review for Sensitive Information Leakage
    • Code Review for Generic Exception Throwing and Catching
    • Code Review for use of Unencrypted Cookies
    • Code Review for Overly Long Sessions
    • Code Review for Cookieless Sessions
    • Code Review for regeneration of Expired Sessions
    • Code Review for weak Session Key Generation Mechanism
    • Code Review for Cookies Vulnerable to Client-side Scripts attacks 
    • Code Review for Cookies Vulnerable to CSRF Attacks
    • Code Review for ViewState Security
    • Code Review for allowOverride Attribute
    • Code Review for Enabling Trace feature
    • Code Review for Enabling Debug feature
    • Code Review for Validate Request 
    • Code Review: Check List Approach
    • Sample Checklist
    • Imput Validation 
    • Authentication 
    • Authorization
    • Session Management
    • Cryptography o Exception Handling
    • Logging
    • SAST Finding
    • SAST Report
    • SAST Reporting
    • Dynamic Application Security Testing
    • Types of DAST
    • Automated Application Vulnerability Scanning
    • Manual Application Penetration Testing
    • SAST vs DAST
    • Automated Application Vulnerability Scanning Tools
    • Web Application Security Scanners
    • WebInspect 
    • IBM SecurityAppScan 
    • Additional Web Application Vulnerability Scanners 
    • Proxy-based Security Testing Tools 
    • Burp Suite
    • OWASP Zed Attack Proxy (ZAP)
    • Additional Proxy-based Security Testing Tools
    • Choosing Between SAST and DAST
  • Module 10 Title Secure Deployment and Maintenance
  • Module 10 Content
    • Secure Deployment
    • Prior Deployment Activity
    • Check the Integrity of Application Package Before Deployment
    • Review the Deployment Guide Provided by the Software Vendor
    • Deployment Activities: Ensuring Security at Various Levels
    • Host Level Deployment Security
    • IIS level Deployment Security
    • SQL Server Level Deployment Security 
    • Ensuring Security at Host Level
    • Check and Configure the Security of Machine Hosting Web Server, Application Server, Database Server and Network Devices
    • Physical Security
    • Host Level Security
    • Ensuring Security at Network Level
    • Network level Security
    • Router
    • Firewall
    • Switch
    • Ensuring Security at Application Level 
    • Web Application Firewall (WAF)
    • Benefits of WAF
    • WAF Limitations
    • WAF Vendors
    • Ensuing Security at IIS level
    • Configure IIS Server Request Filtering Feature
    • Editing Request Filtering and Request Limits
    • Allowing or Denying a File Name Extension in Request Filtering
    • Adding a Hidden Segment in Request Filtering
    • Adding Limits for HTTP Headers in Request Filtering
    • Denying an HTTP Verbs in Request Filtering
    • Setting Request Filtering Attributes using appcmd  Sites and Virtual Directories
    • Website Location
    • Script Mapping
    • Anonymous Internet User Account
    • Auditing and Logging
    • Web Permissions
    • IP Address and Domain Name Restrictions
    • Authentication
    • Parent Path Setting
    • Microsoft FrontPage Server Extensions
    • ISAPI Filters
    • Ensuring Security at .NET Level
    • Web.config and Machine.config Deployment Security Settings
    • Verify the Configuration Settings
    • Verify Lock Per-machine Settings
    • Verify trace Element Setting
    • Verify CustomError Settings
    • Verify maxRequestLength Setting
    • Verify debug Settings
    • Verify protection Setting 
    • Verify timeout Setting
    • Verify requireSSL Setting
    • Verify passwordFormat Setting 
    • Verify slideExpiration Setting
    • Verify Name and Path Attribute Setting
    • Verify Authorization Element Setting
    • Verify Identity Element Setting
    • Verify roleManager Setting 
    • Verify cookieProtection Setting
    • Verify cookieRequireSSL Setting
    • Verify cookieTimeout Setting 
    • Verify createPersistentCookie Setting 
    • Verify sessionState Settings
    • Verify decryptionKey and validationKey Setting
    • Verify decryptionKey and validationKey Setting in Web Farm
    • Verify validation Setting
    • Verify trust Element Setting
    • Verify httphandlers Settings
    • Verify processModel Settings
    • Verify healthMonitoring Setting
    • Ensuring Security at SQL Server Level
    • Selecting Authentication Mode in SQL Server
    • Secure Mixed Mode Authentication 
    • Configure Password Enforcement Options for Standard SQL Server Logins
    • Delete or Disable Unused Accounts
    • Turn Off SQL Server Browser Service
    • Disable Unnecessary Features and Services
    • Service Account Management and Selection
    • Manage Privileged Access
    • Hiding SQL Server Instance
    • Implement Encryption
    • Implement Transparent Data Encryption
    • Configure SSL in SQL Server
    • Secure the Auditing Process
    • Security Maintenance and Monitoring
    • Post Deployment Activities: Security Maintenance and Monitoring
    • Security Maintenance Activities at OS level
    • Security Maintenance Activities at IIS level
    • Security Maintenance Activities at Application level
RM4,700.00(+RM282.00 Tax)
* Training Dates:

Page 1 of 2

PMP, Project Management Professional (PMP), CAPM, Certified Associate in Project Management (CAPM) are registered marks of the Project Management Institute, Inc.

We are using cookies to give you the best experience on our site. By continuing to use our website without changing the settings, you are agreeing to use of cookies.
Ok Decline