Secure coding in PHP Training Course

This instructor-led live training in Mexico (offered online or onsite) is designed for data scientists and software engineers who aim to use AdaBoost to create boosting algorithms for machine learning with Python.

By the conclusion of this training, participants will be able to:

• Set up the required development environment to start building machine learning models with AdaBoost.
• Comprehend the ensemble learning approach and how to implement adaptive boosting.
• Learn how to construct AdaBoost models to enhance machine learning algorithms in Python.
• Use hyperparameter tuning to increase the accuracy and performance of AdaBoost models.

Implementing a secure networked application can be challenging, even for developers who have previously used various cryptographic building blocks like encryption and digital signatures. To help participants grasp the role and usage of these cryptographic primitives, the course first establishes a solid foundation on the main requirements of secure communication – including secure acknowledgment, integrity, confidentiality, remote identification, and anonymity. It also presents typical problems that can undermine these requirements along with real-world solutions.

Since cryptography is a critical aspect of network security, the course discusses the most important algorithms in symmetric cryptography, hashing, asymmetric cryptography, and key agreement. Rather than focusing on deep mathematical background, these concepts are explored from a developer's perspective, illustrating typical use-case examples and practical considerations related to cryptography, such as public key infrastructures. Various security protocols across different areas of secure communication are introduced, with a detailed discussion on widely-used protocol families like IPSEC and SSL/TLS.

Typical crypto vulnerabilities are discussed, covering both specific algorithms and protocols. This includes issues such as BEAST, CRIME, TIME, BREACH, FREAK, Logjam, Padding oracle, Lucky Thirteen, POODLE, and others, as well as RSA timing attacks. For each issue, practical considerations and potential consequences are described, again without delving into complex mathematical details.

Finally, given that XML technology is central for data exchange by networked applications, the security aspects of XML are described. This includes the usage of XML within web services and SOAP messages alongside protection measures such as XML signature and XML encryption – as well as weaknesses in those protection measures and XML-specific security issues such as XML injection, XML external entity (XXE) attacks, XML bombs, and XPath injection.

Participants attending this course will

• Understand basic concepts of security, IT security and secure coding
• Understand the requirements of secure communication
• Learn about network attacks and defenses at different OSI layers
• Have a practical understanding of cryptography
• Understand essential security protocols
• Understand some recent attacks against cryptosystems
• Get information about some recent related vulnerabilities
• Understand security concepts of Web services
• Get sources and further readings on secure coding practices

Audience

Developers, Professionals

Developing secure C and C++ applications demands robust defenses against malicious exploitation, memory corruption, and input validation vulnerabilities. This course explores common vulnerability patterns such as buffer overflows, use-after-free errors, integer overflows, and type confusion issues. Participants will implement secure coding standards, leverage static analysis tools, and apply defensive programming practices to mitigate weaknesses, ensure proper input sanitization, and deliver software that is resilient against cyber threats.

Even seasoned Java developers often do not fully master the array of security services provided by Java, nor are they always aware of the various vulnerabilities that impact web applications built with Java.

This course goes beyond introducing the security components of Standard Java Edition; it also addresses security concerns in Java Enterprise Edition (JEE) and web services. Discussions on specific services are grounded in the fundamentals of cryptography and secure communication. Through various exercises, participants will explore declarative and programmatic security techniques in JEE, as well as transport-layer and end-to-end security for web services. The use of all these components is demonstrated through practical exercises, allowing participants to experiment with the discussed APIs and tools firsthand.

The course also examines and explains the most common and severe programming flaws in the Java language and platform, as well as web-related vulnerabilities. In addition to typical bugs made by Java developers, the covered security vulnerabilities address both language-specific issues and problems arising from the runtime environment. All vulnerabilities and corresponding attacks are illustrated through easy-to-understand exercises, followed by recommended coding guidelines and possible mitigation techniques.

Participants attending this course will

• Understand the basic concepts of security, IT security, and secure coding
• Learn about web vulnerabilities beyond the OWASP Top Ten and how to avoid them
• Understand the security concepts of web services
• Learn how to use various security features of the Java development environment
• Gain a practical understanding of cryptography
• Understand security solutions in Java EE
• Learn about typical coding mistakes and how to avoid them
• Receive information about recent vulnerabilities in the Java framework
• Acquire practical knowledge in using security testing tools
• Obtain resources and further readings on secure coding practices

Audience

Developers

Description

The Java language and the Java Runtime Environment (JRE) were designed to minimize the most problematic common security vulnerabilities found in other languages, such as C/C++. However, software developers and architects must do more than just learn how to use the various security features available in the Java environment (positive security); they must also be aware of the numerous vulnerabilities that remain relevant to Java development (negative security).

The introduction to security services begins with a brief overview of cryptography fundamentals, providing a common baseline for understanding the purpose and operation of the applicable components. The use of these components is demonstrated through several practical exercises, allowing participants to experiment with the discussed APIs firsthand.

The course also reviews and explains the most frequent and severe programming flaws associated with the Java language and platform, covering both typical bugs committed by Java programmers and issues specific to the language and environment. All vulnerabilities and relevant attacks are demonstrated through easy-to-understand exercises, followed by recommended coding guidelines and possible mitigation techniques.

Participants attending this course will

• Understand basic concepts of security, IT security, and secure coding
• Learn about web vulnerabilities beyond the OWASP Top Ten and know how to avoid them
• Learn to use various security features of the Java development environment
• Gain a practical understanding of cryptography
• Learn about typical coding mistakes and how to avoid them
• Get information about some recent vulnerabilities in the Java framework
• Get sources and further readings on secure coding practices

Audience

Developers

Today, various programming languages allow developers to compile code for the .NET and ASP.NET frameworks. This environment offers robust tools for security development; however, developers must understand how to apply architectural and coding-level techniques to implement the desired security measures, prevent vulnerabilities, and limit potential exploitation.

This course aims to guide developers through numerous practical exercises to teach them how to prevent untrusted code from executing privileged actions, protect resources via strong authentication and authorization, manage remote procedure calls, handle sessions, and explore various implementation options for specific functionalities.

The introduction to different vulnerabilities begins by highlighting typical programming errors made when using .NET. The discussion on ASP.NET vulnerabilities also covers various environment settings and their impact. Furthermore, the topic of ASP.NET-specific vulnerabilities addresses general web application security challenges as well as special issues and attack vectors, such as ViewState attacks and string termination attacks.

Participants attending this course will

• Grasp the fundamental concepts of security, IT security, and secure coding.
• Learn about web vulnerabilities beyond the OWASP Top Ten and understand how to avoid them.
• Master the use of various security features within the .NET development environment.
• Gain practical experience with security testing tools.
• Identify common coding mistakes and learn how to prevent them.
• Stay informed about recent vulnerabilities in .NET and ASP.NET.
• Access resources and further reading materials on secure coding practices.

Audience

Developers

This comprehensive SDL core training provides an in-depth look at secure software design, development, and testing, guided by the Microsoft Secure Development Lifecycle (SDL). It offers a foundational (level 100) overview of the essential components of SDL, followed by design techniques aimed at detecting and resolving flaws during the early stages of the development process.

Focusing on the development phase, the course covers typical security-relevant programming bugs in both managed and native code. It presents attack methods for discussed vulnerabilities alongside associated mitigation techniques. Participants engage in numerous hands-on exercises that offer practical, live hacking experiences. Additionally, the introduction of various security testing methods is reinforced by demonstrating the effectiveness of different testing tools. Through practical exercises applying these tools to previously discussed vulnerable code, participants gain a clear understanding of their operation.

Participants attending this course will

Understand basic concepts of security, IT security, and secure coding.

Become familiar with the essential steps of the Microsoft Secure Development Lifecycle.

Learn secure design and development practices.

Gain knowledge of secure implementation principles.

Understand security testing methodology.

• Access sources and further readings on secure coding practices.

Audience

Developers, Managers.

In this instructor-led live course in Mexico, participants will learn how to develop an appropriate security strategy to address the challenges of DevOps security.

The EC-Council Certified DevSecOps Engineer (ECDE) is a practical program designed to empower professionals with the capabilities to integrate security throughout the DevOps lifecycle, fostering secure software development from the initial planning phases through to deployment.

This instructor-led live training, available both online and onsite, targets intermediate-level software and DevOps professionals aiming to incorporate security protocols into CI/CD pipelines, thereby ensuring the delivery of code that is both secure and compliant.

Upon completing this training, participants will be equipped to:

• Grasp the core principles and practices of DevSecOps.
• Safeguard every phase of the CI/CD pipeline utilizing automated tools.
• Apply secure coding standards and conduct vulnerability scanning.
• Get ready for the ECDE certification through hands-on labs and comprehensive review.

Course Format

• Engaging lectures and group discussions.
• Practical application of DevSecOps tools within simulated pipelines.
• Supervised exercises centered on secure development and deployment strategies.

Customization Options

• For personalized training tailored to your team’s specific workflows or toolchains, please reach out to us to make arrangements.

This instructor-led, live training in Mexico introduces the fundamentals of Laravel and walks participants through the creation of a Laravel-based web application.

This instructor-led live training in Mexico (online or onsite) is designed for developers who wish to learn and use Livewire to build modern and dynamic application interfaces.

Upon completion of this training, participants will be able to:

• Develop and test Livewire components.
• Construct applications using the Livewire library.
• Implement dynamic components within PHP.

This instructor-led, live training in Mexico (online or onsite) is designed for web developers who want to use Laravel and Vue.js for full-stack web development.

By the end of this training, participants will be able to:

• Develop web applications with Laravel and Vue.js.
• Integrate the Laravel backend API into Vue.js.
• Deploy a Laravel application.

This instructor-led, live training (available online or onsite) is designed for web developers who wish to build middleware and web services in Laravel.

Upon completing this training, participants will be able to:

• Utilize Laravel PHP Artisan to generate code and components.
• Construct RESTful APIs in Laravel capable of browsing, reading, editing, adding, and deleting data.
• Filter and sort results based on URL parameters using RESTful APIs.

This Course in Mexico aims to help in the following:

1. Enable developers to master secure coding techniques
2. Assist software testers in verifying application security before production deployment
3. Help software architects understand the risks associated with applications
4. Support team leaders in establishing security baselines for developers
5. Aid webmasters in configuring servers to prevent misconfigurations

This course explores secure coding concepts and principles for Java, utilizing the testing methodology of the Open Web Application Security Project (OWASP). OWASP is an online community that produces freely accessible articles, methodologies, documentation, tools, and technologies focused on web application security.