Cyber Security Training in Paris

This instructor-led, live training in Paris (online or onsite) targets advanced cybersecurity professionals, AI engineers, and IoT developers seeking to implement robust security measures and resilience strategies for Edge AI systems.

By the end of this training, participants will be able to:

• Identify security risks and vulnerabilities associated with Edge AI deployments.
• Deploy encryption and authentication methods to ensure data protection.
• Design resilient Edge AI architectures capable of withstanding cyber threats.
• Apply secure AI model deployment strategies within edge environments.

This instructor-led, live training in Paris (online or onsite) is designed for intermediate-level cybersecurity professionals and data scientists who aim to leverage LLMs to enhance cybersecurity measures and threat intelligence.

By the end of this training, participants will be able to:

• Understand the role of LLMs in cybersecurity.
• Implement LLMs for threat detection and analysis.
• Utilize LLMs for security automation and response.
• Integrate LLMs with existing security infrastructure.

This instructor-led, live training session in Paris (online or onsite) is designed for cybersecurity professionals and technical leads at an intermediate to advanced level. The course aims to help participants understand how to implement AI models to enhance security processes, automate threat detection and response, and perform predictive analysis.

Upon completion of this training, participants will be able to:

• Comprehend the pivotal role of AI in modern cybersecurity.
• Develop machine learning models for detecting anomalies and threats.
• Implement AI solutions to automate incident response and security operations.
• Evaluate the ethical and operational implications of using AI in cybersecurity.

This instructor-led, live training in Paris (online or onsite) is aimed at intermediate-level analysts who wish to effectively analyze, secure, and protect their organization's data and networks from cyber threats.

By the end of this training, participants will be able to:

• Gain a comprehensive understanding of the current cybersecurity landscape.
• Learn and apply industry-standard cybersecurity frameworks (e.g., NIST, ISO/IEC 27001) and best practices to enhance the security posture of their organization.
• Implement effective network security measures, including configuring firewalls, VPNs, IDS/IPS systems, and applying encryption techniques to protect data at rest and in transit.
• Identify, analyze, and respond to cybersecurity incidents using threat intelligence, SIEM tools, and incident response plans.

This instructor-led live training in Paris (online or on-site) is designed for intermediate-level network administrators who wish to acquire the critical skills needed to manage, administer, monitor, and maintain Fortinet security systems.

By the end of this training, participants will be able to:

• Configure and manage FortiGate firewalls.
• Monitor network traffic and manage incidents with FortiAnalyzer.
• Automate tasks and manage policies through FortiManager.
• Apply preventive maintenance strategies and troubleshoot network issues.

This instructor-led, live training in Paris (online or onsite) is tailored for beginner-level network administrators seeking to leverage FortiGate 1100E to effectively manage and secure their network infrastructures.

Upon completion of this training, participants will be able to:

• Grasp the fundamental architecture and key features of FortiGate 1100E.
• Learn how to deploy FortiGate 1100E across various network environments.
• Acquire practical experience with essential configuration and management tasks.
• Understand security policies, NAT, and VPNs.
• Learn to monitor and maintain FortiGate 1100E.

This instructor-led, live training in Paris (online or onsite) targets intermediate-level network administrators seeking to manage and secure their infrastructure using FortiGate firewalls.

Upon completion of this training, participants will be able to:

• Grasp FortiGate features and functionalities, with a focus on those introduced or enhanced in version 7.4.
• Configure and manage FortiGate devices while implementing advanced security capabilities.
• Deploy and manage advanced security measures such as IPS, antivirus, web filtering, and threat management.
• Monitor network activities, analyze logs, and generate reports for auditing and compliance purposes.

This instructor-led, live training in Paris (online or onsite) is aimed at intermediate-level technical professionals who wish to delve deeper into the technical aspects and functionalities of Fortinet’s product line to effectively recommend, sell, and implement Fortinet security solutions.

By the end of this training, participants will be able to:

• Gain in-depth knowledge of Fortinet’s advanced security solutions and products.
• Understand the technical features, benefits, and deployment scenarios for each core Fortinet product.
• Configure, manage, and troubleshoot Fortinet solutions in diverse environments.
• Apply Fortinet products to address complex security challenges and requirements.

This instructor-led live training in Paris (online or onsite) is designed for security professionals who wish to learn how to utilize Cortex XDR to prevent and stop sophisticated attacks and threats.

By the end of this training, participants will be able to:

• Understand the architecture and components of Cortex XDR.
• Create and manage profiles for exploit and malware prevention.
• Analyze behavioral threats and monitor response actions.
• Perform basic Cortex app troubleshooting.

This live, instructor-led training in Paris (available online or onsite) is designed for beginner-level technical professionals seeking to understand the Security Fabric concept and its evolution in addressing organizational cybersecurity needs.

By the end of this training, participants will be able to:

• Examine the evolution of cybersecurity and its impact on current security technologies.
• Utilize Fortinet products to protect against specific types of cyber threats and attacks.
• Comprehend the integration and automation capabilities of Fortinet solutions for coordinated cyber incident response.

This instructor-led, live training in Paris (online or onsite) is aimed at experienced developers who wish to gain a comprehensive understanding of Python programming and its applications in cybersecurity.

By the end of this training, participants will be able to:

• Use Python programming for defensive cybersecurity.
• Understand and use Python for ethical offensive techniques and digital forensics tasks.
• Recognize legal and ethical considerations surrounding offensive cybersecurity and vulnerability disclosure.

This instructor-led, live training in Paris (online or onsite) is aimed at security professionals who wish to learn how to troubleshoot Palo Alto Networks' next-generation firewalls.

By the end of this training, participants will be able to:

• Understand the architecture of the next-generation firewall.
• Investigate and troubleshoot networking issues using firewall tools.
• Analyze advanced logs to resolve real-life scenarios.

This instructor-led, live training in Paris (online or onsite) is aimed at beginner-level network security professionals who wish to learn the concept of cybersecurity and the current global threat landscape.

By the end of this training, participants will be able to:

• Understand the current global threat landscape and identify the main types of cyber adversaries.
• Recognize the primary types of malware and the mechanics of cyber attacks.
• Understand the basics of network security and the importance of a layered security approach.
• Learn about Fortinet's Security Fabric and how it addresses modern cybersecurity challenges.

This instructor-led, live training in Paris (online or onsite) is designed for intermediate-level network and security professionals who wish to proficiently manage and secure networks using Fortigate 600E equipment, with a specific focus on HA configurations to enhance reliability and performance.

Upon completion of this training, participants will be capable of:

• Grasping the features, specifications, and operational principles of the Fortigate 600E firewall.
• Executing the initial setup of the Fortigate 600E, including fundamental configuration tasks such as establishing interfaces, routing, and initial firewall policies.
• Configuring and overseeing advanced security features, including SSL VPN, user authentication, antivirus, Intrusion Prevention System (IPS), web filtering, and anti-malware capabilities, to safeguard against diverse network threats.
• Diagnosing common issues in HA setups and effectively managing HA environments.

This instructor-led live training in Paris (online or onsite) is tailored for security professionals who wish to learn how to manage firewalls at scale.

By the end of this training, participants will be able to:

• Design, configure, and manage the Panorama firewall management server.
• Manage policies using device groups.
• Deploy network configurations to different firewalls.

The EC-Council Certified DevSecOps Engineer (ECDE) certification offers a practical curriculum designed to empower professionals with the expertise needed to integrate security throughout the DevOps lifecycle, ensuring robust software protection from initial planning through to deployment.

Delivered via instructor-led live sessions (available online or on-site), this training targets intermediate-level software engineers and DevOps practitioners aiming to embed security controls into CI/CD pipelines for secure and compliant code delivery.

Upon completion, participants will be capable of:

• Mastering the core principles and methodologies of DevSecOps.
• Securing every phase of the CI/CD pipeline using automation tools.
• Executing secure coding standards and vulnerability assessment techniques.
• Effectively preparing for the ECDE certification through extensive hands-on labs and review.

Course Format

• Engaging lectures and interactive discussions.
• Practical application of DevSecOps tools within simulated pipeline environments.
• Guided exercises emphasizing secure development and deployment strategies.

Customization Options

• For tailored training aligned with your team’s specific workflows or technology stack, please reach out to us to arrange.

This instructor-led live training in Paris (online or onsite) is designed for experienced network security managers aiming to acquire the knowledge and skills necessary to deploy, manage, and troubleshoot Fortinet’s FortiGate security appliances running on FortiOS 7.2 as an NSE4 Network Security Professional.

By the end of this training, participants will be able to:

• Understand Fortinet’s product portfolio and the role of FortiOS in network security.
• Implement effective firewall policies, security profiles, and Network Address Translation (NAT).
• Utilize security services and ensure network redundancy and failover.
• Implement security best practices and optimize security policies for compliance and threat mitigation.

This live, instructor-led training in Paris (online or on-site) is designed for security professionals who wish to learn the fundamentals of managing Palo Alto Networks' next-generation firewalls.

By the end of this training, participants will be able to:

• Configure and manage Palo Alto Networks' firewall essential features.
• Manage security and NAT policies.
• Manage threat prevention strategies.
• Monitor network threats and traffic.

User session recording technology is utilized to capture, monitor, and audit user activity on IT systems, providing valuable insights for security, compliance, and forensic investigations.

This instructor-led live training, available online or onsite, is designed for beginner to intermediate-level IT and security professionals who aim to implement user session recording solutions to enhance monitoring, compliance, and accountability.

By the end of this training, participants will be able to:

• Grasp the principles of user session recording.
• Deploy and configure session recording solutions.
• Analyze and audit recorded sessions for compliance.
• Integrate session recording with security monitoring systems.

Format of the Course also allows for the evaluation of participants.

• Interactive lecture and discussion.
• Abundant exercises and practice.
• Hands-on implementation in a live-lab environment.

Course Customization Options

• To request a customized training for this course, please contact us to arrange.

This instructor-led, live training in Paris (online or onsite) is aimed at sysadmins who wish to use 389 Directory Server to configure and manage LDAP-based authentication and authorization.

By the end of this training, participants will be able to:

• Install and configure 389 Directory Server.
• Understand the features and architecture of 389 Directory Server.
• Learn how to configure the directory server using the web console and CLI.
• Set up and monitor replication for high availability and load balancing.
• Manage LDAP authentication using SSSD for faster performance.
• Integrate 389 Directory Server with Microsoft Active Directory.

This instructor-led, live training in Paris (online or onsite) is designed for system administrators who wish to use Microsoft Active Directory to manage and secure data access.

By the end of this training, participants will be able to:

• Set up and configure Active Directory.
• Set up a domain and define access rights of users and devices.
• Manage users and machines through Group Policies.
• Control access to file servers.
• Set up a Certificate Service and manage certificates.
• Implement and manage services such as encryption, certificates, and authentication.

Description:

Basel III represents a global regulatory framework addressing bank capital adequacy, stress testing, and market liquidity risk. Originally established by the Basel Committee on Banking Supervision in 2010–11, the Accord’s implementation timeline has been extended to March 31, 2019. Basel III enhances bank capital requirements by boosting liquidity and reducing leverage.
Unlike Basel I & II, Basel III mandates different reserve levels for various deposit types and borrowings, working in tandem with rather than replacing its predecessors.
Navigating this complex, evolving landscape can be challenging. Our course and training support helps you manage anticipated changes and their impact on your institution. As an accredited training partner of the Basel Certification Institute, we guarantee that our materials and training quality remain current and effective.

Objectives:

• Prepare for the Certified Basel Professional Examination.
• Define hands-on strategies and techniques for defining, measuring, analyzing, improving, and controlling operational risk within a banking organization.

Target Audience:

• Board members with risk responsibilities
• CROs and Heads of Risk Management
• Members of the Risk Management team
• Compliance, legal, and IT support staff
• Equity and Credit Analysts
• Portfolio Managers
• Rating Agency Analysts

Overview:

• Introduction to Basel norms and amendments to the Basel Accord (III)
• Regulations for market, credit, counterparty, and liquidity risk
• Stress testing for various risk measures, including how to formulate and deliver stress tests
• The likely effects of Basel III on the international banking industry, including demonstrations of its practical application
• Need for the new Basel norms
• The Basel III norms
• Objectives of the Basel III norms
• Basel III timeline

Android is an open-source platform designed for mobile devices, including smartphones and tablets. It offers a wide range of security features to facilitate the development of secure software; however, it lacks certain security aspects found in other mobile platforms. This course provides a comprehensive overview of these features and highlights the most critical shortcomings related to the underlying Linux environment, the file system, and the general runtime environment, as well as issues concerning permissions and other Android development components.

The course describes typical security pitfalls and vulnerabilities affecting both native code and Java applications, along with recommendations and best practices to prevent and mitigate them. Many of the discussed issues are supported by real-life examples and case studies. Finally, a brief overview is provided on using security testing tools to identify security-related programming bugs.

Participants attending this course will

• Understand basic concepts of security, IT security, and secure coding
• Learn about the security solutions available on Android
• Learn to utilize various security features of the Android platform
• Gain information about recent Java vulnerabilities on Android
• Learn about typical coding mistakes and how to avoid them
• Gain an understanding of native code vulnerabilities on Android
• Realize the severe consequences of insecure buffer handling in native code
• Understand architectural protection techniques and their weaknesses
• Obtain sources and further readings on secure coding practices

Audience

Professionals

Implementing a secure networked application can be challenging, even for developers who have prior experience with cryptographic building blocks such as encryption and digital signatures. To ensure participants grasp the role and usage of these cryptographic primitives, the course first establishes a solid foundation on the core requirements of secure communication—including secure acknowledgment, integrity, confidentiality, remote identification, and anonymity. It also highlights typical threats that can compromise these requirements, alongside real-world solutions.

Given that cryptography is a critical aspect of network security, the course discusses essential cryptographic algorithms in symmetric cryptography, hashing, asymmetric cryptography, and key agreement. Rather than focusing on in-depth mathematical theory, these concepts are presented from a developer's perspective, featuring typical use-case examples and practical considerations such as public key infrastructures. Security protocols relevant to various areas of secure communication are introduced, with a detailed exploration of widely used protocol families like IPSEC and SSL/TLS.

The course also addresses common cryptographic vulnerabilities associated with specific algorithms and protocols, including BEAST, CRIME, TIME, BREACH, FREAK, Logjam, Padding Oracle, Lucky Thirteen, POODLE, and RSA timing attacks. For each issue, practical implications and potential consequences are described, without delving into complex mathematical details.

Finally, as XML technology plays a central role in data exchange for networked applications, the course covers the security aspects of XML. This includes the use of XML within web services and SOAP messages, along with protection mechanisms such as XML Signature and XML Encryption. It also examines weaknesses in these protection measures and XML-specific security issues like XML injection, XML External Entity (XXE) attacks, XML bombs, and XPath injection.

Participants attending this course will

• Understand basic concepts of security, IT security, and secure coding
• Understand the requirements of secure communication
• Learn about network attacks and defenses at different OSI layers
• Gain a practical understanding of cryptography
• Understand essential security protocols
• Understand some recent attacks against cryptosystems
• Get information about some recent related vulnerabilities
• Understand security concepts of Web services
• Get sources and further readings on secure coding practices

Audience

Developers, Professionals

This three-day course provides a comprehensive overview of the fundamental principles for securing C/C++ code against potential exploitation by malicious actors. It focuses on addressing vulnerabilities related to memory management and input handling, equipping participants with the essential knowledge needed to write robust and secure software.

Even seasoned Java developers do not necessarily master all the security services provided by Java, nor are they always fully aware of the vulnerabilities relevant to web applications written in Java.

In addition to introducing the security components of Standard Java Edition, this course addresses security issues in Java Enterprise Edition (JEE) and web services. The discussion of specific services is preceded by an exploration of cryptography foundations and secure communication. Various exercises cover declarative and programmatic security techniques in JEE, while both transport-layer and end-to-end security for web services are examined. All components are demonstrated through practical exercises, allowing participants to personally experiment with the discussed APIs and tools.

The course also reviews and explains the most common and severe programming flaws in the Java language and platform, along with web-related vulnerabilities. Beyond the typical errors made by Java programmers, the introduced security vulnerabilities encompass both language-specific issues and problems arising from the runtime environment. All vulnerabilities and associated attacks are illustrated through accessible exercises, followed by recommended coding guidelines and potential mitigation techniques.

Participants attending this course will

• Understand basic concepts of security, IT security, and secure coding
• Learn about web vulnerabilities beyond the OWASP Top Ten and know how to avoid them
• Understand the security concepts of web services
• Learn to utilize various security features of the Java development environment
• Gain a practical understanding of cryptography
• Understand the security solutions offered by Java EE
• Learn about typical coding mistakes and how to avoid them
• Receive information on some recent vulnerabilities in the Java framework
• Acquire practical knowledge in using security testing tools
• Obtain sources and further reading materials on secure coding practices

Audience

Developers

Description

The Java language and its Runtime Environment (JRE) were engineered to eliminate the most prevalent and dangerous security vulnerabilities commonly found in other languages, such as C and C++. However, software developers and architects must do more than simply utilize the positive security features available within the Java ecosystem; they must also maintain a keen awareness of the numerous vulnerabilities that remain pertinent to Java development, often referred to as 'negative security.'

The course introduces security services by first providing a concise overview of cryptographic foundations. This establishes a common baseline for understanding the purpose and mechanics of the relevant components. Participants will apply this knowledge through practical exercises, allowing them to experiment with the discussed APIs firsthand.

Furthermore, the course examines the most frequent and severe programming flaws inherent to the Java language and platform. This includes both typical errors made by Java developers and issues specific to the language and its environment. All vulnerabilities and corresponding attack vectors are illustrated through accessible exercises, followed by recommended coding guidelines and effective mitigation strategies.

Participants attending this course will

• Grasp fundamental concepts of security, IT security, and secure coding
• Explore Web vulnerabilities extending beyond the OWASP Top Ten and learn how to prevent them
• Learn to leverage various security features within the Java development environment
• Gain a practical understanding of cryptography
• Identify typical coding mistakes and learn how to avoid them
• Stay informed about recent vulnerabilities in the Java framework
• Receive resources and further reading materials on secure coding practices

Audience

Developers

Today, numerous programming languages can compile code for the .NET and ASP.NET frameworks. This environment offers robust tools for security development; however, developers must understand how to apply architectural and coding-level techniques to implement desired security features, prevent vulnerabilities, or limit their exploitation.

This course aims to train developers through extensive hands-on exercises. Participants will learn how to prevent untrusted code from executing privileged actions, protect resources via strong authentication and authorization, manage remote procedure calls, handle sessions, and implement various functional alternatives, among other skills.

The introduction to different vulnerabilities begins by highlighting typical programming errors common in .NET development. The discussion on ASP.NET vulnerabilities covers various environment settings and their impact. Furthermore, the topic of ASP.NET-specific vulnerabilities addresses general web application security challenges as well as specific issues and attack methods, such as ViewState attacks and string termination exploits.

Participants attending this course will

• Understand fundamental concepts of security, IT security, and secure coding
• Learn about web vulnerabilities beyond the OWASP Top Ten and know how to avoid them
• Learn to utilize various security features within the .NET development environment
• Gain practical knowledge on using security testing tools
• Identify typical coding mistakes and learn how to avoid them
• Receive information on recent vulnerabilities in .NET and ASP.NET
• Access sources and further reading materials on secure coding practices

Audience

Developers

This course introduces key security concepts and provides an overview of vulnerabilities across different programming languages and platforms. It explains how to manage software security risks throughout the various stages of the software development lifecycle. Without delving into technical specifics, it highlights some of the most prevalent and critical vulnerabilities in modern software development technologies. The course also addresses the challenges of security testing, offering techniques and tools to help identify existing issues in code.

Participants attending this course will

• Understand fundamental concepts of security, IT security, and secure coding.
• Gain insight into web vulnerabilities affecting both server and client sides.
• Recognize the severe consequences of improper buffer handling.
• Learn about recent vulnerabilities found in development environments and frameworks.
• Identify typical coding mistakes and learn how to avoid them.
• Understand security testing approaches and methodologies.

Audience

Managers

This course equips PHP developers with the essential skills needed to build applications that are resilient against modern Internet-based threats. It explores web vulnerabilities through practical PHP examples, extending beyond the OWASP Top Ten to address a wide range of injection attacks, script injections, session handling weaknesses, insecure direct object references, file upload issues, and more. PHP-specific vulnerabilities are categorized into standard types, such as missing or inadequate input validation, incorrect error and exception handling, misuse of security features, and time- or state-related flaws. Specific attacks discussed include open_basedir circumvention, denial-of-service via magic float, and hash table collision attacks. In each scenario, participants will learn the critical techniques and functions required to mitigate these risks.

A dedicated focus is placed on client-side security, addressing issues related to JavaScript, Ajax, and HTML5. The course introduces various PHP security extensions, including hash, mcrypt, and OpenSSL for cryptography, as well as Ctype, ext/filter, and HTML Purifier for input validation. Comprehensive hardening practices are covered, relating to PHP configuration (php.ini), Apache, and general server settings. Additionally, an overview is provided of various security testing tools and techniques available to developers and testers, such as security scanners, penetration testing, exploit kits, sniffers, proxy servers, fuzzing tools, and static source code analyzers.

Both the explanation of vulnerabilities and the configuration practices are reinforced through hands-on exercises that demonstrate the impact of successful attacks, illustrate how to apply mitigation strategies, and introduce the use of relevant extensions and tools.

Participants attending this course will

• Understand fundamental concepts of security, IT security, and secure coding
• Learn about web vulnerabilities beyond the OWASP Top Ten and know how to prevent them
• Gain knowledge of client-side vulnerabilities and secure coding practices
• Develop a practical understanding of cryptography
• Learn to utilize various security features in PHP
• Identify common coding mistakes and learn how to avoid them
• Stay informed about recent vulnerabilities in the PHP framework
• Acquire practical experience with security testing tools
• Access resources and further reading on secure coding practices

Audience

Developers

This comprehensive SDL Core training offers an in-depth look at secure software design, development, and testing methodologies through the lens of the Microsoft Secure Development Lifecycle (SDL). It provides a Level 100 overview of the fundamental building blocks of the SDL, followed by design techniques to help participants detect and remediate flaws early in the development process.

Focusing on the development phase, the course reviews common security-related programming bugs found in both managed and native code. It presents attack vectors for the discussed vulnerabilities alongside their mitigation techniques, all illustrated through practical exercises that engage participants with live hacking demonstrations. The training also introduces various security testing methods and demonstrates the effectiveness of different testing tools. Participants gain a practical understanding of these tools by applying them to previously discussed vulnerable code in hands-on exercises.

Participants attending this course will

Understand the core concepts of security, IT security, and secure coding

Become familiar with the essential steps of the Microsoft Secure Development Lifecycle

Learn secure design and development practices

Learn about secure implementation principles

Understand security testing methodology

• Access sources and further readings on secure coding practices

Audience

Developers, Managers

Once participants have become familiar with vulnerabilities and attack vectors, they will learn the general approach and methodology for security testing, as well as the techniques used to uncover specific vulnerabilities. The process begins with information gathering about the system under evaluation (ToC), followed by thorough threat modeling to identify and rate all potential threats, ultimately leading to a risk analysis-driven test plan.

Security evaluations occur at various stages of the Software Development Life Cycle (SDLC). This course covers design reviews, code reviews, reconnaissance, and information gathering about the system, as well as testing the implementation and hardening the environment for secure deployment. Detailed techniques such as taint analysis, heuristics-based code review, static code analysis, dynamic web vulnerability testing, and fuzzing are introduced. Participants will be exposed to various tools designed to automate the security evaluation of software products. These tools are reinforced through hands-on exercises, where participants execute them to analyze previously discussed vulnerable code. Additionally, numerous real-life case studies are provided to enhance understanding of different vulnerabilities.

This course prepares testers and QA staff to effectively plan and execute security tests, select and use the most appropriate tools and techniques to uncover hidden security flaws, and provides essential practical skills applicable immediately in the workplace.

Participants attending this course will

• Understand fundamental concepts of security, IT security, and secure coding
• Learn about web vulnerabilities beyond the OWASP Top Ten and how to mitigate them
• Gain knowledge of client-side vulnerabilities and secure coding practices
• Understand security testing approaches and methodologies
• Acquire practical experience in using security testing techniques and tools
• Access resources and further reading materials on secure coding practices

Audience

Developers, Testers

Protecting web-accessible applications demands well-prepared security professionals who remain constantly aware of current attack vectors and trends. A vast array of technologies and environments exists that facilitate the comfortable development of web applications. Professionals must not only be aware of security issues specific to these platforms but also of general vulnerabilities that apply regardless of the development tools used.

This course provides an overview of applicable security solutions for web applications, with a special focus on understanding the most important cryptographic solutions to be implemented. Various web application vulnerabilities are presented on both the server side (following the OWASP Top Ten) and the client side, demonstrated through relevant attacks, and followed by recommended coding techniques and mitigation methods to avoid associated problems. The subject of secure coding is concluded by discussing typical security-relevant programming mistakes in the areas of input validation, improper use of security features, and code quality.

Testing plays a crucial role in ensuring the security and robustness of web applications. Various approaches – from high-level auditing and penetration testing to ethical hacking – can be applied to identify vulnerabilities of different types. However, if you want to go beyond easily found low-hanging fruits, security testing must be well-planned and properly executed. Remember: security testers should ideally find all bugs to protect a system, whereas for adversaries, it is sufficient to find just one exploitable vulnerability to penetrate it.

Practical exercises will aid in understanding web application vulnerabilities, programming mistakes, and most importantly, mitigation techniques. Together with hands-on trials of various testing tools – from security scanners and sniffers to proxy servers, fuzzing tools, and static source code analyzers – this course provides essential practical skills that can be applied the very next day in the workplace.

Participants attending this course will

• Understand basic concepts of security, IT security, and secure coding
• Learn about web vulnerabilities beyond the OWASP Top Ten and know how to avoid them
• Learn about client-side vulnerabilities and secure coding practices
• Gain a practical understanding of cryptography
• Understand security testing approaches and methodologies
• Acquire practical knowledge in using security testing techniques and tools
• Be informed about recent vulnerabilities in various platforms, frameworks, and libraries
• Get sources and further readings on secure coding practices

Audience

Developers, Testers

Cyber Security involves implementing technologies, controls, and processes to safeguard computer systems, servers, networks, devices, applications, and data against malicious cyber threats.

This instructor-led live training (available online or onsite) is designed for anyone who wishes to learn how to protect internet-connected systems from various cyber threats.

By the end of this training, participants will be able to:

• Comprehend the concept of Cyber Security.
• Understand the different types of Cyber Security threats.
• Learn processes and best practices for protecting internet-connected systems from cyber attacks.

Format of the Course also allows for the evaluation of participants.

• Interactive lectures and discussions.
• Abundant exercises and practice sessions.
• Hands-on implementation in a live-lab environment.

Course Customization Options

• To request a customized training for this course, please contact us to arrange.

This instructor-led, live training in Paris (online or on-site) is designed for IT professionals who wish to learn and apply the fundamentals of Cybersecurity practices, processes, and tools in their organization.

By the end of this training, participants will be able to:

• Comprehend Cybersecurity concepts, definitions, architecture, and principles.
• Acquire skills to secure and protect digital assets (networks, systems, applications, and data).
• Implement security models, frameworks, operational techniques, and incident handling procedures.
• Evaluate and mitigate the impact of cyber attacks, risks, threats, and vulnerabilities.
• Gain insights into cybersecurity challenges associated with emerging technologies.

This instructor-led live training in Paris (online or on-site) is designed for software engineers and IT professionals seeking to deepen their understanding of CyBOK and strengthen their theoretical and practical cyber security skills.

Upon completion of this training, participants will be able to:

• Grasp the fundamental concepts, definitions, and principles of cyber security.
• Develop in-depth cyber security expertise by applying CyBOK knowledge areas.
• Acquire comprehensive foundational knowledge to effectively implement the CyBOK framework.
• Support community and organizational initiatives to prioritize data security and privacy.
• Explore opportunities to obtain specializations and credentials for cyber security careers.

This course is designed for individuals who need to gather intelligence or evidence from the Dark Web. It is typically aimed at those working in government or law enforcement, though it may also benefit professionals in the private sector.

In this instructor-led, live course in Paris, participants will learn how to develop an effective security strategy to address the challenges of DevOps security.

This course offers leaders and managers a comprehensive overview of the key issues and activities related to cybersecurity.

Leaders will gain insights across various topics designed to expand their knowledge and refine their executive decision-making capabilities in addressing cybersecurity threats.

Upon completing this training, participants will be able to:

• Grasp the concepts of Internet and social network privacy
• Understand Personally Identifiable Information (PII) and its significance
• Learn how to protect online activities
• Know how to safeguard the privacy of business users
• Gain awareness of cyber laws that protect privacy

Course Format

• Interactive lectures and discussions
• Extensive exercises and practice sessions
• Hands-on implementation in a live-lab environment

Course Customization Options

• To request customized training for this course, please contact us to arrange.

This instructor-led, live training in Paris (online or onsite) is aimed at security engineers and system administrators who wish to use FortiGate NGFW's advanced security-driven network systems to protect their organization from internal and external threats.

By the end of this training, participants will be able to:

• Install and configure the preferred FortiGate NGFW software and hardware model.
• Operate and employ FortiGate NGFW to improve the efficiency of system administration tasks.
• Manage various forms of external and internal threats using FortiGate features.
• Integrate FortiGate security fabric with the entire IT infrastructure to provide quick automated protection.
• Ensure long-term protection from attacks with independent and continuous FortiGate threat intelligence.
• Troubleshoot the most common firewall system setup errors relevant to FortiGate NGFWs.
• Implement Fortinet security solutions in other enterprise applications.

This instructor-led live training in Paris (online or onsite) is designed for system administrators who wish to use FreeIPA to centralize authentication, authorization, and account information for their organization's users, groups, and machines.

By the end of this training, participants will be able to:

• Install and configure FreeIPA.
• Manage Linux users and clients from a single central location.
• Use FreeIPA's CLI, Web UI, and RPC interface to set up and manage permissions.
• Enable Single Sign-On authentication across all systems, services, and applications.
• Integrate FreeIPA with Windows Active Directory.
• Backup, replicate, and migrate a FreeIPA server.

This instructor-led, live training in Paris (online or onsite) is designed for software testers aiming to safeguard their organization's network infrastructure using Nmap.

Upon completing this training, participants will be capable of:

• Setting up the required testing environment to begin utilizing Nmap.
• Scanning network systems to identify security vulnerabilities.
• Identifying active and vulnerable hosts.

This instructor-led, live training in Paris (online or onsite) is tailored for system administrators who wish to leverage Okta for identity and access management.

By the end of this training, participants will be able to:

• Configure, integrate, and manage Okta.
• Integrate Okta into an existing application.
• Implement security through multi-factor authentication.

This instructor-led, live training in Paris (online or onsite) is aimed at intermediate-level system administrators and IT professionals who wish to install, configure, manage, and secure LDAP directories using OpenLDAP.

By the end of this training, participants will be able to:

• Understand the structure and operation of LDAP directories.
• Install and configure OpenLDAP for various deployment environments.
• Implement access control, authentication, and replication mechanisms.
• Use OpenLDAP with third-party services and applications.

This instructor-led live training in Paris (online or onsite) is aimed at system administrators who wish to use OpenAM to manage identity and access controls for web applications.

By the end of this training, participants will be able to:

• Set up the necessary server environment to begin configuring authentication and access controls using OpenAM.
• Implement single sign-on (SSO), multi-factor authentication (MFA), and user self-service features for web applications.
• Use federation services (OAuth 2.0, OpenID, SAML v2.0, etc.) to securely extend identity management across different systems or applications.
• Access and manage authentication, authorization, and identity services through REST APIs.

This instructor-led live training in Paris (online or onsite) is aimed at system administrators who wish to use OpenDJ to manage their organization's user credentials in a production environment.

By the end of this training, participants will be able to:

• Install and configure OpenDJ.
• Maintain an OpenDJ server, including monitoring, troubleshooting, and optimizing for performance.
• Create and manage multiple OpenDJ databases.
• Back up and migrate an OpenDJ server.

OpenVAS is a sophisticated open-source framework comprising multiple services and tools designed for network vulnerability scanning and management.

During this instructor-led live training, participants will gain the skills necessary to utilize OpenVAS effectively for network vulnerability scanning.

Upon completion of this training, participants will be able to:

• Install and configure OpenVAS
• Understand the core features and components of OpenVAS
• Configure and execute network vulnerability scans using OpenVAS
• Review and interpret OpenVAS scan results

Audience

• Network engineers
• Network administrators

Course Format

• A blend of lectures, discussions, exercises, and extensive hands-on practice

Note

• To request a customized training for this course, please contact us to make arrangements.

This instructor-led, live training in Paris (online or onsite) is designed for developers seeking to prevent malware intrusion using Palo Alto Networks.

Upon completion of this training, participants will be able to:

• Establish the required development environment to begin firewall development.
• Deploy a Palo Alto firewall on a cloud server.
• Control packet flow through Palo Alto firewalls.
• Understand QoS classifications and types.

This course aims to assist with the following objectives:

1. Enable developers to master the techniques of writing secure code.
2. Assist software testers in verifying application security prior to deployment in the production environment.
3. Help software architects comprehend the risks associated with their applications.
4. Support team leaders in establishing security baselines for developers.
5. Guide web masters in configuring servers to prevent misconfigurations.

This course explores secure coding concepts and principles in Java, guided by the testing methodology of the Open Web Application Security Project (OWASP). OWASP is an online community dedicated to producing freely accessible articles, methodologies, documentation, tools, and technologies focused on web application security.

This course examines secure coding concepts and principles using ASP.NET, guided by the testing methodology of the Open Web Application Security Project (OWASP). OWASP is an online community that provides freely accessible articles, methodologies, documentation, tools, and technologies focused on web application security.

The course delves into the security features of the .NET Framework and demonstrates how to secure web applications.