Ideal for teams that…
Application and infrastructure security — a workshop for technical teams.
How to understand application architecture and identify its weak points
How to detect vulnerabilities in network services and web/mobile applications
How to apply risk assessment models (STRIDE, DREAD, CVSS) in a security context
How to use key pentesting tools (Nmap, Wireshark, Burp Suite, Metasploit)
How to conduct penetration tests following the stages: planning, execution, reporting
How to create recommendations and reports after tests in line with best practices
What we actually do
- · Application workflow
- · Key application components
- · Typical communication issues between components (weak points)
- · TCP/IP protocol
- · OSI model layers
- · Key network services and their use
- · Common vulnerabilities of network services
- · Network security models
- · Firewalls, IDS/IPS
- · Network segmentation
- · Common threats and detection methods
- · Definition of risk
- · Risk identification and assessment methods
- · STRIDE
- · DREAD
- · CVSS
- · Overview of OWASP Top 10 threats
- · Application testing in the OWASP context
- · Examples of real-world vulnerabilities
- · Goals and scope of infrastructure penetration tests
- · Scanning techniques and weakness detection
- · Examples of attacks and analysis
- · Security settings and system policies
- · Permissions and access control management
- · Incident detection and response
- · Nmap
- · Wireshark
- · Burp Suite
- · Metasploit
- · Using tools in security testing
- · Practical usage scenarios
- · Security threats specific to iOS and Android
- · Mobile application testing methods
- · Client-side and server-side security
- · Web application architecture
- · Common attack points
- · Programming mistakes and common vulnerabilities
- · Tools and techniques for web application testing
- · Planning
- · Execution
- · Reporting
- · Ethical aspects of penetration testing
- · Documentation and post-test recommendations
From brief to retro in 30 days.
Brief & diagnosis
A call with the team lead + a short survey for participants. We define goals, gap and context.
Program customization
We adapt modules, case studies and code examples to your stack. Approval in 5 days.
Workshop
Trainer-led sessions, hands-on, code review. Mentor available between sessions too.
Retro + report
Outcome report for the team and lead. 30 days of consulting included.
Send a brief. We'll reply within 1 day.
After a short brief we'll prepare a program and a quote. No obligations — it's just a starting point.
Thank you!
We'll get back to you within 1 business day.
Other programs for teams
See all →AWS Cloud Security Training
Application and infrastructure security — a workshop for technical teams.
Azure Cloud Security Training
Application and infrastructure security — a workshop for technical teams.
Container Security Management Training
Application and infrastructure security — a workshop for technical teams.