Certified Secure

Hands-On Trainings

During the Certified Secure hands-on trainings, the participants will work hands-on with various selected Certified Secure challenges. The Certified Secure instructor will provide the participants with expert guidance and extensive support for all the covered subjects. By experiencing security in a hands-on fashion, all the participants are able to develop their Hacker Mindset and applied cybersecurity skills.

Request quote

Full Stack - Artificial Interference

Hands-On Training

Training Duration
Maximum participants
16 hours
50 participants

The brand-new Certified Secure “Artificial Interference” challenge takes the center stage in this full stack security training. During this (2.0 days) hands-on security training, the participants are tasked with shutting down the rogue (fictious) “SaltPilot” artificial intelligence.

During their mission the participants will be confronted with a multitude of different systems and technologies, ranging from AI systems, frontend- and backend-applications to mobile applications and complete cloud deployments. With 1-on-1 expert guidance from dedicated Certified Secure instructors, the participants will work hands-on identifying, understanding and exploiting vulnerabilities in these systems.

The participants will gain a profound and in-depth understanding of all the presented vulnerabilities and will be provided with expert guidance on the best method of mitigating and preventing these vulnerabilities in their own projects.

During the training the Certified Secure instructor will discuss the various vulnerabilities in the context of the Secure Product Lifecycle (SPLC) and will highlight the importance and benefits of secure development, security testing, security tooling and, of-course, the Hacker Mindset. Extra time will be allocated to give the participants hands-on guidance on how to integrate best-practices, security checklists and security tooling during their day-to-day work.

Frontend, backend and server/infrastructure security
Mobile and client-side security vulnerabilities
AI: Prompt Injection vulnerabilities
AI: Security Risks of using Large Language Models (LLMs)
AI: Vulnerabilities in Large Language Models (LLMs)
Security misconfiguration vulnerabilities
Authentication/authorization vulnerabilities
Disclosure of sensitive information vulnerabilities
SQL Injection vulnerabilities
Cross Site Scripting vulnerabilities
Sensitive information in source code repositories vulnerabilities
Server-side Request Forgery (SSRF) vulnerabilities
Session/State Management vulnerabilities
Insecure Direct Object Reference (IDOR) vulnerabilities
Public cloud (AWS) vulnerabilities
Kubernetes vulnerabilities
Cloud-based privilege escalation vulnerabilities
Dependency and patch management
DevOps vulnerabilities
Vulnerabilities in cloud metadata services

Web Application Security Deep Dive

Hands-On Training

Training Duration
Maximum participants
8 hours
20 participants

The Web Application Security Deep Dive training takes the Hacker Mindset of the participants to the next level. The participants will work hands-on with multiple advanced Certified Secure challenges and will learn how to keep developing their Hacker Mindset. This training surpasses the “standard” vulnerabilities and introduces multiple new vulnerabilities and techniques.

The following subjects are covered in the Web Application Security Deep Dive training:

Advanced Hacker Mindset
Logic and state transition vulnerabilities
TOCTOU (Time-Of-Check-Time-Of-Use) vulnerabilities
Type Confusion vulnerabilities
MongoDB injection vulnerabilities
CSP bypass vulnerabilities
Selected Certified Secure advanced challenges

Case Study - Botnet Takedown

Hands-On Training

Training Duration
Maximum participants
8 hours
20 participants

The Botnet Takedown training is based on (IoT) malware that is being used to perform a DDoS attack. Working hands-on and together with their Certified Secure instructor the participants will analyze multiple network-based tracks and will uncover the owner of the DDoS botnet.

After completing the Certified Secure Botnet Takedown training all the participants will have decent understanding of networking and DDoS attacks and will be able to perform basic network analysis tasks.

The following subjects are covered in this training:

DDoS techniques – generic
Introduction IPv4/IPv6
Introduction botnets
Network analysis (Wireshark)
Netflow analysis (log files)
Memory analysis
Secure Sockets Layer (SSL)

Basic

Hands-On Training

Training Duration
Maximum participants
8 hours
20 participants

During the basic training the participants will work hands-on with multiple security challenges and will complete both the Certified Secure Essential Security and Essential Specialties certifications. At the start of the training the Certified Secure instructor will provide the participants with relevant background information after which the participants will directly start to work hands-on with several SQL Injection and Path Traversal challenges. During the training, the Certified Secure instructor will provide expert knowledge and 1-on-1 guidance to all the participants.

The following subjects are covered in this training:

Hacker Mindset
Certified Secure Essential Security
Certified Secure Essential Specialties
Blackbox thinking and working
Finding and exploiting web application vulnerabilities
Selected SQL Injection and Path Traversal vulnerabilities

Intermediate

Hands-On Training

Training Duration
Maximum participants
8 hours
20 participants

The Certified Secure Intermediate Training is the logical next step after completing the basic training. This training introduces Cross-Site Scripting and network/server related vulnerabilities. All participants complete the Certified Secure Security Specialist certification.

All participants for the Certified Secure Intermediate training must have completed the Certified Secure Essential Security certification and have a score of at least 33% for the Certified Secure Essential Specialties certification.

The following subjects are covered in this training:

Hacker Mindset
Certified Secure Security Specialist
Same Origin Policy
Cross-Site Scripting vulnerabilities
Networking protocols (TCP/IP, HTTP, HTTPs)
Port, service and version scanning
Advanced SQL Injection and Path Traversal vulnerabilities
Finding and exploiting multiple web application and server vulnerabilities

Web/Server Security Specialist

Hands-On Training

Training Duration
Maximum participants
8 hours
20 participants

During the Web/Server Security Specialist training the participants will work hands-on and focus on finding and exploiting multiple intermediate web application and server vulnerabilities. All participants complete the Certified Secure Security Web Security Specialist and Server Security Specialist certifications. All participants for this training must have completed the Certified Secure Security Specialist certification.

The following subjects are covered in this training:

Hacker Mindset
Certified Secure Web Security Specialist
Certified Secure Server Security Specialist
Cross-Site Request Forgery (XSRF)
Client-side authentication vulnerabilities
Dynamic script uploading vulnerabilities
Default and predictable password vulnerabilities
Advanced port, service and version scanning
Finding and exploiting multiple web application and server vulnerabilities

More Information

Thanks for your interest in our Certified Secure LIVE trainings! Complete the form displayed below and we will contact you as soon as possible. We are also directly reachable at +31 70 3101340 or via email at info@certifiedsecure.com. Our privacy statement is applicable to this form.