Executive Cyber Security Awareness Training Course

This instructor-led live training in Vietnam (online or onsite) is designed for system administrators who wish to use 389 Directory Server to configure and manage LDAP-based authentication and authorization.

By the end of this training, participants will be able to:

• Install and configure 389 Directory Server.
• Understand the features and architecture of 389 Directory Server.
• Learn how to configure the directory server using the web console and CLI.
• Set up and monitor replication for high availability and load balancing.
• Manage LDAP authentication using SSSD for faster performance.
• Integrate 389 Directory Server with Microsoft Active Directory.

This instructor-led live training, offered Vietnam (online or onsite), targets system administrators who aim to use Microsoft Active Directory for managing and securing data access.

By the conclusion of this training, participants will be able to:

• Set up and configure Active Directory.
• Establish a domain and define access rights for users and devices.
• Manage users and machines through Group Policies.
• Control access to file servers.
• Set up Certificate Services and manage certificates.
• Implement and manage services such as encryption, certificates, and authentication.

Building a secure networked application can be challenging, even for developers who have prior experience with cryptographic building blocks like encryption and digital signatures. To ensure participants grasp the role and application of these cryptographic primitives, the course begins by establishing a solid foundation on the core requirements of secure communication: secure acknowledgment, integrity, confidentiality, remote identification, and anonymity. It also addresses common threats that compromise these requirements along with practical solutions.

As cryptography is central to network security, the course covers essential algorithms in symmetric cryptography, hashing, asymmetric cryptography, and key agreement. Rather than focusing on deep mathematical theory, these topics are explored from a developer's perspective, featuring typical use-case examples and practical considerations such as public key infrastructures (PKI). The course also introduces security protocols used in secure communication, with detailed discussions on widely adopted protocol families like IPsec and SSL/TLS.

Common cryptographic vulnerabilities are examined, focusing on specific algorithms and protocols. Topics include BEAST, CRIME, TIME, BREACH, FREAK, Logjam, Padding Oracle, Lucky Thirteen, POODLE, and similar threats, as well as RSA timing attacks. For each issue, practical implications and potential consequences are described without delving into complex mathematical details.

Finally, given that XML technology is fundamental for data exchange in networked applications, the course covers XML security aspects. This includes the use of XML in web services and SOAP messages, along with protective measures such as XML Signature and XML Encryption. It also addresses weaknesses in these protections and XML-specific vulnerabilities like XML injection, XML External Entity (XXE) attacks, XML bombs, and XPath injection.

Participants attending this course will

• Understand basic concepts of security, IT security, and secure coding
• Understand the requirements of secure communication
• Learn about network attacks and defenses at different OSI layers
• Have a practical understanding of cryptography
• Understand essential security protocols
• Understand some recent attacks against cryptosystems
• Get information about some recent related vulnerabilities
• Understand security concepts of Web services
• Get sources and further readings on secure coding practices

Audience

Developers, Professionals

Developing secure C and C++ applications demands rigorous protection against malicious exploitation, memory corruption, and input validation bypasses. This program investigates vulnerability patterns such as buffer overflows, use-after-free errors, integer overflows, and type confusion. Participants will apply secure coding guidelines, static analysis tools, and defensive programming techniques to eliminate weaknesses, enforce input sanitization, and deliver hardened software resilient against cyberattacks.

Even seasoned Java developers often do not fully master the full spectrum of security services provided by Java, nor are they always aware of the diverse vulnerabilities that impact web applications built with Java.

In addition to introducing the security components of Standard Java Edition, this course addresses the security challenges associated with Java Enterprise Edition (JEE) and web services. The discussion begins with the foundational principles of cryptography and secure communication before diving into specific services. Through a series of exercises, participants explore both declarative and programmatic security techniques within JEE, as well as transport-layer and end-to-end security for web services. The practical application of these components is demonstrated through hands-on exercises, allowing participants to experiment with the relevant APIs and tools firsthand.

The course also examines and explains the most common and critical programming flaws in the Java language and platform, alongside web-related vulnerabilities. Beyond typical errors made by Java developers, the covered security vulnerabilities encompass both language-specific issues and problems arising from the runtime environment. All identified vulnerabilities and their corresponding attacks are illustrated through accessible exercises, followed by recommended coding guidelines and effective mitigation strategies.

Participants attending this course will

• Grasp the fundamental concepts of security, IT security, and secure coding.
• Learn about web vulnerabilities extending beyond the OWASP Top Ten and discover how to prevent them.
• Understand the security concepts underlying web services.
• Gain proficiency in utilizing various security features within the Java development environment.
• Develop a practical understanding of cryptography.
• Comprehend the security solutions offered by Java EE.
• Identify typical coding mistakes and learn how to avoid them.
• Receive updates on recent vulnerabilities within the Java framework.
• Acquire hands-on experience with security testing tools.
• Access resources and further reading materials on secure coding practices.

Audience

Developers

Today, developers have access to various programming languages that compile code for the .NET and ASP.NET frameworks. While this environment offers robust tools for security development, it is essential for developers to master architecture-level and coding-level techniques to implement effective security measures, prevent vulnerabilities, and minimize their potential impact.

This course aims to equip developers with practical skills through extensive hands-on exercises. Participants will learn how to prevent untrusted code from executing privileged actions, safeguard resources using strong authentication and authorization mechanisms, manage remote procedure calls, handle sessions effectively, and explore alternative implementations for specific functionalities, among other critical topics.

The curriculum introduces various vulnerabilities by first examining common programming mistakes made when using .NET. The discussion on ASP.NET vulnerabilities also covers different environment settings and their implications. Furthermore, the course addresses ASP.NET-specific security challenges, including general web application security issues as well as specialized attacks such as ViewState manipulation and string termination attacks.

Participants attending this course will

• Grasp fundamental concepts of security, IT security, and secure coding practices
• Identify web vulnerabilities beyond the OWASP Top Ten and learn strategies to avoid them
• Utilize various security features available in the .NET development environment
• Acquire practical experience with security testing tools
• Recognize typical coding errors and understand how to prevent them
• Stay informed about recent vulnerabilities affecting .NET and ASP.NET
• Access resources and further reading materials on secure coding standards

Audience

Developers

This course equips PHP developers with the essential skills needed to make applications resilient against modern Internet-based attacks. Web vulnerabilities are explored through practical PHP examples that extend beyond the OWASP Top Ten, covering various injection attacks, script injections, weaknesses in session handling, insecure direct object references, file upload issues, and more. PHP-related vulnerabilities are categorized into standard vulnerability types, such as missing or improper input validation, incorrect error and exception handling, misuse of security features, and time- and state-related problems. For the latter category, we examine attacks including open_basedir circumvention, denial-of-service via magic floats, and hash table collision attacks. In each scenario, participants will learn key techniques and functions to mitigate these risks.

A significant emphasis is placed on client-side security, addressing issues related to JavaScript, Ajax, and HTML5. The course introduces various PHP extensions relevant to security, such as hash, mcrypt, and OpenSSL for cryptography, as well as Ctype, ext/filter, and HTML Purifier for input validation. Best practices for hardening the environment are discussed in the context of PHP configuration (php.ini), Apache server settings, and general server management. Additionally, participants will receive an overview of various security testing tools and techniques available to developers and testers, including security scanners, penetration testing methodologies, exploit kits, sniffers, proxy servers, fuzzing tools, and static source code analyzers.

The introduction of vulnerability concepts and configuration best practices is reinforced through hands-on exercises. These activities demonstrate the impact of successful attacks, illustrate how to implement mitigation strategies, and guide the use of various extensions and tools.

Participants completing this course will:

• Understand fundamental concepts of security, IT security, and secure coding.
• Gain insight into web vulnerabilities beyond the OWASP Top Ten and learn how to avoid them.
• Learn about client-side vulnerabilities and adopt secure coding practices.
• Develop a practical understanding of cryptography.
• Master the use of various PHP security features.
• Identify common coding mistakes and learn how to prevent them.
• Stay informed about recent vulnerabilities affecting PHP frameworks.
• Acquire practical experience using security testing tools.
• Access resources and further reading on secure coding practices.

Audience

Developers

This comprehensive training on the core principles of Secure Development Lifecycle (SDL) offers an in-depth look at secure software design, development, and testing methodologies as defined by Microsoft. It begins with a Level 100 overview of the fundamental components of SDL, then progresses to specific design techniques aimed at identifying and rectifying vulnerabilities during the early stages of development.

Focusing on the development phase, the course surveys common security-related programming errors found in both managed and native code environments. For each vulnerability discussed, attack vectors are presented alongside corresponding mitigation strategies. Participants engage in hands-on exercises that simulate live hacking scenarios to reinforce these concepts. The curriculum also introduces various security testing methodologies and demonstrates the effectiveness of different testing tools. Through practical exercises using vulnerable code samples, participants gain a clear understanding of how these tools operate.

Participants attending this course will

Grasp the fundamental concepts of security, IT security, and secure coding practices

Become familiar with the essential stages of the Microsoft Secure Development Lifecycle (SDL)

Acquire skills in secure design and development practices

Learn about principles for secure implementation

Understand security testing methodologies

• Access resources and further reading materials on secure coding practices

Audience

Developers, Managers

In this instructor-led live course in Vietnam, participants will learn how to develop the appropriate security strategy to tackle DevOps security challenges.

The EC-Council Certified DevSecOps Engineer (ECDE) program is a practical, hands-on course designed to empower professionals with the expertise needed to integrate security seamlessly across the entire DevOps lifecycle. This ensures that software development remains secure from the initial planning stages through to final deployment.

Delivered as an instructor-led live training session—available either online or on-site—this program targets intermediate-level software engineers and DevOps specialists who aim to embed robust security practices into their CI/CD pipelines, thereby guaranteeing the delivery of compliant and secure code.

Upon completion of this training, participants will gain the ability to:

• Comprehend the core principles and methodologies of DevSecOps.
• Secure all phases of the CI/CD pipeline using automated security tools.
• Apply secure coding standards and conduct vulnerability scanning effectively.
• Prepare confidently for the ECDE certification exam through practical labs and comprehensive reviews.

Course Format

• Engaging interactive lectures paired with group discussions.
• Practical, hands-on experience utilizing DevSecOps tools within simulated pipeline environments.
• Guided exercises specifically designed to reinforce secure development and deployment techniques.

Customization Options

• For tailored training programs adapted to your team’s specific workflows or toolchains, please reach out to us to arrange a customized schedule.

This instructor-led live training in Vietnam (online or onsite) is aimed at system administrators who wish to use FreeIPA to centralize the authentication, authorization and account information for their organization's users, groups, and machines.

By the end of this training, participants will be able to:

• Install and configure FreeIPA.
• Manage Linux users and clients from a single central location.
• Use FreeIPA's CLI, Web UI and RPC interface to set up and manage permissions.
• Enable Single Sign On authentication across all systems, services and applications.
• Integrate FreeIPA with Windows Active Directory.
• Backup, replicate and migrate an FreeIPA server.

This instructor-led, live training in Vietnam (online or onsite) is aimed at system administrators who wish to use Okta for identity and access management.

By the end of this training, participants will be able to:

• Configure, integrate, and manage Okta.
• Integrate Okta into an existing application.
• Implement security with multi-factor authentication.

This course aims to achieve the following:

1. Enable developers to master the techniques for writing secure code
2. Assist software testers in verifying application security prior to deployment in the production environment
3. Help software architects understand the risks associated with applications
4. Support team leaders in establishing security baselines for their development teams
5. Aid web administrators in configuring servers to prevent misconfigurations

This course explores secure coding concepts and principles for Java, utilizing the testing methodology of the Open Web Application Security Project (OWASP). The Open Web Application Security Project is a global community dedicated to developing freely available articles, methodologies, documentation, tools, and technologies focused on web application security.