Are you looking for world-class security training?
Delivered by seasoned professionals, who have spent years practicing what they train, we specialize in small classroom, instructor-lead heavily hands-on training that is tailored and customizable to our customers' needs.
KRvW instructors clearly present various technical topics, and then to drive them home through a series of hands-on exercises that reinforce the lecture content and help the students internalize what they've learned.
This allows them to take concepts and immediately put them into practice.
View Course CatalogWe have a small cadre of highly qualified instructors who have years of experience in the field. By maintaining these standards, we have built a substantial track record of successful deliveries and maintaining the highest levels of customer satisfaction.
Since our classes are generally on-site at customer locations, and since we charge per class, and not per student, we can help you get the most out of your training budget. The on-site training also minimizes down time that your employees will spend away from their offices.
The list below contains brief summaries of our primary course offerings. Detailed descriptions, including course outlines and pricing options, are available upon request. We are also happy to customize and tailor our courses to suit your individual needs.
Select a course below to view details.
Don't have the time? Can your team only be spared for a day?
We tailor each program to your organizations needs, time requirements and budget.
Our “biathlons” are built to give software developers and information security personnel a rapid immersion into how to break the security of weak applications and how to build secure applications. The classes are intensively hands-on with labs using virtual machines. The labs step through common application security defects and how they can be exploited. Folllowing the break ‘em labs, the class revisits the same security defects and focuses on how to build secure code that isn’t so vulnerable to being so easily broken.
Our biathlons are currently available for web applications in Java and Apple's iOS in Objective C.
We encourage security and software development staff to take these biathlons in pairs. However, software developers and security staff with basic backgrounds in software development will benefit from them as well.
We tailor each program to your organizations needs, time requirements and budget. Contact us to learn more.
Don't have the time? Can your team only be spared for a day?
We tailor each program to your organizations needs, time requirements and budget.
This class starts with a description of the security problems faced by today's software developer, as well as a detailed description of today's most common web application security defects, following the venerable OWASP Top-10 (2010) list, along with a few additional weaknesses not found on the OWASP list. Each security defect is presented along with a hands-on exercise in which each student gets to see the vulnerability first hand, in order to thoroughly internalize the issues. Remediation techniques and strategies, complete with source code examples, are also covered for most of the defects (where applicable). Following this, attention is turned to effective techniques that can be used during software design, coding, and security testing.
This class is available in two versions: Java EE and C#. The primary difference in the versions is the source code examples used throughout the class.
If you are looking for PCI-DSS training for your software developers, consider this course.
There is also an optional 1-day Java coding lab addition to our 3-day web application security class. This optional day includes 3 in-depth coding labs for Java developers to fine tune their Java EE skills. The labs include patching existing Java EE code to make it resilient to cross-site scripting (XSS) and SQL injection flaws, as well as adding various role-based access control code to some existing web servlets. Additionally, in this 1-day add-on, students will get hands-on exposure to a commercial static code analysis tool by analyzing some existing open source Java software. Familiarity with software development in Java is strongly recommended. NOTE: The optional coding lab is not currently available in C#.
The ideal student for this class is a hands-on web application developer or architect who is looking for a fundamental understanding of today's best practices in secure software development.
We tailor each program to your organizations needs, time requirements and budget. Contact us to learn more.
This class provides a rock solid foundation for the intrusion detection practitioner. It describes the background and basics of IDS/IPS, how they work, how they are commonly deployed, and such. It then uses extensive hands-on labs to demonstrate to the students how to install and configure the popular open source Snort IDS/IPS engine. Hands-on labs include attacking a Snort equipped virtual machine with commonly used attack tools and methods. The attacks include both operating system and application level methods. The Snort IDS is used to detect the attacks, the results of which are then checked and discussed. Students also learn how to create customized Snort rules. Lastly, common pitfalls and how to avoid them, along with practical tips for how to deploy an IDS network are discussed.
The ideal student for this class is a hands-on IT security practitioner, with a solid working knowledge of TCP/IP networking and common operating systems.
Feel free to contact us if you are interested in any of our services or have any additional questions. We look forward to hearing from you!
Kenneth R. van Wyk