P1 Security

Foundation

Secure Development in C and C++
Topics: Taxonomy of known vulnerabilities, practical study of buffer overflows, stack overflows, heap overflows, integer overflows, off-by-ones, off-by-few, race conditions, dangling pointers, meta-character insertion, memory management errors,  auditing and detection of security vulnerabilities, insecure coding patterns, training code for hands on code review and analysis, secure QA methods, state of the art protection and mitigation techniques, system hardening techniques, kernel side, nx, aslr, compiler side, SSP, canaries, Propolice.
Level: 1 (Foundation)
Duration: 2 days
Audience: Application and System Developers

Secure Web Development
Topics: Web security models, web security bugs, XSS, SQL injection, advanced SQL injection, XPath and XQuery injection, PHP security issues and fixes, Web 2.0 vulnerabilities (AJAX, CSS), XML HTTP Request vulnerabilities, Web 2.0 API exposure, Python, Django and Ruby on Rails security.
Level: 1 (Foundation)
Duration: 2 days
Audience: Web Developers

Secure Software Development and Vulnerability Management for the Project Manager
Topics: Security Design and Planning, attack surface, compared security strength of technologies, test planning, development methodologies and their corresponding security, code security metrics, bug management, language choice impact on security, security architectures, N-tier security models, database security, 3rd party auditing and routine code auditing, QA and security QA integration.
Level: 1 (Foundation)
Duration: 1 day
Audience: Project managers, QA engineers, software team leaders

Advanced

Advanced Vulnerability Analysis in C and C++ Sources
Topics: Real life code audits, kernel protection, aslr, ssp, nx, SElinux, pre-linking, current hardened systems security enhancements limits and their exploitability, advanced exploitation techniques, return to libc, ret to esp, heap spray, state of the art heap overflow, vulnerability root cause analysis and patch development methodology, debugging for security analysis, browser-side vulnerabilities, SSP and canaries bypass.
Level: 2 (Advanced)
Requires: level 1
Duration: 2 days

Analysis and Exploitation of Telecom Equipments, Infrastructure and Software
Topics: Telecom security environment, walled garden vs. open paradigms, National Critical Infrastructure Protection impact on telecom security, SS7 and telecom signaling vulnerabilities, Telecom equipment customer acceptance testing, VoIP security, SBC vulnerabilities, telecom proprietary software, H248 vulnerabilities, PABX attacks and protection, hands-on SS7 auditing, practical attack and defense of telecom infrastructure.
Level: 2 (Advanced)
Requires: level 1
Duration: 2 days

Experts

Advanced Vulnerability Exploitation in Binary format (Unix)
Topics: Real life code audits (kernel protection, aslr exploitation, ssp), Exploit writing, Binary-based Reverse Engineering, Hardcore debug practice, x86/x64 vs embedded systems vulnerabilities, Doug Lea’s malloc, PTmalloc, fuzzing and other vulnerability research techniques, black box vs. clear box security audit in practice, hands-on static vs. dynamic analysis, exploitability metrics, crash to proof of concept workflow.
Level: 3 (Experts)
Requires: level 2
Duration: 2 days

Exploiting BIOS and low-level systems vulnerabilities
Topics: Firmware reverse engineering, BIOS principles and vulnerabilities, Hardware interface, firmware vulnerabilities, 16 bits  real mode development and debugging, 16b backdoor development and protection techniques, low-level security principles and architecture, TPM and protected boot, Intel TXT security feature, Lagrande technology, Bootkit, pre-bootauthentication schema, OpenBoot vs. EFI vs. BIOS vs. PXE.
Level: 3 (Experts)
Requires: level 2
Duration: 2 days

Kernel-side security, vulnerabilities and secure development (Unix)
Topics: Kernel vs. Userland progression paradigms, ring 0 to ring 3 in Intel architectures, Kernel modules and drivers development and assesment, kernel debugging, kernel protection techniques, x86 vs. x64 kernels, Null pointer derefance, slabs overflows, kernel buffer and heap overflows, kernel race conditions and non-reentrant routines, remote and local kernel Denial of Service, secure kernel development methods and tools.
Level: 3 (Experts)
Requires: level 2
Duration: 2 days