Combined JAVA, PHP and Web Application Security Training Course

This instructor-led, live training in New Zealand (online or on-site) is designed for data scientists and software engineers who wish to use AdaBoost to develop boosting algorithms for machine learning with Python.

By the end of this training, participants will be able to:

• Set up the necessary development environment to begin building machine learning models with AdaBoost.
• Understand the ensemble learning approach and how to implement adaptive boosting.
• Learn how to build AdaBoost models to enhance machine learning algorithms in Python.
• Apply hyperparameter tuning to improve the accuracy and performance of AdaBoost models.

Building a secure networked application can be challenging, even for developers who have previously worked with various cryptographic components such as encryption and digital signatures. To help participants grasp the role and application of these cryptographic primitives, the course first establishes a solid foundation covering the core requirements of secure communication—secure acknowledgment, integrity, confidentiality, remote identification, and anonymity. It also explores typical issues that can compromise these requirements, along with real-world solutions.

As cryptography is a critical pillar of network security, the course examines key algorithms in symmetric cryptography, hashing, asymmetric cryptography, and key agreement. Rather than delving into complex mathematical theory, these topics are presented from a developer's perspective, featuring practical use cases and considerations such as the implementation of public key infrastructures. The course introduces security protocols across various domains of secure communication, with in-depth coverage of widely used protocol families like IPSEC and SSL/TLS.

Common cryptographic vulnerabilities are examined, including those affecting specific algorithms and protocols such as BEAST, CRIME, TIME, BREACH, FREAK, Logjam, Padding Oracle, Lucky Thirteen, POODLE, and the RSA timing attack. For each vulnerability, practical implications and potential consequences are outlined, again avoiding deep mathematical detail.

Finally, as XML plays a central role in data exchange for networked applications, the course addresses XML security. This includes the use of XML in web services and SOAP messages, along with protective measures such as XML signature and XML encryption. It also highlights weaknesses in these protections and XML-specific security threats, including XML injection, XML External Entity (XXE) attacks, XML bombs, and XPath injection.

Participants attending this course will

• Understand basic concepts of security, IT security and secure coding
• Understand the requirements of secure communication
• Learn about network attacks and defenses at different OSI layers
• Have a practical understanding of cryptography
• Understand essential security protocols
• Understand some recent attacks against cryptosystems
• Get information about some recent related vulnerabilities
• Understand security concepts of Web services
• Get sources and further readings on secure coding practices

Audience

Developers, Professionals

Developing secure C and C++ applications demands stringent defences against malicious exploitation, memory corruption, and the bypass of input validation. This course explores common vulnerability patterns, such as buffer overflows, use-after-free errors, integer overflows, and type confusion. Participants will implement secure coding guidelines, utilise static analysis tools, and apply defensive programming techniques to mitigate weaknesses, enforce rigorous input sanitization, and produce robust software that withstands cyberattacks.

Even seasoned Java programmers often don't fully grasp the full range of security services provided by Java, nor are they always aware of the various vulnerabilities that affect web applications written in Java.

Alongside introducing the security components of Standard Java Edition, this course addresses security issues within Java Enterprise Edition (JEE) and web services. The discussion of specific services is grounded in the fundamentals of cryptography and secure communication. Through a variety of exercises, participants explore declarative and programmatic security techniques in JEE, while also covering both transport-layer and end-to-end security for web services. The practical application of all these components is demonstrated through several hands-on exercises, allowing participants to test the discussed APIs and tools themselves.

The course also examines and explains the most common and severe programming flaws in the Java language and platform, as well as web-related vulnerabilities. Beyond typical bugs made by Java programmers, the security vulnerabilities covered include both language-specific issues and problems arising from the runtime environment. All vulnerabilities and their corresponding attacks are demonstrated through easy-to-understand exercises, followed by recommended coding guidelines and possible mitigation techniques.

Participants attending this course will

• Understand the basic concepts of security, IT security, and secure coding
• Learn about web vulnerabilities beyond the OWASP Top Ten and know how to avoid them
• Understand the security concepts of web services
• Learn to utilise various security features of the Java development environment
• Develop a practical understanding of cryptography
• Understand the security solutions offered by Java EE
• Learn about typical coding mistakes and how to avoid them
• Gain information about some recent vulnerabilities in the Java framework
• Acquire practical knowledge in using security testing tools
• Receive sources and further reading recommendations on secure coding practices

Audience

Developers

Description

The Java language and the Runtime Environment (JRE) were designed to be free from the most problematic common security vulnerabilities experienced in other languages, like C/C++. Yet, software developers and architects should not only know how to use the various security features of the Java environment (positive security), but should also be aware of the numerous vulnerabilities that are still relevant for Java development (negative security).

The introduction of security services is preceded with a brief overview of the foundations of cryptography, providing a common baseline for understanding the purpose and the operation of the applicable components. The use of these components is presented through several practical exercises, where participants can try out the discussed APIs for themselves.

The course also goes through and explains the most frequent and severe programming flaws of the Java language and platform, covering both the typical bugs committed by Java programmers and the language- and environment-specific issues. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques.

Participants attending this course will

• Understand basic concepts of security, IT security and secure coding
• Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
• Learn to use various security features of the Java development environment
• Have a practical understanding of cryptography
• Learn about typical coding mistakes and how to avoid them
• Get information about some recent vulnerabilities in the Java framework
• Get sources and further readings on secure coding practices

Audience

Developers

Today, a variety of programming languages can compile code to the .NET and ASP.NET frameworks. This environment offers robust tools for security development, yet developers must understand how to apply architecture- and coding-level programming techniques to implement desired security functions, avoid vulnerabilities, and limit their exploitation.

The aim of this course is to equip developers with the ability to prevent untrusted code from performing privileged actions, protect resources via strong authentication and authorization, provide remote procedure calls, handle sessions, introduce different implementations for certain functionality, and more, through numerous hands-on exercises.

The introduction to various vulnerabilities begins by presenting typical programming problems encountered when using .NET, while the discussion on ASP.NET vulnerabilities covers various environment settings and their impacts. Finally, the topic of ASP.NET-specific vulnerabilities addresses not only general web application security challenges but also special issues and attack methods, such as ViewState attacks and string termination attacks.

Participants attending this course will

• Understand fundamental concepts of security, IT security, and secure coding
• Learn about web vulnerabilities beyond the OWASP Top Ten and how to avoid them
• Learn to utilise various security features within the .NET development environment
• Gain practical knowledge in using security testing tools
• Learn about typical coding mistakes and how to avoid them
• Receive information regarding recent vulnerabilities in .NET and ASP.NET
• Access sources and further reading materials on secure coding practices

Audience

Developers

This course equips PHP developers with essential skills to build applications resilient against modern internet-based attacks. Web vulnerabilities are explored through PHP-focused examples that extend beyond the OWASP Top Ten, covering a range of injection attacks, script injections, session handling exploits in PHP, insecure direct object references, file upload issues, and more. PHP-specific vulnerabilities are introduced and categorised under standard vulnerability types such as missing or improper input validation, incorrect error and exception handling, misuse of security features, and time- and state-related issues. For the latter, we examine attacks like open_basedir circumvention, denial-of-service via magic floats, and hash table collision attacks. In each scenario, participants will become familiar with the most critical techniques and functions needed to mitigate these risks.

Special attention is given to client-side security, addressing security concerns related to JavaScript, Ajax, and HTML5. A variety of PHP security-related extensions are introduced, including hash, mcrypt, and OpenSSL for cryptography, as well as Ctype, ext/filter, and HTML Purifier for input validation. Best practices for hardening are presented in the context of PHP configuration (setting php.ini), Apache, and server-level settings. Finally, an overview is provided of various security testing tools and techniques available to developers and testers, including security scanners, penetration testing frameworks, exploit packs, sniffers, proxy servers, fuzzing tools, and static source code analyzers.

Both the introduction of vulnerabilities and the configuration practices are reinforced through numerous hands-on exercises. These demonstrate the real-world impact of successful attacks, illustrate how to apply mitigation techniques, and introduce the use of various extensions and tools.

Participants attending this course will

• Understand fundamental concepts of security, IT security, and secure coding
• Learn about web vulnerabilities beyond the OWASP Top Ten and how to prevent them
• Gain knowledge of client-side vulnerabilities and secure coding practices
• Develop a practical understanding of cryptography
• Learn how to utilise various PHP security features
• Identify typical coding mistakes and learn how to avoid them
• Stay informed about recent vulnerabilities in the PHP framework
• Gain hands-on experience with security testing tools
• Access resources and further reading materials on secure coding practices

Audience

Developers

The Combined SDL core training offers insight into secure software design, development and testing through the Microsoft Secure Development Lifecycle (SDL). It provides a Level 100 overview of the fundamental building blocks of SDL, followed by design techniques to detect and rectify flaws in the early stages of the development process.

Focusing on the development phase, the course gives an overview of typical security-relevant programming bugs in both managed and native code. Attack methods are presented for the discussed vulnerabilities, along with associated mitigation techniques, all explained through a series of hands-on exercises that provide live hacking experiences for participants. An introduction to different security testing methods is followed by demonstrations of the effectiveness of various testing tools. Participants can understand how these tools operate through practical exercises, applying them to the vulnerable code previously discussed.

Participants attending this course will

Understand basic concepts of security, IT security and secure coding

Become familiar with the essential steps of the Microsoft Secure Development Lifecycle

Learn secure design and development practices

Learn about secure implementation principles

Understand security testing methodology

• Gain access to sources and further reading on secure coding practices

Audience

Developers, Managers

In this instructor-led, live course in New Zealand, participants will learn how to formulate the appropriate security strategy to address the DevOps security challenge.

The EC-Council Certified DevSecOps Engineer (ECDE) is a practical course designed to equip professionals with the skills needed to embed security throughout the DevOps lifecycle, enabling secure software development from initial planning through to deployment.

This instructor-led, live training (available online or on-site) is tailored for intermediate-level software and DevOps professionals who aim to integrate security practices into CI/CD pipelines, ensuring secure and compliant code delivery.

By the conclusion of this training, participants will be able to:

• Grasp the core principles and practices of DevSecOps.
• Secure each stage of the CI/CD pipeline using automated tools.
• Implement secure coding standards and conduct vulnerability scanning.
• Prepare for the ECDE certification through hands-on labs and review sessions.

Course Format

• Interactive lectures and group discussions.
• Practical application of DevSecOps tools within simulated pipelines.
• Guided exercises focused on secure development and deployment.

Course Customisation Options

• To request a customised training session for this course based on your team's workflows or toolchain, please contact us to make arrangements.

This instructor-led, live training in New Zealand introduces the fundamentals of Laravel and guides participants through building a Laravel-based web application.

This instructor-led, live training in New Zealand (available online or on-site) is designed for developers who wish to learn and apply Livewire to create modern, dynamic application interfaces.

By the end of this training, participants will be able to:

• Build and test Livewire components.
• Develop applications using the Livewire library.
• Create dynamic components within PHP.

This course in New Zealand aims to support the following: 

1. Help developers master secure coding techniques
2. Assist software testers in evaluating application security before deployment to the production environment
3. Enable software architects to understand the risks associated with applications
4. Support team leaders in establishing security baselines for developers
5. Aid web administrators in configuring servers to prevent misconfigurations

This course covers secure coding concepts and principles in Java through the Open Web Application Security Project (OWASP) methodology of testing. The Open Web Application Security Project is an online community that produces freely available articles, methodologies, documentation, tools, and technologies in the field of web application security.

This course covers secure coding concepts and principles using ASP.NET through the Open Web Application Security Project (OWASP) testing methodology. OWASP is an online community that produces freely available articles, methodologies, documentation, tools, and technologies in the field of web application security.

This course explores the .NET Framework security features and how to secure web applications.