Training

Since we started Digital Interruption we’ve trained hundreds of people in security.

Training technical teams on security can save you both time and money. From secure coding to offensive hacking, our consultants deliver training to organisations, conferences and universities all over the world.

We’ve detailed some of out courses and workshop below. These are based on a framework so can be a short overview or a longer course. If there’s a subject that you’re interested in but you don’t see below, get in touch. If we offer it as a service, we can train it.

Web Application Security

If you’re looking at developing secure web applications, the right training course can make all the difference.

By taking a general approach to security, this course teaches not only how specific vulnerabilities work (such as SQL Injection and Authentication Bypasses), but how to understand the wider classes of bugs. This will allow you to keep breaking and exploiting software even as the technology changes.

We’re not just theoretical. We use real word examples gained from 1000s of hours of penetration testing experience as well as a lab environment with vulnerable applications so attendees can practice what they’re learning.

This course is for anyone that is interested in web application security – from would be penetration tester to software developers and testers looking to understand how real attacks occur.

Mobile Application Security

We train in both Android and iOS demonstrating how vulnerabilities specific to mobile application can be exploited and abused by attackers.

With our training you’ll be able to run your own test cases to test that your mobile applications are safe from attack scenarios such as lost or stolen devices, malware or attackers on the same network or attackers using the app to learn about your environment.

We’ll show you how specific vulnerabilities can be secured, whilst embedding the good security practices that are key to the different ways mobile and web applications operate. Like our Web application security training, this course is for anyone that is interested in mobile application security.

Secure Coding

Code review is an effective technique for identifying security flaws. It can be used alongside automated and manual security testing and in some cases as a stand alone technique to ensure the security of your applications.

As former developers, our technical consultants have many years experience in reviewing source code and looking for vulnerabilites in C and C++ applications. They have translated this experience in to practical training to the development of code that is secure right form the start.

This training is aimed at C and C++ developers who want to embed security in to their development process, demonstrating security by design and instilling good security practice in to their code.

Offensive Hacking

Spending time with our ethical hackers means you can and learn how attackers work. In a safe offline environment, we will show you how hacking works in the wild.

Focusing on skills such as reconnaissance, scanning, gaining and maintaining access, and remaining stealthy this training is aimed at the next generation of security professionals.

We’ll take you through all the steps we use to penetrate organisations, using modern and up date tools and techniques used by real world adversaries.

This training is aimed at people with a strong technical background that want to build security in to their skill set and will require a level of self study.

Threat Modelling

There are many ways to protect a companies assets; many are expensive and require outside help or vendor solutions. But any company can start to think securely and take steps to embed security though simple but effective exercises.

Threat modelling helps us to identify, communicate, and understand threats and mitigations within the context of protecting our assets.

It can be applied to anything we need to protect, including software, networks and business processes. By learning to think like an attacker, anyone can do this and doesn’t require a technical background.

Threat modelling can be done at any stage of development, but it’s better to start early in the development lifecycle so that the findings can inform the design.

In the half day workshop we will demonstrate how to use the STRIDE model to classify potential threats and use gamification to model a system of your choosing. This can be one of your own existing applications or a dummy.

In the full day workshop we will add in security requirements and Abuse Cases, a more detailed look at potential treats through the use of attack trees, and help you understand how to integrate modelling, mitigation and validation into your companies processes.