SECURITY
TRAINING
Empower Your Team with Practical Product Security Training from AMD CyberSec
Our product security training is designed to be practical and comprehensive. We offer a variety of topics, including threat modelling, application security, risk assessment, and more. These topics can be customized based on the specific requests and needs of our customers. Our training program aims to equip individuals with the necessary knowledge and skills to effectively identify and mitigate security risks in their products. Whether you are a developer, a project manager, or a security professional, our training will provide you with valuable insights and practical tools that can be applied directly to your work. Join us and enhance your product security today.
Web & API Security
Our Web and API security classes teach software developers how to build secure web applications and APIs.
These classes may be offered in a variety of formats, such as in-person training, online courses, or self-paced tutorials, to cater to the different learning styles and preferences of attendees.
Techniques for ensuring that data entered by users is valid and properly encoded to prevent attacks such as SQL injection or cross-site scripting.
1. Input validation and output encoding:
2. Authentication and access control:
Best practices for implementing secure authentication and authorization mechanisms to control access to web applications and APIs.
Techniques for managing user sessions securely, including preventing session hijacking and protecting session data.
3. Session management:
4. Secure communication:
Best practices for securing communications between web applications and APIs, including using secure protocols such as HTTPS and implementing certificate pinning.
5. OWASP top 10 web application security risks:
Overview of the most common web application security vulnerabilities and best practices for mitigating them.
Techniques for testing web applications and APIs for security vulnerabilities, including manual and automated testing methods.
6. Web and API security testing:
DEVSECOPS
DevSecOps is an approach to software development that aims to integrate security practices into the software development and deployment process from the beginning. The goal of DevSecOps is to enable teams to build and deploy secure software faster and more frequently, while also reducing the risk of security vulnerabilities.
​
Our DevSecOps classes are designed to teach developers and other professionals about the principles and practices of integrating security into the software development process. These classes may cover topics such as:
1. Secure software development lifecycle:
Understanding the different phases of the software development process and how to incorporate security into each phase.
4. Compliance and regulations:
Understanding the various regulations and standards that organizations must comply with in order to protect their systems and data.
2. Security automation and tools:
Learning about tools and technologies that can be used to automate security testing and ensure that security best practices are being followed.
3. Security testing and validation:
Learning how to perform security testing and validation, including both manual and automated testing methods.
5. Incident response and risk management:
Learning about incident response and risk management, including how to respond to security incidents and how to mitigate risks to the organization’s systems and data.
6. Communication and collaboration:
Understanding the importance of effective communication and collaboration between development, security, and operations teams in order to ensure that security is effectively integrated into the software development process.
At AMDCYBERSEC We offer classes for web developers, architects, and other software development professionals who want to build secure web applications, web services, or mobile applications.
Secure Coding
AMBCYBERSEC Security provides secure coding classes that aim to educate developers about the significance of security in software development and equip them with the necessary skills and knowledge to write secure code. Our classes cover a diverse array of subjects, encompassing secure coding principles. These principles emphasize fundamental aspects like input validation, error handling, and password management. By enrolling in our courses, developers can enhance their understanding of secure coding and apply best practices to create robust and resilient software applications. We prioritize the importance of security in software development and are committed to empowering developers with the expertise needed to mitigate potential vulnerabilities and safeguard their code against cyber threats.
1. Secure coding practices:
This includes learning about specific coding practices that can help to prevent common vulnerabilities, such as SQL injection and cross-site scripting (XSS).
2. Secure coding standards:
This includes understanding industry-standard guidelines for secure coding, such as OWASP (Open Web Application Security Project) and CWE (Common Weakness Enumeration).
3. Secure development lifecycle:
This includes learning about the software development process and how security can be integrated into each phase, from requirements gathering to deployment.
4. Threat modeling:
This includes learning how to identify potential threats and vulnerabilities in a system and how to mitigate those risks.
5. Secure code review:
This includes learning how to review code for potential vulnerabilities and how to write secure code.
6. Secure coding tools:
This includes learning about tools that can help to detect and prevent vulnerabilities in code, such as static analysis tools and penetration testing tools.
At AMDCYBERSEC We offer classes for web developers, architects, and other software development professionals who want to build secure web applications, web services, or mobile applications.
Threat Modeling
Our Threat modeling classes are designed to help organizations identify and manage potential security threats by providing a structured and systematic approach to identifying and assessing potential risks. it covers the 4 golden questions but add custom methodology design around the product development lifecycle. it covers the basics of threat modeling, technical and tactics to identifying assets and threats and assessing risk, mitigate , monitoring and maintaining the risk:
​
Our classes are suitable for individuals who are responsible for security in their organizations, regardless of their technical background and it can be offered online or in-person, depending on your preference. If you are interested in attending one of our threat modeling classes, please contact us for more information.
1. Understanding the basics of threat modeling:
This includes learning the key concepts, terms, and techniques used in threat modeling, such as identifying assets and threats, assessing risk, and mitigating risk.
2. Identifying assets and threats:
This includes learning how to identify the assets that need to be protected and the potential threats that could compromise those assets.
3. Identifying vulnerabilities:
This includes learning how to identify vulnerabilities that could be exploited by threats, and how to conduct a thorough analysis of the system.
5. Mitigating risk:
This includes learning about the different mitigation strategies that can be used to reduce or eliminate identified threats, such as implementing security controls, implementing security best practices, or conducting additional testing.
6. Monitoring and maintaining:
This includes learning about how to monitor the system and maintain the security measures in place to ensure that new threats are identified and risks are managed on an ongoing basis.
7. Threat modelling with the FDA submission in mind:
4. Assessing risk:
This includes learning how to assess the risk associated with each threat, and how to prioritize which threats and vulnerabilities should be addressed first.
This will involve understanding the risk identified using dFMEA and performing patient impact analysis for each of the risk identified.