Faculty Development Program

We Help You Develop Faculty for Security Education

Technology changes and develops at a very fast pace. One of the unfortunate impacts of this rapid technology evolution is that we forget sometimes to look into the various security issues that are coming along with these new technologies. Untested technology, however advantageous, remains a vulnerable avenue for malicious users who take the opportunity to abuse its power.

The need of the hour is to think "from the attacker's perceptive" to understand how the attackers are able to successfully penetrate our networks and gain access to our systems. We can then design the controls around our information assets in such a way that security is "built by design" in them.

For this to happen, we must have a well-trained workforce ready to take on this huge cyber-security challenge. Our colleges and universities are addressing this by including subjects or even dedicated courses on information security. To further aid these efforts, we have designed a faculty development program that aims to bring the faculty in touch with the practical scenarios, case studies, and examples that can be missed out in the daily responsibilities of completing the mandated course curriculum.

This course puts forward the security concepts taking real time examples, practical hands on approach on how the "bad guys" infiltrate our system and also how do we implement defense strategies, incident response and countermeasures. The course greatly assists the institute’s faculty to gain a practical insight of the fundamental security concepts. Some of the key outcomes are also research ideas, projects, and lab setups.

Key Takeaways

  • Practical Hands-on exposure to penetration testing, incident response, forensics and countermeasures
  • Explanation of core security concepts via real-world case studies
  • Helps the faculties to evangelize their students about security concepts
  • Helps identify research ideas and project concepts that are linked to real world problems
Training Name Duration
Training Program #1: Emerging Threats & Countermeasures 3 Days
Training Program #2: Network Security & Penetration Testing 5 Days
Training Program #3: Application Security 3 Days
Training Program #4: Digital Forensics 5 Days

Training Program #1: Emerging Threats & Countermeasures

  • Introduction & Case Studies
  • Business Risks from Security Vulnerabilities
  • Security Testing Methodologies
  • Types of Attacks
  • Recent Security Incidents
  • Identify the security incidents
  • Why Compliance Policies are not enough
  • Emerging Malicious Codes & Trends
  • People – The Usual Entry Point to Corporate
  • Advanced Persistent Threats
    • RSA – Anatomy of Attack
    • Stuxnet
  • Enterprise Security Architecture
  • Enterprise Security Frameworks
  • From Web attacks to Operation “Enterprise Pwnage”
  • Latest Security Challenges
    • Security when all goes into Cloud
    • Mobile Security
    • Virtualization & Security considerations
  • Security Solutions
    • Security Information and Event Management (SIEM)
    • Data Loss/Leakage Prevention (DLP)
    • Web Application Firewalls (WAF)
    • Intrusion Detection/Prevention Systems (IDS/IPS)
    • Information Rights Management (IRM)
  • Knowing the target
    • Reconnaissance Principle
    • Fingerprinting & Footprinting
    • What Google knows about you and your firm
    • Social Engineering
    • Network Mapping
  • Server Side Attack
    • Breaking Crypto
    • Privilege Escalation
    • Password Cracking
    • Denial of Service
    • Remote Code Execution
    • Attacking Web Application
    • Proxy Based Attacks
  • Exploitation Frameworks
    • Introduction to Metasploit
    • Understanding
      • Vulnerabilities
      • Exploitation
      • Post Exploitation
    • Metasploiting the target
    • Owning the Enterprise
  • (in)security – An Overview
  • Threat Modeling – Objectives
  • Threat Modeling – Meaning and terminology
  • Hacker’s Interest Area
  • Threat Profiling
  • Practical Considerations
  • Security in Design
  • Security in Depth
  • Security in Defaults
  • Concept of Least Privilege
  • Minimize Attack Surface
  • Preventive & Detective controls
  • Hacked – Now What?
  • Digital Forensics

Training Program #2: Network Security & Penetration Testing

  • Understanding the Internet Language
  • TCP/IP Model and Myths
  • Common Protocols involved
  • Knowing Hackers System – Backtrack
  • Wireshark
  • Packet Crafting
  • Knowing the target
    • Network Cartography
    • Port Scanning Concepts
    • “Nmap”ing the network
    • Challenges in real world scanning
    • Firewall Evasion Techniques
    • Advanced Network Discovery using Nmap
  • Manual Discovery
  • Using Automated Scanners
  • Protocols Bugs - ARP
  • Issues with Common Service
  • Testing VPN
  • Metasploiting the target
    • Understanding Modules
    • Knowing the Payloads
  • Insecurities in Wireless
  • Wi-Fi Security Myths – Hidden SSID, MAC filtering
  • Concept on EvilTwin
  • Security Issues in WEP
  • Understanding issues with RC4 Algorithm Implementation
  • WPA/WPA2 Security
  • Problems WPS
  • Security in design
  • Architecture Review
  • Concept of DMZ and VLAN
  • Device Auditing
  • Configuration Review
  • Firewall Auditing
  • Rule Based Auditing
  • Network Security Audit in ISMS Point of View
  • Threat Detective & Preventive Controls
  • Intrusion Analysis
  • Log Management
  • Administrative Control

Training Program #3: Application Security

  • Web Application Security Overview
  • Business Risk from Application Threats
  • Functional v/s Security Testing
  • OWASP Top 10 Introduction
  • Threat Modelling Objective
  • Terminologies Used
  • Threat Profiling
  • Practical Consideration
  • Case Study
  • Understanding the vulnerability
  • Discovering the vulnerability
  • Attacking the issue
  • Impact Analysis
  • Countermeasures
    • A1: Injection
    • A2: Cross-Site Scripting (XSS)
    • A3: Broken Authentication and Session Management
    • A4: Insecure Direct Object References
    • A5: Cross-Site Request Forgery (CSRF)
    • A6: Security Misconfiguration
    • A7: Insecure Cryptographic Storage
    • A8: Failure to Restrict URL Access
    • A9: Insufficient Transport Layer Protection
    • A10: Unvalidated Redirects and Forwards
  • OWASP Top 10 2010 v/s 2013
  • Proxy Based Attacks
  • Abuse of functionality
  • Denial of Service
  • Server Vulnerabilities
  • Authentication & Authorization Issues
  • From File Inclusion to Remote Code Execution
  • API/CMS Based Vulnerabilities
  • Diving from WEB to LAN
  • Business Logic Testing
  • Flash Based Attacks
  • iFrame Attacks
  • Web Application Scanners
  • Profiling the Scans
  • Interpreting Scanner Reports
  • Open source Tools and Testing Methodologies
  • Common Mistake in Developments
  • Security Best Practices
  • Security in Java Technologies
  • Security .Net Technologies
  • Security PHP Technologies
  • Code Review Techniques
  • OWASP Development Guide
  • OWASP Testing Guide
  • OWASP Code Review
  • Developer v/s InfoSec Team
  • Why SCA
  • SCA during SDLC
  • Languages and Framework Supported
  • Vulnerability Checks
  • Integration in the Software Development Process
  • Report Reading
  • Identification of False Positive
  • Getting ROI of an SCA

Training Program #4: Digital Forensics

  • Introduction to Forensics
  • History of Forensics
  • Computer – Facilitated Crimes
  • Computer Forensics: Rules , Procedures and Legal
  • Setting up a forensic lab
  • Operations performed in the lab
  • Services provided in computer forensics
  • Elements of facilities
  • Necessary considerations
  • Essential forensic tools
  • Where and when to do forensics
  • Accessing the case
  • Preservation of evidence
  • Collection of evidence
  • Examination of evidence
  • Analysis of evidence
  • Legal issues in forensics
  • Introduction
  • How investigation starts
  • Role of evidence
  • Investigation Methods
  • Securing Evidence
  • Investigating company policy
  • Documentation and reporting
  • Introduction to Imaging
  • Importance of Imaging
  • Hash algorithms
  • Integrity of the evidence
  • FTK Imaging
  • Encase Imaging
  • Helix Imaging
  • Win hex Imaging
  • Write Blockers
  • Introduction to analysis
  • Configuring the tool
  • Analysis using FTK
  • Analysis using Encase
  • Recovering files
  • Bookmarking evidence
  • Keyword searching
  • Password cracking
  • Email analysis
  • Reporting
  • Introduction
  • Analysis on steganography
  • Tools for steganography
  • Introduction
  • E-mail crimes and violation
  • Investigating email crimes and violations
  • Tracing an email
  • Dos Attacks
  • SQL injection
  • Web defacement
  • Shell / backdoors
  • Challenges faced during investigation
  • IPS / IDS
  • Snorting
  • Gathering logs
  • Investigating logs
  • Investigating wireless access point
  • Auditing
  • Introduction
  • Components of mobile forensics
  • Investigative methods
  • Blackberry forensics
  • Android forensics
  • iPhone Forensics
  • iPod Forensics
  • Introduction
  • Report Samples
  • Report writing skills
  • Common mistakes in report
  • Report submission
  • Corporate Espionage
  • Trademark and Copyright
  • Child pornography
  • Sexual harassment
  • Source Code theft
  • Insurance industry fraud
  • Introduction
  • Role of expert witness
  • Testifying as expert witness
  • Litigation support

Ethical Hacking Training

This course goes deep down into depths of networking, systems, web applications, actual exploitation & helps beginners to take their confident first step towards information security field.

  • 6 Weeks Comprehensive Training
  • Built by Experienced Professionals
  • Regularly update on tools, techniques in course content