Automotive Security
Client and Desktop Applications
Hardware Security
Industry Standards
Internet of Things (IoT)
Just-In-Time Developer Training
Mainframe Applications
Mobile Applications
Operational & Deployment Security
Regulatory and Compliance
Web Applications and Services
Automotive Security
Automotive Security
- Automotive Security: United Nations Economic Commission for Europe [UNECE] World Forum for Harmonization of Vehicle Regulations (WP.29) Regulation 155 (R155) for Cyber Security Management System (CSMS), ISO 21434 & ISA 62443-4-2 – Automotive Cybersecurity
- Connected cars communication protocols, secure update, privacy, access control, and encryption requirements.
Client and Desktop Applications
Client and Desktop Applications
- .NET 6
- C/C++ (POSIX and Microsoft)
Hardware Security
Hardware Security
- Hardware, firmware, and embedded device controls
- Hardware problems based on CWE 4.3 weaknesses
Industry Standards
Industry Standards
- ASD-STIG 5
- ASVS 4.0
- CWE TOP 25, 2022
- CWE 4.3
- CWE/SANS Top 25, 2020
- CVSS 3
- MDS2-2013
- OWASP Top 10 2017
- OWASP API Top 10, 2019
- NIST 800-53r4 (Granular Mandates)
- NIST 800-53r5
- NIST 800-82 Industrial Control Systems
- NIST 800-95 Web Services
- NIST 800-147/800-155 BIOS/FW
- NIST 800-171 Non Federal Systems
- U.S. Federal Government: Control Correlation Identifier (CCI)
Internet of Things (IoT)
Internet of Things (IoT)
- Authentication and Access Control
- Availability and Systems DoS Protection
- Communication Protocols:
- AMQP, HyperCat, MQTT, Pub/Sub, Thread, XMPP, ZigBee
- RFID Solutions
Just-In-Time Developer Training
Just-In-Time Developer Training
- Appsec Fundamentals
- CCPA for Software Development
- Continuous Compliance
- Defending .NET
- Defending Android
- Defending ASP.NET Core in C#
- Defending C
- Defending Cloud-based Application
- Defending Databases
- Defending Django
- Defending HTML5
- Defending iOS
- Defending Java
- Defending JSP
- Defending Node.js
- Defending PHP
- Defending Python
- Defending Web APIs
- Defending Web Apps
- GDPR for Developers
- Microservices
- Mobile Security Fundamentals
- OpSec Fundamentals
- OWASP Top 10 2017
- PCI-DSS Compliance
- PCI Secure Software Lifecycle
Mainframe Applications
Mainframe Applications
- COBOL
- Secure Development Guidelines
Mobile Applications
Mobile Applications
- Android Framework (Java and Kotlin)
- Flutter / Dart
- iOS Framework (Objective-C and Swift)
- OWASP Mobile ASVS
Operational & Deployment Security
Operational & Deployment Security
- Amazon Web Services (AWS)
- Apache HTTP Server
- Apache Tomcat Server
- AWS API Gateway
- AWS Cognito
- AWS Kinesis Data Firehose and Data Streams
- AWS Lambda
- AWS WAF
- AWS SQS and AWS RDS
- Azure AKS
- Docker
- Google Cloud Platform
- Infrastructure as Code (IaC): Ansible
- Kubernetes
- Microservices Infrastructure
- Microsoft Azure
- Microsoft IIS Server
- Microsoft SQL Server
- MySQL
- OpenShift
- Oracle database
Regulatory and Compliance
Regulatory and Compliance
Privacy Related:
- Anti-Spam Guidelines/CASL
- Brazilian LGPD
- California Consumer Privacy Act (CCPA) and California Privacy Right Act (CPRA) (California Civil Code)
- California Online Privacy Protection Act (CalOPPA)
- CNIL Cookie Guidelines
- COPPA
- EU Privacy and Cookie Laws
- GAPP
- GDPR (&/UK)
- New York Shield Act (S5575B)
- NIST 800-53 Privacy Controls
- PIPEDA/ECPA/CAN-SPAM
Web Applications and Services
Web Applications and Services
- Angular
- Apache Wicket, Hibernate
- Apex for Force.com
- C#/ASP.net (.NET 6, WCF and Core 3)
- Django (Python)
- ESAPI, Struts, Spring,
- GoLang
- HTML5 and CSP
- Java Libraries and Frameworks:
- Java SE / EE
- Javascript
- JSP, Servlets
- NGINX
- Node.js
- NoSQL / SQL
- OAuth and OIDC
- PHP
- Python
- Ruby on Rails
- SOAP / REST
- TypeScript
- Web servers: Apache and IIS
- XML and YAML Security