Automotive Security
Client and Desktop Applications
Hardware Security
Industry Standards
Internet of Things (IoT)
Just-In-Time Developer Training
Mainframe Applications
Mobile Applications
Operational & Deployment Security
Regulatory and Compliance
Web Applications and Services
Automotive Security
Automotive Security
- Connected cars communication protocols, secure update, privacy, access control, and encryption requirements.
Client and Desktop Applications
Client and Desktop Applications
- .NET / C# (Core 3)
- C/C++ (POSIX and Microsoft)
Hardware Security
Hardware Security
- Hardware, firmware, and embedded device controls
- Hardware problems based on CWE 4.3 weaknesses
Industry Standards
Industry Standards
- ASD-STIG 5
- ASVS 4.0
- CWE 4.3
- CWE/SANS Top 25, 2020
- CVSS 3
- MDS2-2013
- OWASP Top 10 2017
- OWASP API Top 10, 2019
- NIST 800-53r4 (Granular Mandates)
- NIST 800-53r5
- NIST 800-82 Industrial Control Systems
- NIST 800-95 Web Services
- NIST 800-147/800-155 BIOS/FW
- NIST 800-171 Non Federal Systems
Internet of Things (IoT)
Internet of Things (IoT)
- Authentication and Access Control
- Availability and Systems DoS Protection
- Communication Protocols:
- AMQP, HyperCat, MQTT, Pub/Sub, Thread, XMPP, ZigBee
- RFID Solutions
Just-In-Time Developer Training
Just-In-Time Developer Training
- Appsec Fundamentals
- CCPA for Software Development
- Continuous Compliance
- Defending .NET
- Defending Android
- Defending ASP.NET Core in C#
- Defending C
- Defending Cloud-based Application
- Defending Databases
- Defending Django
- Defending HTML5
- Defending iOS
- Defending Java
- Defending JSP
- Defending Node.js
- Defending PHP
- Defending Python
- Defending Web APIs
- Defending Web Apps
- GDPR for Developers
- Microservices
- Mobile Security Fundamentals
- OpSec Fundamentals
- OWASP Top 10 2017
- PCI-DSS Compliance
- PCI Secure Software Lifecycle
Mainframe Applications
Mainframe Applications
- COBOL
- Secure Development Guidelines
Mobile Applications
Mobile Applications
- Android Framework (Java and Kotlin)
- Flutter / Dart
- iOS Framework (Objective-C and Swift)
- OWASP Mobile ASVS
Operational & Deployment Security
Operational & Deployment Security
- Amazon Web Services (AWS)
- Apache HTTP Server
- Apache Tomcat Server
- AWS Lambda
- AWS SQS and AWS RDS
- Docker
- Google Cloud Platform
- Kubernetes
- Microservices Infrastructure
- Microsoft Azure
- Microsoft IIS Server
- Microsoft SQL Server
- MySQL
- OpenShift
- Oracle database
Regulatory and Compliance
Regulatory and Compliance
- ANSSI/France Digital Signature and Encryption Requirements</li<
- ANSI/ISA/IEC 62443-3-3
- ANSI/ISA/IEC 62443-4-2
- ISASecure SSA 311
- ISASecure CSA 311
- Chinese Cybersecurity Law
- CSA Cloud Control Matrix (CCM) v3 & v4
- CNSSI 1253
- Cybersecurity Maturity Model Certification (CMMC)
- DIACAP
- European Banking Authority (EBA) Security of Internet Payments
- FedRAMP
- GLBA
- HIPAA
- ISO 27001:2013/SOX
- MAS-TRMG
- NIST Cybersecurity Framework
- NYDFS
- PCI-DSS 3.2
- PCI-SSF (Formerly PA-DSS 3.2)
- SOC2 (Based on AICPA TrustServices Criteria)
- Privacy Related:
- Anti-Spam Guidelines/CASL
- Brazilian LGPD
- California Consumer Privacy Act (CCPA) and California Privacy Right Act (CPRA) (California Civil Code)
- California Online Privacy Protection Act (CalOPPA)
- CNIL Cookie Guidelines
- COPPA
- EU Privacy and Cookie Laws
- GAPP
- GDPR (&/UK)
- New York Shield Act (S5575B)
- NIST 800-53 Privacy Controls
- PIPEDA/ECPA/CAN-SPAM
Web Applications and Services
Web Applications and Services
- Angular
- Apache Wicket, Hibernate
- Apex for Force.com
- C#/ASP.net (WCF and Core 3)
- Django (Python)
- ESAPI, Struts, Spring,
- GoLang
- HTML5 and CSP
- Java Libraries and Frameworks:
- Java SE / EE
- Javascript
- JSP, Servlets
- NGINX
- Node.js
- NoSQL / SQL
- OAuth and OIDC
- PHP
- Python
- Ruby on Rails
- SOAP / REST
- Web servers: Apache and IIS
- XML and YAML Security