Information security training services – Training for different levels of an organization

2NS’s experienced experts provide training sessions continuously for different levels of an organization. In training we focus on the concrete and often on a hacker’s perspective so participants learn how to protect themselves from attacks and vulnerabilities in their own target group.

Training is always delivered by a hands-on hacker in an engaging manner that is always suitable for the target group. Our experts have held over one hundred training sessions and we have received a lot of praise for them.

”The information security course on application programming provided by 2NS’s CSC software developers was an effective and rewarding package that took into account the wishes and premises. The competent trainers of 2NS were able to communicate their message to the participants well. I am very satisfied in the training”.

 

Urpo Kaila, Information security Director, CSC - IT Center for Science Ltd.

FOR COMPANIES, FINANCIAL INSTITUTIONS, PUBLIC ADMINISTRATION

We provide basic packages and training sessions customized to the precise needs of your organization. We deliver training sessions at a practice level where learning comes through realization.

 

  • Training of staff
  • Training of management
  • Training of IT management and organization
  • Training of software developers
FOR SOFTWARE COMPANIES

 

Training for software developers

Our training is based on experience gained through experience, not just theory. We organize training sessions on a practical level, in which learning comes through realization.

 

  • Information security training for software developers
  • Most common application vulnerabilities
  • Hands on, OWASP TOP 10
  • Information security training for administrators
  • Information security in software projects
  • Incident management
  • Information security training for project administrators
 
General areas of information security in software development

Examples of general areas of information security in software development include the following:

 

  • Consideration of OWASP Top 10 vulnerabilities
  • Planning of information security updates
  • Use of version management
  • Designing a method of authentication
  • Safe storage of passwords
  • Information security training of application developers
  • Differentiated environments and backing up environments
  • Recovery plan for systems
  • Risk analysis of an application
  • Information security requirements of an application
  • Continuity planning
  • Documentation of information security solutions
  • Quality requirements for passwords
  • Logs of errors and information security incidents
  • Planning the processing of errors
  • Planning the use of test data
  • Processing of updating an application
  • Use of general standards in architecture
  • Analysis of exterior interfaces
  • Use of secure planning models
  • Identifying surface area of an attack
  • Coverage of information security mechanisms
  • Protection of logs
  • Reviews of codes of security controls
  • Safe destruction of data
 
 
General areas of information security testing of a web application

General areas of information security testing include the following:

  • Input processing
  • Configuration
  • Session management
  • Processing of cache
  • Authentication
  • Authorization
  • Vulnerabilities of business logic
  • Request forgeries
  • Insecure direct references