If you don't actively attack risks, they will actively attack you. This piece of wisdom should be our guidance towards security. Security is never comprehensive but can be vastly improved with risk-oriented testing with an optimized mix of test strategies and suitable tools. Risk-oriented security with dedicated test methods and appropriate tools is the call of the day. Security test must start with static code analysis, proceed with unit test and further advance with dedicated methods such as fuzzing and robustness tests up to the level of penetration testing (PenTest). This workshop will briefly introduce to risk-oriented security engineering and then dive into appropriate test methods and tools.
Like all verification and validation methods, cybersecurity testing needs deep experience and competence to select the best methods, determine test end criteria and a lean yet effective regression strategy capable for continuous integration and deliveries. Often we see companies that test components and their interfaces, while overlooking security threats in networking and services. For that matter we have enriched the article with hands-on experiences from our security consulting projects. Participants are invited to actively engage with their questions.
Additional bonus: The widely used assessment tool COMPASS is introduced. You will receive a demo version with full functionality for your own entries. Further, there will be case studies using the Vector Grey-Box PenTest methodology.
Motivation: Connectivity and convergence
Risk-oriented cybersecurity engineering
Optimizing security testing methods: From static analysis to PenTesting
Cost versus benefit: How to optimize security testing along the life-cycle
Making penetration test effective: From black box to grey box
Which tools and methods for which purpose
Future Outlook, Discussion and Conclusion
"Outstanding level of expertise in cybersecurity."
- Michael Prantke, Panasonic
Do you want to adapt this training to your own examples and challenges? Looking for a workout that delivers practical exercises adjusted to your environment? Then, we suggest that you have this training conducted in-house, where you can decide on focus, speed and the training schedule. We also offer dedicated crash courses for employees and management.
Engineers in product development, system and software engineers, security and safety engineers and managers, architects, engineering managers, project managers, purchasing, quality managers.
About our trainers
Youssef Rekik is a consultant and software developer at Vector Consulting Services. He is heavily involved in the development of security applications for smart connected embedded devices with focus on network security and communication technologies.
Prof. Dr. Christof Ebert is Managing Director of Vector Consulting Services GmbH. He supports companies worldwide in improving their product development and product strategy as well as in change management. He sits on various supervisory boards, is a professor at the University of Stuttgart and the Sorbonne in Paris, and the author of several renowned books. Twitter: @ChristofEbert.
700 € plus VAT (duration: 1 day)
Admission price includes full documentation on paper and as PDF and also our Vector book on "Automotive Embedded Engineering" with lots of best practices, project experiences and state of the art technology. Naturally, all participants benefit from our rich coffee breaks and a quality lunch in our spectacular Vector restaurant. Each participant will receive a qualifying Vector certificate for this intensive training.
Get a 10% discount: - if you register more than 2 participants of your company - if you book at least 60 days in advance
Full-time students receive a discount of 70% (on presentation of a valid student card).