Hit enter to search or ESC to close
Green Method
  • Company
    • About Green Method
    • Careers
  • Competency
    • Consulting
      • PCI DSS
      • Application Security
      • ISMS ISO
      • SIA, ISR and ADSIC
      • GDPR
      • Virtual CISO
    • Training
    • Testing
    • Staff Augmentation
    • Application Code Review
  • Solutions
    • Cyber Security Solutions
      • Veracode
      • Bitsight
      • Mimecast
      • Accellion
      • GoAnywhere
      • Heimdal
      • Sophos
      • Netskope
      • Ground Labs
      • EmailAuth
      • Human Firewall
      • Accops
      • Radware
  • Partners
  • Knowledge Center
    • Blogs
    • Downloads
    • Case Studies
    • News & Events
  • Contact Us

Green Method Enterprises is a division of Green Method Holdings, a strategic advisory firm into several niche areas like green technology, environmental risk management and strategizing business with environmental responsibility.

Quick Links

Company
Competency
Our Solutions
Partners
Knowledge Center
Contact Us

Headquarter – UAE

Green Method Enterprises FZC
SAIF Zone, PO Box 9618,
Sharjah, UAE
+971 (0) 6 5578 864
sales@greenmethod.net

.

Green Method
Technologies LLC
SIT Tower, Suite 2002
Dubai Silicon Oasis, Dubai, UAE
+971 (0) 4 329 0898
sales@greenmethod.net

© 2020 Green Method | All Rights Reserved

  • Company
    • About Green Method
    • Careers
  • Competency
    • Consulting
      • PCI DSS
      • Application Security
      • ISMS ISO
      • SIA, ISR and ADSIC
      • GDPR
      • Virtual CISO
    • Training
    • Testing
    • Staff Augmentation
    • Application Code Review
  • Solutions
    • Cyber Security Solutions
      • Veracode
      • Bitsight
      • Mimecast
      • Accellion
      • GoAnywhere
      • Heimdal
      • Sophos
      • Netskope
      • Ground Labs
      • EmailAuth
      • Human Firewall
      • Accops
      • Radware
  • Partners
  • Knowledge Center
    • Blogs
    • Downloads
    • Case Studies
    • News & Events
  • Contact Us

1. Overview

  • Understanding Mobile Platform Architecture
  • IOS Security Perspective
  • Android Security Perspective
  • Application Security Concepts and Overview
  • Typical Mobile Attacks and Case Studies
  • Developing Mobile Security Policy – In line with company security policy
  • Mobile App Security vs Web App Security
  • Mobile Stack – Security Perspective
  • Mobile Library – Security Perspective
  • Mobile Application Framework – Security Perspective
  • Mobile Application Layer – Security perspective
  • Developing Secure Mobile Apps

2. Authentication

  • Application Signing
  • File System Access – Security Perspective
  • Web Services Authentication
  • Session Management on Android
  • Authentication Best Practices
  • Authorization
  • Web Services Authentication
  • Session Management on Android
  • Authentication Best Practices

3. Encryption and Data Protection

  • Encryption Overview – Security Practices
  • Protecting Data at Rest
  • Protecting Data in transit
  • Web Services Encryption Best Practices
  • Message Authentication and Non-Repudiation
  • Data Privacy Issues and Concern

4. Secure Coding

  • Protecting against Web Services Attacks – SQL Injection, XSS
  • Protecting against File Inclusion Vulnerabilities
  • Error and Exception Management
  • API Level Security

5. Logging

  • Logging Practices – Device Logging
  • Centralized Logging Practices

6. BYOD and Device Administration

  • BYOD and Device Administration – Need and Overview
  • Device Admin API Coverage

7. Malware and Malware Prevention

  • Malware and Android
  • Malware – Typical Malware
  • Typical Malware Behavior and Characteristics
  • Credit card Skimmer example
  • Malware Prevention Practices for Apps

8. Certification Exam

C-MASP program contains hands-on interactive sessions. The trainees attending these two programs are therefore required to bring their laptops to these programs. At no point during the program would it be required for the laptop to be connected to the internet.

1. Introduction to Web Application Security

Understanding the need for Web Application Security and its challenges faced by modern enterprises, previous security incidents, high profile hacks, etc.

2. Basic Concepts of Information Security

Information Security Concepts that form the bedrock of the understanding of Web Application Security.

3. Significant Web Application Breaches

An exploration of significant attacks against web applications with a Real-life Case Study.

4. Risk Assessment and Threat Profiling Modeling

Unique Risk Assessment and Threat Profiling Modeling Technique for Web Application Security from CTO’s book “Secure Java for Web Application Development”.

  • Web Application Risk Assessment
  • Exploring methods to perform Risk Assessment for Web Applications

5. Compliance Requirements for web Application Security

Specific compliance requirements and their scope on Web Application Security.

6. OWASP Top 1

OWASP Top 10 Vulnerabilities, Testing Techniques, and Mitigation Techniques.

7. Integrating Security into Application

Integrating Security into the Application Development Lifecycle (Secure SDLC).

8. Secure Coding Guidelines

Preventing against common Web Application Vulnerabilities and Penetration Techniques.

9. Web Application Security for Specific Frameworks

  • Web Application Security for Specific Frameworks etc.
  • Web Application Threat Analysis and Threat Modeling.
  • Identifying Threat Models for Web Application and Integrating Security into the SDLC.
  • Hands-on Session
  • Hands-on Lab Session on major topics.
  • Certification Exam
  • C-WASP program contains hands-on interactive sessions. The trainees attending these two programs are therefore required to bring their laptops to these programs. At no point during the program would it be required for the laptop to be connected to the internet.

Agenda – Day 1

Session 1

  • The Payment Card Industry – Evolution
  • Card Anatomy – The Essentials
  • Security and the Payment Card Industry
  • PCI-DSS (Payment Card Industry – Data Security Standard) – Introduction
  • PCI Evolution – Initial to Current Version

Session 2

  • Scoping for PCI Compliance and its importance
  • Cardholder Data Flow and nuances
  • Compliance Overview
  • Compliance Validation
  • Segmentation

Agenda – Day 2

Session 1

  • Breaches – Instances and Root cause analysis
  • PCI Risk Assessment
  • How to protect Cardholder Data – Tools & Techniques
  • Logs, SIEM, SOC and incident management

Session 2

  • Internal Controls and Reporting
  • Impact of virtualization and cloud security
  • Mitigating third-party risk
  • Compliance maintenance
  • Your PCI Landscape – evolution, requirement, and challenges (Optional)
  • Certification Examination

1. Information Security An Overview

  • Defining Information Security and Risk
  • Understanding Threats, Vulnerabilities, and their Interplay
  • Understanding Security Risk in Depth
  • Workshop exercises and Case Studies

2. Information Security Compliance

  •  Importance of Risk Management for Compliance
  • Linking the Risk Treatment Plan to the
  • Compliance Framework Compliance Standards around the world – An Overview
  • The ISO-27001:2005 Standard and Implementation Framework
  • Success Factors – ISO-27001
  • Management Commitment to Security
  • Measurement of Effectiveness of Controls
  • Information Security Policies and Procedures
  • Security Management – Organization Structure

3. Incident Response and Incident Management

  •  Designing a Comprehensive and Proactive Incident Management Framework
  • Identifying Incidents
  • Performing Root Cause Analysis
  • Incident Response and Closure
  • Learnings from Incidents and Corrective Action
  • Workshop Exercises

4. Enterprise Risk Management Framework

  •  Risk Management Practices
  • Risk Assessment
  • Risk assessment methodology
  • Risk approaches
  • Threat Profiling
  • Threat Modeling
  • Calculating risk Authentication vs. Authorization
  • Data classification
  • Vulnerabilities
  • Defense-in-depth
  • Computer security policies
  • Policies, Procedures, and Working Guidelines
  • Workshop Exercise on Risk Assessment and Risk Management

5. Business Continuity and Disaster Recovery

  •  Policies and Procedures – Information Security
  • Roles and responsibilities
  • Contingency and Business continuity planning
  • Legal and regulatory requirements
  • Disaster recovery strategy and plan
  • Business impact analysis
  • Incident Reporting and Handling

1. Information Security Stories Involving

  • Password Strength, security, and so on – for general users
  • Protection against Phishing and other Social Engineering attacks – Stories of real-world incidents
  • Physical Security Practices
  • Generic Data Security Practices
  • Acceptable Usage Best Practices for an organization
  • Mobile Security Best Practices for general users
  • Incident Reporting and End-User Security Responsibility
  • Data Protection for Mobile Devices, Secondary Storage Devices, and so on.

2. Imprint of Compliance and Privacy Regulations on Data Security

  • US Data Protection and Privacy Regulations and their impact on Indian Companies
  • UK based Data Protection and Privacy Regulations and impact on Indian Companies
  • EU based Data Protection and Privacy Regulations and impact on Indian Companies
  • Data Protection and Privacy Regulations in the Middle East – KSA, UAE, and others

Part 2

INFORMATION SECURITY PARADIGMS

1. Network Security

  • Introduction to Networks – The OSI Model and TCP/IP Stack
  • IP Addressing and CIDR Block Information
  • Protocol Exploration – Perspectives of popular network protocols
  • Routers and Switches – Concept Focus
  • Firewalls – Concept Focus
  • Intrusion Detection and Prevention Systems
  • Network Security Documentation
  • Introduction to Network Change Control
  • Network Security Attacks today
  • Hands On Exercises

2. Host and OS Security 

  • Operating Systems – Organization
  • Windows
  • Unix/Linux Flavors
  • File System Organization
  • Specific Technology Areas – Windows and Unix
  • Operating System – Access Control (Technology and Frameworks)
  • Operating Systems Services Security
  • Operating System Cryptographic Concepts
  • Operating System – Logging and File Integrity Monitoring Practices
  • How to perform an effective Operating System Security Assessment
  • Hands On Exercises

3. Application Security

  • Web Application Security Challenges and Principles
  • Web Application Attacks and Defense Strategies:
  • Web Application Security Program Management
  • Designing Secure Web Application
  • Web Application Security Best Practices
  • Web Application Security Assessment
  • Hands On Exercises

Part 1

AN INTRODUCTION TO THE WORLD OF INFORMATION SECURITY

1. Evolution of Information Security

  • Evolution of IT – through the ages from Mainframe to Mobile Phone
  • Information Security through the ages
  • Popular hacks and attacks – Cap’n Crunch to enStage
  • Attack Techniques – An Evolution
  • Information Security – Current Day and Age
  • Challenges to Information Security today
  • Assignment – What do you think will be Enterprise Security Trends 5 Years from now?

2. Glimpses into Enterprise Security

  • Enterprise Security through the ages
  • Enterprise Security Dimensions and Paradigms
  • Defense-in-Depth and its application on Information Security
  • Case Studies in Enterprise Security
  • Assignment – Design a Defense-in-Depth Framework for a Small Company

3. Risk Management Essentials

  • Concepts of Risk and Risk Management
  • Risk Measurement and Impact Evaluation
  • Risk Assessment
  • Risk Assessment Concepts
  • Methodologies
  • Assignment: Perform a Risk Assessment for any company of your choice

Part 3

ENTERPRISE SECURITY TRACK

  • Enterprise Security Management – Overview and Principles
  • Overview of popular Information Security Standards and Frameworks
  • ISO-27001 Implementation Overview
  • PCI-DSS and Implementation Overview
  • Enterprise Policy and Procedure Management
  • Enterprise Vulnerability Management
  • Change Management and Change Control Principles
  • Business Continuity Management
  • Enterprise Incident Management
  • Modern Enterprise Security Challenges – Overview and Implementation Strategies