- In-house training: You benefit from having access to all of our experts and visiting our labs
- On-site training: You can select as many of your employees to attend the course as your premises allow, with no additional costs
Security Training Courses
Common Criteria course (2 days)
- Determine the steps to getting a product CC certified and creating the required CC documentation;
- Understand the impact of having your CC product certified on the development process and environment.
- CC history and relationship to other evaluation standards;
- The (hidden) structures of the CC standard;
The application of the CC standard in terms of:
- Steps & roles involved in CC evaluation and certification;
- Recognition of CC certificates and Assurance Levels;
- Different certification bodies and labs;
- Cost and effort involved in a CC evaluation.
- Requirements for specifying product functionality;
- Requirements for product documentation and development/production environment;
- Assurance Levels;
- Security Targets & Protection Profiles.
Host card emulation course (1 day)
- A general introduction to and explanation of Host Card Emulation;
- The characteristics of HCE solutions, with a strong focus on security of the mobile application;
- Common security aspects as well as known pitfalls and applicable attack vectors;
- White Box Crypto (WBC);
- Code Obfuscation Techniques;
- Trusted Execution Environments (TEE);
- Demo on penetration testing;
- Security requirements of different schemes, which are generally similar but differ in detail.
Payment terminal security course (2 days)
- Introduction to the PCI PTS security requirements, their purpose and how to apply them in practice (Core, SRED requirements, device management and open protocols);
- Payment terminal attack techniques and general mechanisms for protection;
- Attack potential calculation and how to determine device resistance (exercise);
- Key management and the impact on PCI PTS compliance;
- Side-channel analysis applied to payment terminals;
- Additional PCI PTS security programs;
- Details of the PCI PTS certification process.
Smart card security course (3 days)
- Evaluation methodologies and how to get assurance of protection against threats;
- Physical attacks;
- Perturbation security threats (power and light manipulation);
- Side-channel analysis;
- Demo on differential power analysis;
- Advanced side-channel attacks;
- Software: potential vulnerabilities;
- Software (choose: Java Card or exercise);
- Random number generators;
- Introduction to Host Card Emulation.