Embedded/IoT Training

No matter how complicated the design, how detailed is the encryption protocol or how well thought are the security mechanisms - your products are still at risk. 

Thinking of security is not enough. A simple mistakes made unknowingly by an untrained developer could make your products vulnerable to a hacker, skipping over your firewall, cryptographic signatures and everything else. 

To create a truly secure system, it is necessary not only to plan in correctly, but to implement it in a secure way. We at Imperium Security are experts of embedded security vulnerabilities research, and our experience tells this: 100% of perfect architecture designs, fail though to implementation mistakes.

Meeting with IoT/embedded developers all over the world we marked patterns of coding security mistakes. Joining them together into a unique workshop for embedded secure coding. Our workshop is built out of three separate training sessions, giving your developers the tools to minimize cyber threats. We built all of our training together with world class experts of IoT security, whom are top rated trainers and lecturers of the IDF's military cyber training.

 

And remember - security related risks are reduced by 70% when investing in cyber security training. Help us help you eliminate cyber threats.

 

REDUCE THREATS BY 70% 

Specially Built For Embedded/IoT Developers

BENEFITS

World Class Experts
Secure Developer Certificate
On Site Training

RESULTS

Developers Security Awareness

Reduce Mitigation Cost

Diminish Cyber Threats

Intro to Security

To create safe and secure code, it is important to understand the risks products face. This training will explain why security is important, what are vulnerabilities, and how does an hacker work when attacking a device/product.

Length: 0.5 Day

Prerequisites: None

Labs: None

Topics Include

  •  Cyber Security Definitions (ISO27005) 

  • Vulnerabilities Classification 

  • Modern Threats

  •  Modern Cyber Security 

  • Famous Embedded Vulnerabilities 

  • Hackers Workflow

 

C/C++ Secure Development

Every developer will create security vulnerabilities in his code, but most of them will be simple mistakes that could have been avoided. Lack of knowledge results in developers “leaving the door open” for hackers. This training will teach common and non-common programming mistakes that developers make, to help them gain the correct working method. It will explain how hackers take advantage of bugs to gain control of programs and devices. This is a must-have knowledge for every developer.

Length: 1.5 Days

Prerequisites: Knowledge in C/C++. “Intro to Security” training or equivalent.

Labs: Every topic discussed includes hands-on lab exercises

Topics Include

  •  Embedded Memory Layout

  • Assembly Basics

  • Low Level Function Calls Procedure 

  • Software Design Risks

  • Command Injections

  • State Machine Vulnerabilities

  • Secrets Management

  •  Memory Corruption Threats

  • Stack Overflows

  • Heap Corruptions

  • DEP / ASLR

  • Integer Overflows

  • Encryption For Developers

  • TLS / SSL

 
 

IoT Security Specialty 

The world of embedded and IoT creates unique security threats – from physical attacks on devices to securing connected communication. This training will explain special attacks that are relevant only for IoT devices, and will teach how to correctly implement important security based features like server communication, secure boot and disk encryption.

This training is passed by IoT and embedded security researchers, and is developed based on the many mistakes we have seen in products we found vulnerabilities in.

Length: 1 Day

Prerequisites: Knowledge in C/C++, Linux and embedded development. “Intro to Security” and “C/C++ Secure Development” training or equivalent.

Labs: Every topic discussed includes hands-on lab exercises

Topics Include

  •  Physical Attacks 

  • TOCTUO Vulnerabilities

  • JTAG & Debug Ports

  • Gliching

  • State Machine Vulnerabilities

  • Embedded Coding Standards (OWASP)

  • Embedded Lab - Securing Code 

  •  Embedded Security Features

  • Secure Boot

  • Remote Updates

  • Disk Encryption

  • Sever Communication 

  • eSDLC Techniques 

  • CI/CD

  • Library Control

 
Get The Full Schedule 

©2019 by Imperium Security.