Embedded/IoT Training
No matter how complicated the design, how detailed is the encryption protocol or how well thought are the security mechanisms - your products are still at risk.
Thinking of security is not enough. A simple mistakes made unknowingly by an untrained developer could make your products vulnerable to a hacker, skipping over your firewall, cryptographic signatures and everything else.
To create a truly secure system, it is necessary not only to plan in correctly, but to implement it in a secure way. We at Imperium Security are experts of embedded security vulnerabilities research, and our experience tells this: 100% of perfect architecture designs, fail though to implementation mistakes.
Meeting with IoT/embedded developers all over the world we marked patterns of coding security mistakes. Joining them together into a unique workshop for embedded secure coding. Our workshop is built out of three separate training sessions, giving your developers the tools to minimize cyber threats. We built all of our training together with world class experts of IoT security, whom are top rated trainers and lecturers of the IDF's military cyber training.
And remember - security related risks are reduced by 70% when investing in cyber security training. Help us help you eliminate cyber threats.
REDUCE THREATS BY 70%
Specially Built For Embedded/IoT Developers
BENEFITS
World Class Experts
Secure Developer Certificate
On Site Training
RESULTS
Developers Security Awareness
Reduce Mitigation Cost
Diminish Cyber Threats
Intro to Security
To create safe and secure code, it is important to understand the risks products face. This training will explain why security is important, what are vulnerabilities, and how does an hacker work when attacking a device/product.
Length: 0.5 Day
Prerequisites: None
Labs: None
Topics Include
-
Cyber Security Definitions (ISO27005)
-
Vulnerabilities Classification
-
Modern Threats
-
Modern Cyber Security
-
Famous Embedded Vulnerabilities
-
Hackers Workflow
C/C++ Secure Development
Every developer will create security vulnerabilities in his code, but most of them will be simple mistakes that could have been avoided. Lack of knowledge results in developers “leaving the door open” for hackers. This training will teach common and non-common programming mistakes that developers make, to help them gain the correct working method. It will explain how hackers take advantage of bugs to gain control of programs and devices. This is a must-have knowledge for every developer.
Length: 1.5 Days
Prerequisites: Knowledge in C/C++. “Intro to Security” training or equivalent.
Labs: Every topic discussed includes hands-on lab exercises
Topics Include
-
Embedded Memory Layout
-
Assembly Basics
-
Low Level Function Calls Procedure
-
Software Design Risks
-
Command Injections
-
State Machine Vulnerabilities
-
Secrets Management
-
Memory Corruption Threats
-
Stack Overflows
-
Heap Corruptions
-
DEP / ASLR
-
Integer Overflows
-
Encryption For Developers
-
TLS / SSL
IoT Security Specialty
The world of embedded and IoT creates unique security threats – from physical attacks on devices to securing connected communication. This training will explain special attacks that are relevant only for IoT devices, and will teach how to correctly implement important security based features like server communication, secure boot and disk encryption.
This training is passed by IoT and embedded security researchers, and is developed based on the many mistakes we have seen in products we found vulnerabilities in.
Length: 1 Day
Prerequisites: Knowledge in C/C++, Linux and embedded development. “Intro to Security” and “C/C++ Secure Development” training or equivalent.
Labs: Every topic discussed includes hands-on lab exercises
Topics Include
-
Physical Attacks
-
TOCTUO Vulnerabilities
-
JTAG & Debug Ports
-
Gliching
-
State Machine Vulnerabilities
-
Embedded Coding Standards (OWASP)
-
Embedded Lab - Securing Code
-
Embedded Security Features
-
Secure Boot
-
Remote Updates
-
Disk Encryption
-
Sever Communication
-
eSDLC Techniques
-
CI/CD
-
Library Control