ETHICAL HACKING COURSE HANDS-ON HACKING BANKING EDITION COMPLIANT TO BCSP (BANKING CYBER SECURITY PROFESSIONAL) CERTIFICATION REQUIREMENTS 4 Days, In-Depth, Practical Hands-On Workshop will be conducted in a computer laboratory for Experienced IT Practitioners and IT Security Executives. For private courses, and upon customer request the course can be scheduled in a different way. Class size is limited to 15 delegates. Computers will be provided. Training benefits: This is an in-depth technical hands-on class that aims at imparting knowledge, techniques and processes for: • Testing the security of existing (live or UAT

stage) bank infrastrucutres • Developing web applications securely • Providing a neutral and non-vendor-centric

perspective to evaluate the proper web applications for purchase

• Developing a deep knowledge of the latest threats coming from hackers, carders, phishers and in general all the criminal cyber-criminal underground

• Examine threats and vulnerabilities. • Examine trivial and advanced techniques to

uncover vulnerabilities at different levels • Each concept has a corresponding hands-on

session with the assistance of the trainer • Detail the proper way to fix or avoid each

vulnerability • Provide general management guidelines as

well as deep technical explanations for technologies related to the banking sector

Training Overview This course is targeted at IT professionals who wish to delve deeply into the latest security threats and most advanced techniques used by malicious hackers and cyber criminals today to compromise bank infrastructures and business, with a special focus on server side attacks, client side attacks, networking, middleware, databases, banking applications. The course offers a set of live simulations and live labs featuring a variety of missions on proprietary targets. Who Should Attend? CIOs, CTOs, Architects/Directors/Managers of IT/IS/MIS/DP,IS/IT Planners, IT Strategists, Software Project Leaders, Integration Team Leaders and Database Administrators, IT professionals whose responsibilities include management, high-level design or enterprise business application implementation, e-Commerce and Application Development Senior Managers, Systems Architects

COURSE CONTENT DAY ONE: • Introduction • Bank fingerprinting: advanced network

mapping • Firewalling, IDS/IPS and access control • Vulnerabilities in Operating System, Web

servers and other typical banking services

• Vulnerabilities in a banking web application environment - URL poisoning - Basic and advanced SQL injection - Cross site request forgery - Cross site scripting

• Vulnerabilities at network level • COURSE CONTENT DAY THREE: • Wireless communication protocols:

characteristics and related banking problems: - WiFi - GSM/GPRS/UMTS - RFid - Bluetooth

• Handheld devices: pros and cons in a banking environment

• VOiP pros and cons • Certified mailing systems • Data security, cipher disks • Authentication systems:

- tokens - biometric - smart cards

COURSE CONTENT DAY TWO: • Latest development in:

- viruses - rootkits - trojans

• Man in the middle attacks - network based - at DNS level

• Forensic analysis - tools - procedures

• Incident response guidelines • Security policies • Denial of service attacks

- different forms - mitigative countermeasures

COURSE CONTENT DAY FOUR: • Different form of bank cyber-crimes

with real case studies - carding, phishing, different form of

scams - ID theft (client and bank side) - Client side attacks

• Typical structures of criminal organizations involved in bank crimes

• The underground world of bank carders/phishers/scammers. Meeting the criminals at their own place and understanding the cyber-criminal role-playing and economy models.

• The role of the social engineering in the bank cyber-crimes

• Physical security • Industrial espionage • Auto competitive intelligence • understanding the dynamics between

ISPs, CERTs and cyber police forces

  THE COURSE INCLUDES A REALISTIC VIRTUAL BANKING ENVIRONMENT ON WHICH THE STUDENTS WILL PRACTICE THE HACKING TECHNIQUES AND TOPICS COVERED BY THE SEMINAR AND IS COMPLIANT TO SECURITYLAB BANKING CYBER SECURITY PROFESSIONAL CERTIFICATION REQUIREMENTS (BCSP)