IT security training for security testers, software developers, management and employees by our highly qualified security trainers.
Strengthen your organization’s security skills
Properly trained staff is the most effective security protection against all kinds of information and IT security threats. Oneconsult’s tried and tested IT security training is customized to the requirements of specific target groups, suited for red and blue teams, and led by our own experienced instructors. Penetration tests, standard-based security audits and IT forensics are our security trainers’ daily business.
For public IT security training courses targeted at individuals in Switzerland we use Digicomp’s training sites. Company trainings are held at client premises or in our headquarter in Thalwil (Zurich). For information on public training courses please take a look at the links in the respective course sections below.
For information on company security training courses please contact us directly.
- Hands-on, practical training
- Penetration tests and security audits are our instructors’ daily business
- Customized to target groups
- For individuals and companies
- Red and blue team training
- Highly qualified trainers
- Top ratings
We offer the following security trainings as both public and company trainings:
For specialists and people interested in IT security we offer ISECOM certification training courses (OPST, OPSE and OPSA) according to OSSTMM, which are ideal to raise your professional profile.
OSSTMM certified personnel are in demand around the world as the OSSTMM’s influence is growing as a standard for security audits and projects. The well-known German Federal Office for Information Security (BSI) and the US American National Security Agency (NSA) recommend the OSSTMM for technical audits.
These challenging certification trainings are provided worldwide in technical schools, colleges and universities, as well as through training partners, all certified by ISECOM to ensure consistency, quality and focus. For this reason, ISECOM can assure any organization on a certified person’s level of applied security testing knowledge and their exposure to the appropriate and ethical behavior outlined in the OSSTMM Rules of Engagement.
The following official certification courses are provided by OneConsult (the course title links lead to the original descriptions on ISECOM’s website):
The most popular OSSTMM-related security training. During this very practical course students get to know the fundamentals of the OSSTMM and its practical application from the perspective of a security tester. Various security testing tools are presented and used. It is an intense, broadening horizons course for security auditors, network engineers, system and network administrators, developers, network architects, security analysts, and truly anyone who works in IT from systems to networks.
Duration: 5 days (including exam)
Public training for individuals: Information and registration (Digicomp OPST)
The OPSE course is designed for professionals who dispose of little network and security know-how. It is a certification which proves that somebody has in-depth knowledge of the OSSTMM, i.e. how it works, what its aim is, why it is used and what its limits are. The course does not require any technical testing know-how.
Duration: 5 days (including exam)
Public training for individuals: Information and registration (Digicomp OPSE)
This course focuses on the specific security metrics of the OSSTMM. The participants learn how to analyze and interpret test results of security testers according to the OSSTMM in order to calculate for example the risk assessment value (rav) or to detect incorrect results. Thus, technical testing knowledge is a mandatory requirement to pass the exam. In addition, the project management basics of audit projects are introduced. The typical target group of this course consists of CISOs, auditors, compliance managers, CIOs, etc.
Duration: 5 days (including exam)
Public training for individuals: Information and registration (Digicomp OPSA)
All OSSTMM courses end with the optional certification exam (on the last day of the course), which is carried out live on the test systems of ISECOM.
The growing demand of our clients to conduct security scans more and more often with their own resources has led Oneconsult to offer employee training for security scans with the course «Practical Security Scanning».
«Practical Security Scanning» is an IT security training course in which participants familiarize themselves with tools, attack methods and ethical principles in order to conduct a security scan. Knowledge acquired in theoretical units will be deepened in practical exercises. The course focuses on hands-on testing, however also hardening measures will be covered.
- Network protocols
- Basics of security testing
- Ethics and methodology
- Approach and tools (e.g. Nessus, nmap, hping, netcat, tcpdump, Wireshark)
- Practical exercises
- Analysis and evaluation
Oneconsult recommends to carry out a security scan after the course in the company’s own network, whereby a security consultant of Oneconsult acts as a coach to the client’s employees sharing his long-term testing experience. At the end of the project employees will be able to conduct security scans of the systems in scope and to evaluate the results on their own.
Duration: 2 days
Public training for individuals: Information and registration (Digicomp PSO)
Studies indicate that more than 90% of all deployed web applications are affected by serious security bugs, even though effective countermeasures to mitigate attacks exist.
Our training course «Secure Web Development» is an IT security training for web developers and supports organizations in minimizing risks related to building and maintaining web applications. Programmers will get to know the latest web application attack methods from the perspective of application security.
- Threat scenarios
- Potential attacks
- OWASP Top 10
- Hands-on web hacking
- Secure software development
In theoretical units participants will learn about the various types of attacks on web applications (including databases and backend systems) and then carry them out themselves in practical exercises. Furthermore, students learn the basics of secure software development.
Duration: 2 days
Public training for individuals: Information and registration (Digicomp SWO)
The following special courses are only offered as company security trainings:
Incidents which may trigger forensic investigations are for example a hacker attack, malware infection, fraud or data theft. To prepare yourself and avoid the most common errors, we offer the IT forensics training.
- Basics of IT forensics
- Legal aspects
- Do’s and Dont’s
- Further steps
The IT forensics training is targeted towards members of the IT security team with some technical know-how and system administrators.
Duration: 2-3 days
Our security experts also offer customized IT security training courses or security presentations (with or without live hacking) adapted to meet your specific requirements. We also hold train-the-trainer courses so that your instructors may teach courses independently.
- Security awareness training or presentations for management, system administrators or the entire workforce
- Hands-on security tester training courses for system administrators in the real system environment of the client
- System hardening for system administrators
Oneconsult’s IT security training offering is much appreciated by our clients given the focus on practical relevance. Our highly qualified instructors and coaches work as security testers and security consultants every day. We have held dozens of courses always with very positive customer feedback.
For definitions of information and IT security terms please refer to our glossary.
Advanced Mail Tests
With advanced mail tests the email infrastructure is reviewed in regard to the effectiveness of used filters such as antivirus, antispam as well as uncommon file extensions.
Firewall Rule Set Audit
An audit of the firewall rule set is an analysis of active and inactive firewall rules with the aim of identifying vulnerabilities and potential for improvement. The audit focuses, amongst others, on too broad, overlapping, insecure (e.g. using protocols such as telnet or FTP) and obsolete rules. In addition to this, firewall rule set processes (for example for the creation, modification and deletion of rules) may be reviewed.
Risk Assessment Value (RAV)
The RAV is a measurement for the attack surface of an environment as defined by the OSSTMM (Open Source Security Testing Methodology Manual). It is a scale which describes the security level at a certain point in time (actual security). A RAV of a 100 (also sometimes referred to as 100% RAV) reflects the perfect balance between protection and attack points. Anything less is too few controls and therefore a greater attack surface.
ISO 27001 is a standard of the International Organization for Standardization. It describes the requirements for an Information Security Management System (ISMS) and is comparable to other ISO management systems like ISO 9001 (quality management). ISO 27001 is the only standard of the ISO 2700X family for which a certification can be obtained. Annex A of the standard lists information security controls, which are further described in ISO 27002. ISO 27001 und ISO 27002 look at information security as a whole and do not only cover IT security, but also additional aspects such as physical security.