IT security training for security testers, software developers, management and employees by our highly qualified security trainers.
Strengthen your organization’s security skills
Properly trained staff is the most effective security protection against all kinds of information and IT security threats. Oneconsult’s tried and tested IT security training is customized to the requirements of specific target groups, suited for red and blue teams, and led by our own experienced instructors. Penetration tests, standard-based security audits and IT forensics are our security trainers’ daily business.
For public IT security training courses targeted at individuals in Switzerland we use Digicomp’s training sites. Company trainings are held at client premises or in our headquarter in Thalwil (Zurich). For information on public training courses please take a look at the links in the respective course sections below.
For information on company security training courses please contact us directly.
- Hands-on, practical training
- Penetration tests and security audits are our instructors’ daily business
- Customized to target groups
- For individuals and companies
- Red and blue team training
- Highly qualified trainers
- Top ratings
We offer the following security trainings as both public and company trainings:
For specialists and people interested in IT security we offer ISECOM certification training courses (OPST, OPSE and OPSA) according to OSSTMM, which are ideal to raise your professional profile.
OSSTMM certified personnel are in demand around the world as the OSSTMM’s influence is growing as a standard for security audits and projects. The well-known German Federal Office for Information Security (BSI) and the US American National Security Agency (NSA) recommend the OSSTMM for technical audits.
These challenging certification trainings are provided worldwide in technical schools, colleges and universities, as well as through training partners, all certified by ISECOM to ensure consistency, quality and focus. For this reason, ISECOM can assure any organization on a certified person’s level of applied security testing knowledge and their exposure to the appropriate and ethical behavior outlined in the OSSTMM Rules of Engagement.
The following official certification courses are provided by OneConsult (the course title links lead to the original descriptions on ISECOM’s website):
The most popular OSSTMM-related security training. During this very practical course students get to know the fundamentals of the OSSTMM and its practical application from the perspective of a security tester. Various security testing tools are presented and used. It is an intense, broadening horizons course for security auditors, network engineers, system and network administrators, developers, network architects, security analysts, and truly anyone who works in IT from systems to networks.
Duration: 5 days (including exam)
Public training for individuals: Information and registration (Digicomp OPST)
The OPSE course is designed for professionals who dispose of little network and security know-how. It is a certification which proves that somebody has in-depth knowledge of the OSSTMM, i.e. how it works, what its aim is, why it is used and what its limits are. The course does not require any technical testing know-how.
Duration: 5 days (including exam)
Public training for individuals: Information and registration (Digicomp OPSE)
This course focuses on the specific security metrics of the OSSTMM. The participants learn how to analyze and interpret test results of security testers according to the OSSTMM in order to calculate for example the risk assessment value (rav) or to detect incorrect results. Thus, technical testing knowledge is a mandatory requirement to pass the exam. In addition, the project management basics of audit projects are introduced. The typical target group of this course consists of CISOs, auditors, compliance managers, CIOs, etc.
Duration: 5 days (including exam)
Public training for individuals: Information and registration (Digicomp OPSA)
All OSSTMM courses end with the optional certification exam (on the last day of the course), which is carried out live on the test systems of ISECOM.
The growing demand of our clients to conduct security scans more and more often with their own resources has led Oneconsult to offer employee training for security scans with the course «Practical Security Scanning».
«Practical Security Scanning» is an IT security training course in which participants familiarize themselves with tools, attack methods and ethical principles in order to conduct a security scan. Knowledge acquired in theoretical units will be deepened in practical exercises. The course focuses on hands-on testing, however also hardening measures will be covered.
- Network protocols
- Basics of security testing
- Ethics and methodology
- Approach and tools (e.g. Nessus, nmap, hping, netcat, tcpdump, Wireshark)
- Practical exercises
- Analysis and evaluation
Oneconsult recommends to carry out a security scan after the course in the company’s own network, whereby a security consultant of Oneconsult acts as a coach to the client’s employees sharing his long-term testing experience. At the end of the project employees will be able to conduct security scans of the systems in scope and to evaluate the results on their own.
Duration: 2 days
Public training for individuals: Information and registration (Digicomp PSO)
Studies indicate that more than 90% of all deployed web applications are affected by serious security bugs, even though effective countermeasures to mitigate attacks exist.
Our training course «Secure Web Development» is an IT security training for web developers and supports organizations in minimizing risks related to building and maintaining web applications. Programmers will get to know the latest web application attack methods from the perspective of application security.
- Threat scenarios
- Potential attacks
- OWASP Top 10
- Hands-on web hacking
- Secure software development
In theoretical units participants will learn about the various types of attacks on web applications (including databases and backend systems) and then carry them out themselves in practical exercises. Furthermore, students learn the basics of secure software development.
Duration: 2 days
Public training for individuals: Information and registration (Digicomp SWO)
The following special courses are only offered as company security trainings:
Incidents which may trigger forensic investigations are for example a hacker attack, malware infection, fraud or data theft. To prepare yourself and avoid the most common errors, we offer the IT forensics training.
- Basics of IT forensics
- Legal aspects
- Do’s and Dont’s
- Further steps
The IT forensics training is targeted towards members of the IT security team with some technical know-how and system administrators.
Duration: 2-3 days
Our security experts also offer customized IT security training courses or security presentations (with or without live hacking) adapted to meet your specific requirements. We also hold train-the-trainer courses so that your instructors may teach courses independently.
- Security awareness training or presentations for management, system administrators or the entire workforce
- Hands-on security tester training courses for system administrators in the real system environment of the client
- System hardening for system administrators
Oneconsult’s IT security training offering is much appreciated by our clients given the focus on practical relevance. Our highly qualified instructors and coaches work as security testers and security consultants every day. We have held dozens of courses always with very positive customer feedback.
For definitions of information and IT security terms please refer to our glossary.
The kick-off meeting is the initial meeting which marks the start of the IT security project and serves as a base to ensure that the audit is carried out successfully. In the kick-off meeting the project scope, schedule, organization and conditions, as well as the methodologies to be used will be discussed.
In a session hijacking attack an attacker takes over the session of a victim. The attacker then may access the data of the victim and issue commands in the victim’s name (also see session fixation).
Reflected Cross-Site Scripting (Reflected XSS)
Blind (Test Type)
IT security audits may be characterized according to the degree of information the testers and the administrators of the systems in scope have when the tests are carried out. The OSSTMM defines blind as the audit type where the testers do not have any knowledge about the systems to be tested prior to the audit, whereas the administrators of the tested systems are fully aware of the security audit.
Web applications often contain functions to read and write files. If these functions are buggy and an attacker can break out of the intended file directory this is called a "path traversal attack". Reading capabilities may allow an attacker to read critical data such as configuration files, passwords and databases. Write access may enable the creation or manipulation of web pages. In extreme cases system files could be overwritten.