Penetration Testing & Network Auditing

The value of an independent, objective evaluation of security over private data cannot be underestimated. With a hypersensitive public that expects their information to be kept private, firms have an increasingly more demanding job keeping up with security let alone technology. The same can be said for having an expert Security Engineer oversee or implement your security program. Only an engineer that focuses on security can provide assurance that you are doing all that is appropriate to protect your confidential data.

IITAC’s network auditing and penetration testing services provide insights into as many application or operating system weaknesses as possible. IITAC offers two methods of auditing: passive network auditing (black box auditing) and aggressive penetration testing. Both approaches ensure that security is a core component, rather than an afterthought, of your infrastructure.

With IITAC’s network auditing and penetration testing services, you can be sure that your critical enterprise applications will maintain maximum uptime and integrity. IITAC audit services is proficient in testing applications across a wide range of organizations, including:

  • IT organizations deploying systems to manage sensitive information;
  • internal development teams rolling out custom-built, proprietary software;
  • and software development companies that want to test their own products.

The Audit - Not an Event but a Process: It must be kept in mind that as organizations evolve, their security structures will change as well. With this in mind, the computer security audit is not a one-time task, but a continual effort to improve data protection. The audit measures the organization’s security policy and provides an analysis of the effectiveness of that policy within the context of the organization’s structure, objectives and activities. The audit should build on previous audit efforts to help refine the policy and correct deficiencies that are discovered through the audit process. Whereas tools are an important part of the audit process, the audit is less about the use of the latest and greatest vulnerability assessment tool, and more about the use of organized, consistent, accurate, data collection and analysis to produce findings that can be measurably corrected.

One of our Security Experts will examine your network(s) thoroughly and document the security vulnerabilities. After the analysis, we will document and provide you with recommendations on how best to secure your network. We can even work with your team to fix each security issue. Our approach is simple. A checklist provides a step-by-step system for inspecting the security of your application. For each item on our checklist we detail:

  • Findings: Whether or not we found vulnerability in your infrastructure.
  • Reasons: The reason why this item is important to the security of your infrastructure.
  • Recommendations: Our recommendations describing what should be done to improve or correct your infrastructure.
  • Remediation: For an additional fee, IITAC can help you implement the recommendations

Benefits for the client

Security loopholes and potential weaknesses that are detected are immediately reported to the contact (if required), together with a proposed solution. This procedure is suitable for iterative network hardening.

We will not issue a “this network is secure” stamp, since no infrastructure is 100% secure. However, it is possible to configure a software product in such a way that the effort involved for a potential attacker is too great to justify the rewards. This is an approach that is also used in areas such as cryptography.

The client receives a comprehensive and substantial final report, including a list and assessment of the remaining risks and suggestions for appropriate countermeasures, thus enabling proactive risk management.

Application Protection Bootcamp + Certified Application Protection Professional (CAPP)


download flyer here!

The Application Protection Bootcamp and IITAC Certified Application Protection Professional™ (CAPP) provides with a high sophisticated training trail an ultimate way to show your proven excellence in the field of copy protection development, secure code development, Reverse Code Engineering and Binary Auditing in various IT security relevant knowledge domains to address the many challenges of software protection, copy protection and protectors.

Participants get trained with relevant standards, procedures, and methods of application protection, copy protection, packers, and Reverse Code Engineering and get trained with high practical background. With successful training and certification participants are able to fulfill optimized development of software systems, copy protections, or application protections. The certification is part of the training trail. The Certified Application Protection Professional™ (CAPP) qualification is aimed at people involved in advanced protection tasks. This includes people in roles such as protectionists, team leader, protection auditors, security testers or software developers. This professional level qualification is also appropriate for anyone who wants an advanced understanding of copy protection and binary auditing, such as students or security consultants.

Cognitive Debugging Bootcamp + IITAC Certified Cognitive Debugging Professional (CCDP)


download flyer here!

The IITAC Cognitive Debugging™ training and Certified Cognitive Debugging Professional™ provides with a high sophisticated training trail an ultimate way to show your proven excellence in the field of software development to address the many challenges of fighting bugs, flaws, software protection, malware, or exploitation. Software auditing in general is the process of discovering the technological principles of a device/object or system through analysis of its structure, function and operation. It often involves taking something apart and analyzing its workings in detail, usually with the intention to construct a new device or program. Software debugging is essentially science, using the scientific method. Software debugging of software can be accomplished by various methods. One method is analysis through observation of information exchange. This is especially good for reverse engineering of device drivers. Disassembly and debugging, meaning the raw machine language of the program is read and understood in its own terms, only with the aid of machine language mnemonics. This works on any computer program but can take quite some time, especially for someone not used to machine code. Decompilation, a process that tries, with varying result, to recreate the source code in some high level language for a program only available in machine code or byte code, enhanced the process.

Participants get trained with relevant standards, procedures, and methods of Cognitive Debugging™ and get trained with high practical background. With successful training and certification participants are able to fulfill extensive binary security analysis and binary auditing processes on software systems, copy protections, or malware. The certification is part of the training trail. The Certified Cognitive Debugging Professional™ qualification is aimed at people involved in advanced analysis tasks. This includes people in roles such as protectionists, malware analysts, exploit developers, security testers or software developers. This professional level qualification is also appropriate for anyone who wants an advanced understanding of Binary Auditing, such as students or security consultants.

Scientific Hacking Bootcamp + IITAC Certified Scientific Hacker (CSH)


download flyer here!

The IITAC Scientific Hacking™ Bootcamp and IITAC Certified Scientific Hacker™ (CSH) provides with a high sophisticated training trail an ultimate way to show your proven excellence in the field of IT security and in various IT security relevant knowledge domains to address the many challenges of protection, attack, or analysis.

Instead of using tools only you get trained to understand the true problem and not to rely on tool usage only!

Participants get certified with relevant standards, procedures, and methods of hacking. With certification participants show their proven knowledge in the fields of security analysis and hacking processes on IT systems and security environments. The IITAC Certified Scientific Hacker™ qualification is aimed at people involved in advanced IT security. This includes people in roles such as IT security consultants and managers, network administrators, protectionists, malware analysts, exploit developers, test engineers. This professional level qualification is also appropriate for anyone who wants an advanced understanding of hacking, such as students or management.

Your Job: Enterprise Sales Manager (East Europe)

Enterprise Sales Manager as Freelancer (Home Office)

This position is dependend on your country and is a home office position.

The area: Enterprise

The IITAC enterprise team brings IITAC training and certification to the corporate marketplace. The team works with the CEOs to provide key business training and certification and to improve a product’s vision. As well it provides comprehensive and responsive assistance to IITAC enterprise customers worldwide.

The enterprise team focuses on integrating IITAC services into small and large businesses, educational institutions and government agencies. Consisting of high-achieving training and engineering professionals, we work with a vast array of partners and customers to advance the company’s mission of increasing business qualification.

The role: Enterprise Sales Manager as Freelancer

The sales manager’s main role will be to generate and close sales of the services from IITAC. You will concentrate on selling IITAC bootcamps and certification. Your responsibilities are to generate, develop and close sales opportunities within your assigned territory.

Responsibilities:

Requirements:

Salary: A well defined high share on all sold services.

For immediate consideration, please send a text (ASCII), PDF, Word or HTML version of your resume in english to info@iitac.org. Important: the subject field of your email must include “Enterprise Sales Manager”.

To all recruitment agencies: IITAC does not accept agency resumes. Please do not forward resumes to our jobs alias, IITAC employees or any other company location. IITAC is not responsible for any fees related to unsolicited resumes.

Your Job: Enterprise Sales Manager (Southern America)

Enterprise Sales Manager as Freelancer (Home Office)

This position is dependend on your country and is a home office position.

The area: Enterprise

The IITAC enterprise team brings IITAC training and certification to the corporate marketplace. The team works with the CEOs to provide key business training and certification and to improve a product’s vision. As well it provides comprehensive and responsive assistance to IITAC enterprise customers worldwide.

The enterprise team focuses on integrating IITAC services into small and large businesses, educational institutions and government agencies. Consisting of high-achieving training and engineering professionals, we work with a vast array of partners and customers to advance the company’s mission of increasing business qualification.

The role: Enterprise Sales Manager as Freelancer

The sales manager’s main role will be to generate and close sales of the services from IITAC. You will concentrate on selling IITAC bootcamps and certification. Your responsibilities are to generate, develop and close sales opportunities within your assigned territory.

Responsibilities:

Requirements:

Salary: A well defined high share on all sold services.

For immediate consideration, please send a text (ASCII), PDF, Word or HTML version of your resume in english to info@iitac.org. Important: the subject field of your email must include “Enterprise Sales Manager”.

To all recruitment agencies: IITAC does not accept agency resumes. Please do not forward resumes to our jobs alias, IITAC employees or any other company location. IITAC is not responsible for any fees related to unsolicited resumes.

Your Job: Enterprise Sales Manager (Africa)

Enterprise Sales Manager as Freelancer (Home Office)

This position is dependend on your country and is a home office position.

The area: Enterprise

The IITAC enterprise team brings IITAC training and certification to the corporate marketplace. The team works with the CEOs to provide key business training and certification and to improve a product’s vision. As well it provides comprehensive and responsive assistance to IITAC enterprise customers worldwide.

The enterprise team focuses on integrating IITAC services into small and large businesses, educational institutions and government agencies. Consisting of high-achieving training and engineering professionals, we work with a vast array of partners and customers to advance the company’s mission of increasing business qualification.

The role: Enterprise Sales Manager as Freelancer

The sales manager’s main role will be to generate and close sales of the services from IITAC. You will concentrate on selling IITAC bootcamps and certification. Your responsibilities are to generate, develop and close sales opportunities within your assigned territory.

Responsibilities:

Requirements:

Salary: A well defined high share on all sold services.

For immediate consideration, please send a text (ASCII), PDF, Word or HTML version of your resume in english to info@iitac.org. Important: the subject field of your email must include “Enterprise Sales Manager”.

To all recruitment agencies: IITAC does not accept agency resumes. Please do not forward resumes to our jobs alias, IITAC employees or any other company location. IITAC is not responsible for any fees related to unsolicited resumes.

Your Job: Enterprise Sales Manager (Asia)

Enterprise Sales Manager as Freelancer (Home Office)

This position is dependend on your country and is a home office position.

The area: Enterprise

The IITAC enterprise team brings IITAC training and certification to the corporate marketplace. The team works with the CEOs to provide key business training and certification and to improve a product’s vision. As well it provides comprehensive and responsive assistance to IITAC enterprise customers worldwide.

The enterprise team focuses on integrating IITAC services into small and large businesses, educational institutions and government agencies. Consisting of high-achieving training and engineering professionals, we work with a vast array of partners and customers to advance the company’s mission of increasing business qualification.

The role: Enterprise Sales Manager as Freelancer

The sales manager’s main role will be to generate and close sales of the services from IITAC. You will concentrate on selling IITAC bootcamps and certification. Your responsibilities are to generate, develop and close sales opportunities within your assigned territory.

Responsibilities:

Requirements:

Salary: A well defined high share on all sold services.

For immediate consideration, please send a text (ASCII), PDF, Word or HTML version of your resume in english to info@iitac.org. Important: the subject field of your email must include “Enterprise Sales Manager”.

To all recruitment agencies: IITAC does not accept agency resumes. Please do not forward resumes to our jobs alias, IITAC employees or any other company location. IITAC is not responsible for any fees related to unsolicited resumes.

Your Job: Enterprise Sales Manager (Northern America)

Enterprise Sales Manager as Freelancer (Home Office)

This position is dependend on your country and is a home office position.

The area: Enterprise

The IITAC enterprise team brings IITAC training and certification to the corporate marketplace. The team works with the CEOs to provide key business training and certification and to improve a product’s vision. As well it provides comprehensive and responsive assistance to IITAC enterprise customers worldwide.

The enterprise team focuses on integrating IITAC services into small and large businesses, educational institutions and government agencies. Consisting of high-achieving training and engineering professionals, we work with a vast array of partners and customers to advance the company’s mission of increasing business qualification.

The role: Enterprise Sales Manager as Freelancer

The sales manager’s main role will be to generate and close sales of the services from IITAC. You will concentrate on selling IITAC bootcamps and certification. Your responsibilities are to generate, develop and close sales opportunities within your assigned territory.

Responsibilities:

Requirements:

Salary: A well defined high share on all sold services.

For immediate consideration, please send a text (ASCII), PDF, Word or HTML version of your resume in english to info@iitac.org. Important: the subject field of your email must include “Enterprise Sales Manager”.

To all recruitment agencies: IITAC does not accept agency resumes. Please do not forward resumes to our jobs alias, IITAC employees or any other company location. IITAC is not responsible for any fees related to unsolicited resumes.

Your Job: Enterprise Sales Manager (West Europe)

Enterprise Sales Manager as Freelancer (Home Office)

This position is dependend on your country and is a home office position.

The area: Enterprise

The IITAC enterprise team brings IITAC training and certification to the corporate marketplace. The team works with the CEOs to provide key business training and certification and to improve a product’s vision. As well it provides comprehensive and responsive assistance to IITAC enterprise customers worldwide.

The enterprise team focuses on integrating IITAC services into small and large businesses, educational institutions and government agencies. Consisting of high-achieving training and engineering professionals, we work with a vast array of partners and customers to advance the company’s mission of increasing business qualification.

The role: Enterprise Sales Manager as Freelancer

The sales manager’s main role will be to generate and close sales of the services from IITAC. You will concentrate on selling IITAC bootcamps and certification. Your responsibilities are to generate, develop and close sales opportunities within your assigned territory.

Responsibilities:

Requirements:

Salary: A well defined high share on all sold services.

For immediate consideration, please send a text (ASCII), PDF, Word or HTML version of your resume in english to info@iitac.org. Important: the subject field of your email must include “Enterprise Sales Manager”.

To all recruitment agencies: IITAC does not accept agency resumes. Please do not forward resumes to our jobs alias, IITAC employees or any other company location. IITAC is not responsible for any fees related to unsolicited resumes.

Contact




IITAC - International Institute Contact Form

Required contact info:
Optional contact info:
Required contact reason:
Required comments area:
Required anti-spam question:

Time to send it to us:

Secure and Accessible PHP Contact Form v.2.0WP by Mike Cherim & Mike Jolley.

The Company

Contact:

Mail: info (att) iitac.org

Phone: +49 (0) 5221 691 324

IITAC (International Institute for Training, Assessment, and Certification) is a management consulting, technology services, and research organization with high academically background. Committed to delivering innovation, IITAC collaborates with its clients to help them become high-performance business and governments. With industry, and business process expertise, and broad knowledge resources, IITAC can mobilize the right people, skills, and technologies to help clients improve their performance. IITAC facilitates knowledge transfer to people, companies, and organizations, and helps to increase qualification significant. The IITAC trainings, assessments, and certifications are building upon experts’ knowledge. For this IITAC certifications are in compliance with the ISO 17024. The ISO/IEC 17024 (”General Requirements for bodies operating certification of persons”) is intended as a framework for certification bodies operating a certification program for persons and as the standard against which an accreditation body can accredit the certification body. IITAC is providing online tests, assessments, and certifications.

The certifications are designed to do for professionals what other licenses do for information systems professionals - namely, to warrant that they understand the general principles that dictate professional behaviour, and that they know how to apply a specific body of knowledge to a well-understood area of technical activity. In theory IITAC certified know how to handle matters ranging from project management to marketing, from IT-security to IT-anti-security, from quality assurance to quality management. In practice IITAC certified must master a sufficiently large body of knowledge to pass iterative-incremental exams, assessments, and evaluations that covers the most important and specific areas. The IITAC certification has the reputation of being very difficult. Obtaining a IITAC certificate is a long-time but not a lifetime achievement. The idea is to keep up one’s skills and knowledge base and to continue learning new topics and technologies. Organizations staffed with IITAC certified gains a completive edge. Because IITAC are the best in their business, organizations demonstrate to customers, suppliers, and employees alike, the importance they place on professionalism. Additionally, the IITAC certified designation reflects a properly and consistently trained professional staff.

eStore

You can directly book the following at our eStore (http://estore.iitac.org):

In the daytime registration for certification will lead to an enabled account within few time. Do not hesitate to contact us for direct inquiries or special pricing for your on-site training!

IITAC Tiger Team

The security testing process is a discrete event test of a dynamic, stochastic system. The target is a system, a collection of interacting and co-dependent processes, which is also influenced by the stochastic environment it exists in. Being stochastic means the behavior of events in a system cannot be determined because the next environmental state can only be partially but not fully determined by the previous state. The system contains a finite, possibly extremely large, number of variables and each change in variable presents an event and a change in state. Since the environment is stochastic, there is an element of randomness and there is no means for predetermining with certainty how all the variables will affect the system state. A discrete test examines these states within the dynamic system at particular time intervals. Monitoring operations in a continuous manner, as opposed to a discrete one, would provide far too much information to analyze. Nor may it even be possible. Even continuous tests however, require tracking each state in reference to time in order to be analyzed correctly.

A tiger team is a specialized group tasked with testing the effectiveness of an organization’s ability to protect assets by attempting to circumvent, defeat or otherwise thwart that organization’s internal and external security.

Benefits for the client

Security loopholes and potential weaknesses that are detected are immediately reported to the contact (if required), together with a proposed solution. This procedure is suitable for iterative application hardening.

We will not issue a “this application is secure” stamp, since no software is 100% secure. However, it is possible to configure a software product in such a way that the effort involved for a potential attacker is too great to justify the rewards. This is an approach that is also used in areas such as cryptography.

The client receives a comprehensive and substantial final report, including a list and assessment of the remaining risks and suggestions for appropriate countermeasures, thus enabling proactive risk management.

Security Consulting

IITAC - International Institute is a management consulting, technology services, and research organization with high academically background. Committed to delivering innovation, IITAC collaborates with its clients to help them become high-performance business and governments. With industry, and business process expertise, and broad knowledge resources, IITAC can mobilize the right people, skills, and technologies to help clients improve their performance. IITAC facilitates knowledge transfer to people, companies, and organizations, and helps to increase qualification significant. The IITAC trainings, assessments, and certifications are building upon experts’ knowledge. For this IITAC certifications are in compliance with the ISO 17024.

Benefits for the client

Security loopholes and potential weaknesses that are detected are immediately reported to the contact (if required), together with a proposed solution. This procedure is suitable for iterative application hardening.

We will not issue a “this application is secure” stamp, since no software is 100% secure. However, it is possible to configure a software product in such a way that the effort involved for a potential attacker is too great to justify the rewards. This is an approach that is also used in areas such as cryptography.

The client receives a comprehensive and substantial final report, including a list and assessment of the remaining risks and suggestions for appropriate countermeasures, thus enabling proactive risk management.

Copy Protection

In the absence of copy protection, media are easy to copy in their entirety using a machine (as opposed to photocopying each page of a book). This results in a situation where consumers can easily make copies of the items to give to their friends, a practice known as “casual copying”. This practice reduces the number of people in the market who lack the product. Copy protection is most commonly found on videotapes, DVDs, computer software discs, video game discs and cartridges, and more recently, some audio CDs.Companies that choose to publish works under copy protection do so because they believe that the added expense of implementing the copy protection will be offset by even greater increases in revenue by creating a greater scarcity of casually copied media.

For software publishers, a method of copy protection is to write the software so that it requires some evidence from the user that they have actually purchased the software.

IITAC consultants can help to counterfy software and content pirates. Contact us for further information!

Binary Auditing

The value of an independent, objective evaluation of security over private data cannot be underestimated. With a hypersensitive public that expects their information to be kept private, firms have an increasingly more demanding job keeping up with security let alone technology. The same can be said for having an expert Security Engineer oversee or implement your security program. Only an engineer that focuses on security can provide assurance that you are doing all that is appropriate to protect your confidential data.

IITAC’s application security audit services provide insights into as many application or operating system weaknesses as possible. IITAC offers two methods of software security auditing: source code auditing and black box auditing. A source code audit reviews software code either during or after development, while a black box audit reveals vulnerabilities by reverse-engineering your code. Both approaches ensure that security is a core component, rather than an afterthought, of your application development process.

With IITAC’s software security auditing services, you can be sure that your critical enterprise applications will maintain maximum uptime and integrity. IITAC Audit Services is proficient in testing applications across a wide range of organizations, including:

  • IT organizations deploying systems to manage sensitive information;
  • internal development teams rolling out custom-built, proprietary software;
  • and software development companies that want to test their own products.

The overall objective of an application security audit is to evaluate the controls over information technology that are in place and make recommendations for improvement. The result? Recommendations for an appropriate level of protection over confidential, proprietary, or important data. The application security audit is a custom design for you will incorporate your compliance requirements as well as “best security practices” for your organization.

The Audit - Not an Event but a Process: It must be kept in mind that as organizations evolve, their security structures will change as well. With this in mind, the computer security audit is not a one-time task, but a continual effort to improve data protection. The audit measures the organization’s security policy and provides an analysis of the effectiveness of that policy within the context of the organization’s structure, objectives and activities. The audit should build on previous audit efforts to help refine the policy and correct deficiencies that are discovered through the audit process. Whereas tools are an important part of the audit process, the audit is less about the use of the latest and greatest vulnerability assessment tool, and more about the use of organized, consistent, accurate, data collection and analysis to produce findings that can be measurably corrected.

One of our Security Experts will examine your application(s) thoroughly and document the security vulnerabilities. After the analysis, we will document and provide you with recommendations on how best to secure your application. We can even work with your team to fix each security issue. Our approach is simple. A checklist provides a step-by-step system for inspecting the security of your application. For each item on our checklist we detail:

  • Findings: Whether or not we found vulnerability in your application.
  • Reasons: The reason why this item is important to the security of your application.
  • Recommendations: Our recommendations describing what should be done to improve or correct your application.
  • Remediation: For an additional fee, IITAC can help you implement the recommendations

Benefits for the client

Security loopholes and potential weaknesses that are detected are immediately reported to the contact (if required), together with a proposed solution. This procedure is suitable for iterative application hardening.

We will not issue a “this application is secure” stamp, since no software is 100% secure. However, it is possible to configure a software product in such a way that the effort involved for a potential attacker is too great to justify the rewards. This is an approach that is also used in areas such as cryptography.

The client receives a comprehensive and substantial final report, including a list and assessment of the remaining risks and suggestions for appropriate countermeasures, thus enabling proactive risk management.

Digital Rights Management

“Digital Rights Management” is a term used for technologies that control how digital content is used. While copyright holders have exclusive rights of copyright–such as the right to make a copy or the right to distribute a work to the public–thus far they have not had the right to control how works care used (the right to see a work, for example, or to read a work). Digital rights management (DRM) is an umbrella term that refers to access control technologies used by publishers and copyright holders to limit usage of digital media or devices. It may also refer to restrictions associated with specific instances of digital works or devices. To some extent, DRM overlaps with copy protection, but DRM is usually applied to creative media (music, films, etc.) whereas copy protection typically refers to software. In addition, fair use, a statutory exemption to the copyright law, allows users to exercise a copyright under certain conditions. These user privileges are threatened by DRM. Copyright holders (for their part) have acted in response to the proliferation of digital content, where the 100th copy is as pure as the first, and the Internet, which enables the instantaneous distribution of digital content. The development of digital content along with the Internet has propelled content owners and users into a new arena where each is adjusting to ensure, assert and in some cases enhance their rights.

Content owners are looking to DRM technologies as a means to control the use of their content. Many public interest organizations, however, fear that DRM technologies will be “used by copyright owners to erode capabilities that had previously been permitted to the public by copyright law under the “fair use” doctrine (or its cousins, such as first sale or limited term)” (Electronic Frontier Foundation). DRM technologies can be used for more nefarious purposes such as infringing on privacy, personal profiling, price discrimination based on personally-identifiable information and stymieing the development of open source software. For libraries, DRM technologies can additionally impact first-sale, preservation activities, and institute pay-per-use pricing.

Benefits for the client

Security loopholes and potential weaknesses that are detected are immediately reported to the contact (if required), together with a proposed solution. This procedure is suitable for iterative application hardening.

We will not issue a “this application is secure” stamp, since no software is 100% secure. However, it is possible to configure a software product in such a way that the effort involved for a potential attacker is too great to justify the rewards. This is an approach that is also used in areas such as cryptography.

The client receives a comprehensive and substantial final report, including a list and assessment of the remaining risks and suggestions for appropriate countermeasures, thus enabling proactive risk management.

Consulting

Behind every successful business is a huge investment of time and money. If you experience losses, insurance may help cover the damage, but why not be proactive and protect yourself from loss before it happens? Our services will help you reduce your security vulnerability. From security planning and design to consulting services, our services is the expert solution for your security needs.

IITAC - International Institute is a management consulting, technology services, and research organization with high academically background. Committed to delivering innovation, IITAC collaborates with its clients to help them become high-performance business and governments. With industry, and business process expertise, and broad knowledge resources, IITAC can mobilize the right people, skills, and technologies to help clients improve their performance. IITAC facilitates knowledge transfer to people, companies, and organizations, and helps to increase qualification significant. The IITAC trainings, assessments, and certifications are building upon experts’ knowledge. For this IITAC certifications are in compliance with the ISO 17024. The ISO/IEC 17024 (”General Requirements for bodies operating certification of persons”) is intended as a framework for certification bodies operating a certification program for persons and as the standard against which an accreditation body can accredit the certification body. IITAC is providing online tests, assessments, and certifications.

Portfolio

Risk and Vulnerability Assessment – We provide a comprehensive, custom evaluation of your security situation with the goal of identifying deficiencies, limiting losses, and minimizing interruptions to your business. We will check your properties’ vulnerability with our penetration audit to find areas of weakness in building security that could lead to loss. We will interview key employees and members of your management team to identify possible issues and concerns. Our job is to identify the areas and issues that may lead to loss, lawsuits, and recommend appropriate solutions.

Equipment Specifications – As non-product affiliated consultants, we provide honest, unbiased opinions of what you need. We are committed to staying on top of the latest technology in the security industry. We do this by attending all major trade shows each year, participating in ongoing training and education seminars, meeting frequently with numerous manufacturers’ representatives, and by keeping an updated extensive in-house research library. This preparation and experience allows us to offer you the BEST security advice possible.

Security Systems Planning and Design – We offer a full range of security system design services that are ready to be implemented into existing structures or during any phase of construction or renovation. Our expertise encompasses areas such as business and enterprise, education, healthcare, industrial, retail, entertainment complexes, and distribution facilities. Our creative, cost-effective designs provide for a competitive bidding process of all types of security systems such as intrusion detection, malware analysis and IT forensics.

Vendor Engagement – Let us help you select the best security vendor or integrator for your business or evaluate the bids you have already received from vendors. We can provide the specifications and Request for Proposal for the vendors to bid on and assist with contract negotiations, oversight, and inspection to ensure favorable and honest pricing. We have international account status with a wide variety of security vendors to assure our clients receive quick and efficient corrective action. Because we do not accept any commissions or finder’s fees from these vendors, you know you are getting unbiased, professional advice.

Project Management – Our services are chosen by many clients to project manage the installation of their security systems because of our commitment to their needs with an eye toward the bottom line. We not only assist with the planning, but also the master scheduling necessary to coordinate the smooth installation of all phases of your project. Our team of professionals ensures your system is installed properly and that it meets your specific security requirements.

System Testing – Acting on your behalf, we oversee testing and performance evaluations for all of your security systems. This testing ensures your systems function properly.

Investigations and Litigation Support – When necessary, our highly trained investigators work both overtly and covertly to provide clear, concise reports with documentation for all your investigation requirements. We can also assist you and your attorneys in preparing for liability cases and provide expert witness and forensic testimony in cases involving security and premise liability issues. This area is one of the fastest growing specialties among attorneys and multi-million dollar judgments are not uncommon.

Audits and Training – Improving your hiring practices is an excellent way to start down the road to increased profits. We can help you develop programs, policies, and procedures to ensure that you and your business have effective security procedures in place.

Benefits

Many people never consider hiring their own security expert until the need arises. We all see a doctor when we are sick, a lawyer when we are in legal trouble, and a CPA when the IRS comes calling. Using this same logic, why wouldn’t you use an unbiased security consultant when critical security decisions or evaluations need to be made? We are just such a solution. Our team of security professionals specializes in loss prevention. We stand ready to help you reduce loss in all its forms. We are an independent, full-service security and loss-prevention consulting firm. That means that, unlike others in the security business, we are not affiliated with any product or service. Our recommendations are based on your actual needs, not a product or service we represent. Our job is to assess your business and recommend changes to improve security, reduce losses, and retain customers. We are experts in risk and vulnerability assessment. Our consultants evaluate your business and recommend cost-effective solutions to improve your bottom line.

IDA Pro Bootcamp + IITAC Certified IDA Pro Professional (CIDAP)


download flyer here!

The IDA Pro Bootcamp and IITAC Certified IDA Pro Professional (CIDAP) provides with a high sophisticated training trail an ultimate way to show your proven excellence in the field of using IDA Pro in various IT security relevant knowledge domains to address the many challenges of software protection, malware, or exploitation analysis.

Participants get trained with relevant standards, procedures, and methods of using IDA Pro and get trained with high practical background. With successful training and certification participants are able to fulfill extensive binary security analysis and binary auditing processes on software systems and software security environments using IDA Pro. The certification is part of the training trail. The IITAC Certified IDA Pro Professional qualification is aimed at people involved in advanced Binary Auditing. This includes people in roles such as protectionists, malware analysts, exploit developers, security testers or software developers. This professional level qualification is also appropriate for anyone who wants an advanced understanding of Binary Auditing, such as students or security consultants.

IITAC Certified Professional Hacker

The IITAC Certified Hacker provides with a high sophisticated certification trail an ultimate way to show your proven excellence in the field of IT Security according to ISO/IEC 17024 to address the many challenges of IT security, networking, software protection, malware, or exploitation analysis. Hacking in general is the process of discovering the technological principles of a device/object or system through analysis of its structure, function and operation. It often involves taking something apart and analyzing its workings in detail. Hacking is essentially science, using scientific methods. Hacking of systems can be accomplished by various methods. One method is analysis through observation of information exchange.

Against other certification the IITAC Certified Hacker includes modern topics such as Web 2.0, Google Hacking, Web Malware or Binary Auditing.

Participants get certified with relevant standards, procedures, and methods of hacking and get certified with high background. With certification participants are able to fulfill extensive security analysis and hacking processes on IT systems and security environments. The certification is part of the IITAC Black Hat Certification programme. The IITAC Certified Hacker qualification is aimed at people involved in advanced IT security. This includes people in roles such as network administrators, protectionists, malware analysts, exploitation developers, testers, test analysts, test engineers, test consultants, test managers, user acceptance testers and software developers. This professional level qualification is also appropriate for anyone who wants an advanced understanding of hacking, such as students or security consultants.

Delivery Format

Entirely online as e-Certification, with certification assessments and certification exercises. Delivered as multiple choice certification. Damn Vulnerable Linux is provided for free. Some certification solutions have to be provided via screen cast (Camtasia, Instant Demo or Wink).

Educational Level

Each certification level is equivalent to +200 hours of learning effort. According to ISO/IEC 17024 the certification needs to be refreshed after 3 years. Persons interested should possess at least a bachelor’s degree in a related field and should have at least 2 years experience in the field of IT.

Certification Contents (*)

(*) The contents show only the Blocks and Modules. The detailed contents of each module are not listed here!

Optional Training Bootcamps are available but not mandatory!

Vorlesung Entwicklung sicherer Software (Sommersemester 2008)

ACHTUNG: ES HAT SICH AUFGRUND DES WUNSCHES DER STUDENTEN EINE TERMINÄNDERUNG ERGEBEN!

Diese Vorlesung vermittelt Studenten Grundlagen der Entwicklung sicherer Software aus drei unterschiedlichen Sichten. Zum einem wird die Sicht des Secure Software Engineering vermittelt, welches Methoden, Verfahren und Prozesse für die Entwicklung sicherer Software Systeme zur Verfügung stellt. Die zweite Sicht vermittelt den Studenten die Sichtweise des Software Managements, welches für die Erstellung sicherer Software verantwortlich ist. Die dritte Sicht wird von dem Standpunkt des Software Entwicklers aus betrachtet, der für die Implementierung sicheren Codes zuständig ist. Kenntnisse aus den Vorlesungen zur Softwaretechnik und Software-Qualität werden um Sicherheitsaspekte ergänzt. Die Modellierung sicherer Softwaresysteme und die Kenntnisvermittlung von Angriffsmethodiken und sicherer Programmierung sind wesentlicher Anteil der Veranstaltung. Praktische Beispiele vertiefen das Wissen.

Die Vorlesung wird an der Leibnitz Universität Hannover angeboten.

Dozent

Dozent ist Univ.-Doz. Dr. Thorsten Schneider

Veranstaltungsort

Multimedia-Hörsaal der Leibnitz Universität Hannover

Hinweis

Im Rahmen der Vorlesung werden die Vorlesungsfolien bereitgestellt. Weiterhin werden Übungsaufgaben und praktische Übungen für das persönliche Training zur Verfügung gesetellt.

Stoffplan

Abweichungen sind möglich!

Agenda hier!

Block 1 - Secure Software Engineering

Teil 1 - Einführung in das Thema Secure Software Engineering
Teil 2 - Terminologie im Secure Software Engineering
Teil 3 - Modelle im Secure Software Engineering

Folien hier!

Block 2 - Spezifische Methoden des Secure Software Engineering

Teil 1 - Verfahren im Secure Software Engineering
Teil 2 - Management und Secure Software Engineering
Teil 3 - Methoden im Secure Software Engineering

Folien hier!

Block 3 - Secure Code für Web Applikationen

Teil 1 - PHP Exploited
Teil 2 - SQL Injection

Folien hier!

Trainingsmaterial:

Block 4 - Secure Code für Binäre Applikationen

Teil 1 - Sichere C/C++ Entwicklung und Source Code Audits
Teil 2 - Buffer Overflows
Teil 3 - Training: Exploitation von Buffer Overflows

Folien hier!

Trainingsmaterial:

Block 5 und 6 - Grundlagen des Binary Auditing

Teil 1 - Einführung in x86 Assembler
Teil 2 - Einführung in IDA Pro
Teil 3 - Identifikation von HLL Strukturen
Teil 4 - Training: Binary Audits & Crash Analysis
Teil 5 - Training: Binary Auditing von Kopierschutzverfahren

Folien hier!

Terminplan Uni Hannover 15:00 -17:45

Literaturempfehlungen

Weitere Literatur

Jobs

PLEASE LOOK AT THE RIGHT MENU FOR CURRENT JOBS OPENINGS!

For immediate consideration, please send a text (ASCII), PDF, Word or HTML version of your resume in english to info@iitac.org. Important: the subject field of your email must include “Enterprise Sales Manager”.

To all recruitment agencies: IITAC does not accept agency resumes. Please do not forward resumes to our jobs alias, IITAC employees or any other company location. IITAC is not responsible for any fees related to unsolicited resumes.

Archives


Damn Vulnerable Windoze Videos

Navigation

Coming soon!

Damn Vulnerable Windoze

Navigation

Damn Vulnerable Windoze (DVW) is a Windows-based toolset for IT-Security. Actually, it consists of perverted Windows Applications made to be as insecure as possible. Additional it includes a fullscaled lessons for self-study or teaching activities during university lectures. It’s not a Windows Distro, which means it consists of s set of binaries but without changing the native operating system of the host computer. As well it can be run within virtual machine environments, such as qemu or vmware. There is no need to install a virtual machine if you use your own Windows XP or 2003. Its sole purpose in life is to put as many training examples at your disposal with as much training options as it can. It contains a huge ammount of lessons including lesson description. Damn Vulnerable Windoze is meant to be used by both novice and professional security personnel but is not ideal for the binary auditing uninitiated. Damn Vulnerable Windoze assumes you know the basics of binary auditing as most of your work will be done using a debugger like OllyDbg or IDA Pro. If you are completely new to binary auditing, it is a good start to play with this system!

Damn Vulnerable

The Damn Vulnerable Project consists of tools for training on IT security topics. Currently it consists of:

For both section free videos will be provided step by step. They are located here

Damn Vulnerable Linux Videos


Damn Vulnerable Linux

Navigation

Damn Vulnerable Linux (DVL) is a Linux-based tool for IT-Security. Actually, it is a perverted Linux distribution made to be as insecure as possible. It is collection of IT-Security tools. Additional it includes a fullscaled lesson based environment for Attack & Defense on/for IT systems for self-study or teaching activities during university lectures. It’s a Live Linux Distro, which means it runs from a bootable CD in memory without changing the native operating system of the host computer. As well it can be run within virtual machine environments, such as qemu or vmware. There is no need to install a virtual machine if you use the embedded option. Its sole purpose in life is to put as many security tools at your disposal with as much training options as it can. It contains a huge ammount of lessons including lesson description - and solutions if the level has been solved by a community member at crackmes.de.Damn Vulnerable Linux (DVL) is meant to be used by both novice and professional security personnel but is not ideal for the Linux uninitiated. Damn Vulnerable Linux (DVL) assumes you know the basics of Linux as most of your work will be done from the command line. If you are completely new to Linux, it’s best you stop playing with this system.

Damn Vulnerable Linux - Screenshot

Damn Vulnerable Linux (DVL) is integrated into community projects such as crackmes.de (http://www.crackmes.de) and is frequently updated with new community provided lessons. Damn Vulnerable Linux (DVL) is your place either to get the latest Damn Vulnerable Linux (DVL) distribution, to get new lessons, or to submit own lessons based on the Damn Vulnerable Linux (DVL) training system.

The constant website for Damn Vulnerable Linux (DVL) is located at http://www.damnvulnerablelinux.org . Damn Vulnerable Linux (DVL) is for educational purposes only!

IITAC Certified Binary Auditing Professional

In computer security, an exploit is a piece of software, a chunk of data, or sequence of commands that take advantage of a bug, glitch or vulnerability in order to gain control of a computer system or allow privilege escalation or a denial of service attack.

There are several methods of classifying exploits. The most common is by how the exploit contacts the vulnerable software. A ‘remote exploit’ works over a network and exploits the security vulnerability without any prior access to the vulnerable system. A ‘local exploit’ requires prior access to the vulnerable system and usually increases the privileges of the person running the exploit past those granted by the system administrator. Exploits against client applications also exist, usually consisting of modified servers that send an exploit if accessed with client application. Exploits against client applications may also require some interaction with the user and thus may be used in combination with social engineering methods.

Exploits can also be classified by the type of vulnerability they attack. See buffer overflow, heap overflow, integer overflow, return-to-libc attack, format string attack, race condition, code injection, SQL injection, cross-site scripting and cross-site request forgery.

Another classification is by the action against vulnerable system: unauthorised data access, code execution, denial of service.

Many exploits are designed to provide superuser-level access to a computer system. However, it is also possible to use several exploits, first to gain low-level access, then to escalate privileges repeatedly until one reaches root.

Normally a single exploit can only take advantage of a specific software vulnerability. Often, when an exploit is published, the vulnerability is fixed through a patch and the exploit becomes obsolete for newer versions of the software. This is the reason why some blackhat hackers do not publish their exploits but keep them private to themselves or other malicious crackers. Such exploits are referred to as ‘zero day exploits’ and to obtain access to such exploits is the primary desire of unskilled malicious attackers, often nicknamed script kiddies.

A shellcode is a relocatable piece of machine code used as the payload in the exploitation of a software bug which typically allows an unauthorised user to communicate with the computer via the operating system’s command line as a result of exploiting a vulnerability in software running on the machine. Normally stored as a null terminated string, it cannot contain null characters.

A shellcode may be used as an exploit payload, providing a cracker with command line access to a computer system with the privileges of the process that has been exploited. To avoid detection by anti-intrusion measures and to store more than one string, crackers often make use of self-decrypting code, polymorphic code and alphanumeric code.

Shellcodes can be stored in a process’ memory space and subsequently executed as a result of the attacker gaining control of the program counter using vulnerabilities such as stack and heap-based buffer overflows, or format string attacks. There are various methods of controlling the program counter which vary between operating systems and processor architectures. They include but are not limited to: overwriting the return address in a stack frame, overwriting exception handlers and Windows-based shatter attacks.

Certification Goals

Participants get trained with relevant standards, procedures, and methods of developing exploits and shellcodes and get trained with high practical background. With certification participants are able to fulfil extensive binary security analysis and binary auditing processes on software systems and software security environments.

Provider:

IITAC (International Institute for Training, Assessment, and Certification)

Delivery Format:

Entirely online as e-Certification only, with training material and exercises, full self-study oriented human supervision optional, delivered as exercise and homework oriented certification.

Educational Level:

Certification, equivalent to +100 hours of learning effort, according to ISO 17024 the certification needs to be refreshed after 3 years.

Language:

English

Requirements:

Persons interested should possess at least a bachelor’s degree in a related field and should have at least 2 years experience in the field of software development and Reverse Code Engineering.

Malware Analysis Bootcamp + IITAC Certified Malware Auditor (CMA)


download flyer here!

The IITAC Malware Analysis Bootcamp and Certified Malware Auditor (CMA) provides with a high sophisticated training trail an ultimate way to show your proven excellence in the field of malware analysis and malware Reverse Code Engineering in various malware relevant knowledge domains to address the many challenges of viruses, Trojans or Rootkit analysis.

Participants get trained with relevant standards, procedures, and methods of Reverse Code Engineering / Binary Auditing of malware and get trained with high practical background. With successful training and certification participants are able to fulfill extensive binary malware analysis and binary auditing processes on viruses, Trojans, or Rootkits. The certification is part of the training trail. The Certified Malware Auditor (CMA) qualification is aimed at people involved in advanced analysis tasks. This includes people in roles such as AV team leaders, malware analysts, or Reverse Code Engineers. This professional level qualification is also appropriate for anyone who wants an advanced understanding of Binary Auditing, such as students or security consultants.

Reverse Code Engineering Bootcamp + IITAC Certified Reverse Code Engineering Professional (CRCEP)


download flyer here!

The Reverse Code Engineering Bootcamp and IITAC Certified Reverse Code Engineering Professional™ (CRCEP) provides with a high sophisticated training trail an ultimate way to show your proven excellence in the field of Reverse Code Engineering and Binary Auditing in various IT security relevant knowledge domains to address the many challenges of software protection, malware, or exploitation analysis.

Participants get trained with relevant standards, procedures, and methods of Reverse Code Engineering and Binary Auditing and get trained with high practical background. With successful training and certification participants are able to fulfill extensive binary security analysis and binary auditing processes on software systems, copy protections, or malware. The certification is part of the training trail. The Certified Reverse Code Engineering Professional™ qualification is aimed at people involved in advanced analysis tasks. This includes people in roles such as protectionists, malware analysts, exploit developers, security testers or software developers. This professional level qualification is also appropriate for anyone who wants an advanced understanding of Binary Auditing, such as students or security consultants.

Why Certification?

Benefits of the IITAC Certification

The fundamental objective of the IITAC certification programme is to raise qualification as part of business excellence. IITAC certification aims to facilitate iterative-incremental qualification and the dissemination of good practice. IITAC is directed towards commercials and academicals. A “programme” is more than just an e-Learning medium (e.g. CBT, simulation tool), an event of e-Communication (e.g. e-Lecture, discussion forum, virtual classroom session) or a learning sequence of short duration. All elements mentioned may be part of the programme. A programme in terms of the IITAC certification is to meet the following criteria:

The IITAC certified credential is a key differentiator in the selection process for analyst positions, new assignments of the professional expertise and knowledge within the software security profession. If you plan to build up a career in IT – one of today’s most visible professions – and you have at least 2 years of experience in the IT sector then a IITAC certification should be your next career goal.

About the IITAC Certification

The certifications are designed to do for professionals what other licenses do for information professionals – namely, to warrant that they understand the general principles that dictate professional behaviour, and that they know how to apply a specific body of knowledge to a well-understood area of technical activity. In theory IITAC certified know how to handle matters. In practice IITAC certified must master a sufficiently large body of knowledge to pass iterative-incremental exams, assessments, and evaluations that covers the most important and specific areas.

The IITAC certification has the reputation of being very difficult. And obtaining a IITAC certificate is not a lifetime achievement, either – IITAC certified must fulfil a re-assessment to stay certified. The idea is to keep up one’s skills and knowledge base and to continue learning new topics and technologies.

Organizations staffed with IITAC certified gains a completive edge. Because IITAC certified are the best in their business, organizations demonstrate to customers, suppliers, and employees alike, the importance they place. Additionally, the IITAC certified designation reflects a properly and consistently trained professional staff.

The IITAC Certification Design

The IITAC is an online e-Certification with no need to invest in expensive travelling or workshops. The IITAC process consists of a number of assessments and examinations. The IITAC process starts with sending us your technical curriculum vitae. After preliminary screening and successful test of the IITAC criteria a first entry exam is send to you. Depending on a positive entry exam, you enter the complete IITAC process. The exams are given to you in a sequential order. After solving each exam, the solution is peer-reviewed by at least two reviewers. The IITAC certification process finalizes with an final exam on a specific given topic and is reviewed by at least two reviewers. The certificate will be send by snail mail.

Vorlesung C++ Programmierung (Wintersemester 2007/2008)

Thema Folien Aufgaben
  Einführung pdf pdf (Lösung)
  Arrays und Zeiger pdf pdf (Lösung)
  Arrays und Zeiger (Teil 2) pdf pdf (Lösung)
  Speicher pdf pdf
  Fällt aus    
  Strukturen pdf pdf (liste.c++)
  Klassen pdf pdf
  Standard Template Library pdf pdf
  Tools pdf pdf (Lösung)
  Standard Template Library pdf pdf
  STL Algorithmen pdf (OpenGL) p3-opengl-linux.zip,
p3-opengl-macosx.zip
  Stream IO pdf pdf
  Exceptions pdf
  Zusammenfasung pdf

Übungen

Die Übungen finden Montags um 16:15 Uhr (Gruppe A und B) Dienstags um 14:15 Uhr (Gruppe C) statt.

Die Übungen dienen zur Vertiefung des Vorlesungsstoffs durch selbständige Bearbeitung von Übungsaufgaben am Rechner. Zu jeder Übung wird ein Aufgabenblatt mit einer oder mehreren Aufgaben bereitgestellt.

Klausur

Am Ende des Semesters wird eine Klausur geschrieben.

Material

Aufbau und Inhalt der Vorlesung orientieren s