Instructor-Led Security Training

VSR offers a variety of training services including application security and incident response & forensic training. Our trainers have significant hands-on consulting expertise and familiarity with real-world risks. They can provide your staff with the insights necessary to avoid or mitigate those risks.

Foundations of Application Security

VSR teaches developers the foundations of secure software development. During the course, instructors demonstrate major classes of vulnerability affecting applications today and common methodologies used to identify and correct those vulnerabilities. Students gain exposure to penetration testing techniques useful when testing their own software for vulnerabilities.

Students are be taught approaches for avoiding and correcting major security flaws. VSR's trainers provide both generalized instruction and techniques that can be applied to any application, and specific methods approrpiate for the tools and languages currently used by your developers. Developers are taught how to identify vulnerable software components, mitigate potential existing flaws and systematically avoid creating insecure components when writing new code.

This course can also be custom tailored to address application security concerns observed during our penetration testing or code reviews of your applications. This provides developers with examples that are relevant to the code they work with regularly.

This class is offered in one-day and two-day versions. The two-day version of the class includes additional labs and hands-on exploitation of common vulnerabilities.

Introduction to Incident Response and Forensic Analysis

VSR's introductory course in digital forensics and incident response is designed to provide a solid foundation for digital investigators by focusing on both high-level collection and analysis procedures, in addition to task oriented tools in a hands-on lab environment.

The incident response methodologies presented are designed to maximize the amount of useful evidence collected, while minimizing the impact to production environments. The forensic analysis portion of the course provides an in-depth look at the primary data structures of multiple filesystems and file formats where evidence can be found. This three-day course is presented in alternating lecture and lab sessions so students can immediately apply theory to realistic situations.

Apple iOS / OSX: Foundation NSXMLParser XXE Vulnerability

XML Schema, DTD, and Entity Attacks

IBM WebSphere Commerce: Encrypted URL Parameter Vulnerable to POA

Timothy D. Morgan presents No Crack Required: Cryptanalysis in Real-World Applications at OWASP AppSecUSA 2012.


Contact us by phone,
fax or e-mail:

Phone: 617.933.8919
Fax: 617.933.8920