We also offer other security assessments, such as code reviews, design and architecture reviews, and consulting support. For these services, please contact us directly.
Secure Product Creation
Gives a comprehensive overview of security in product development.Participants will learn which activities to anchor in all phases of the traditional software development lifecycle (SDLC), but this course goes far beyond that.
Unlike other courses, the pen-umbra training covers also such aspects as: user manuals, coordinated disclosure, market communication, and post-market activities.
Best for: Security Professionals, Managers, Leaders, Architects, Product Owners, Process Owners
For more details, see training overview
Security in the Development Team
Provides hands-on skills relevant for the daily activities of product engineering efforts: software development, testing, and DevSecOps.Participants will exit with immediately applicable skills such as analyzing code for security weaknesses, deploying and running automated security tests, and threat modeling.
Best for: Developers, QA Engineers, Security Engineers
For more details, see training overview
Security Laws and Regulations
Regulatory compliance is a qualifying characteristic in the market and this training makes achieving compliance clear and straightforward.With pen-umbra, compliance is not a monotonous and tedious topic! That's because we focus on real-life examples and exercises showing how regulations help secure real industrial applications.
We focus on providing participants with practical knowledge for achieving compliance and understanding the vision and idea behind specific regulations and requirements.
Best for: Compliance Specialists, Managers, Process Owners
For more details, see training overview
White-Hat Hacking
Learn by applying offensive techniques in a simulated industrial environment, with a variery of targets to exploit live during the training, using both black-box and white-box techniques.Optional: automate security tooling for daily automatic assessments of your newest development build. Note: participants are required to bring a Linux laptop and basic Linux command line knowledge.
Best for: Security Specialists, Developers, Architects, QA Engineers
For more details, see training overview
Penetration testing
Pen-umbra security® started as a penetration testing business and this remains one of our core competencies. Our penetration testing team brings years of experience in assessing the security of industrial devices and has found flaws of all criticality levels in numerous industrial systems.Based on an initial overview of the target system, our team will provide three levels of depth for you to choose from: Average, High, and Highest. The choice of how much time we spend assessing your system, and thus to what level of detail we can go, is always yours.
The main delivery of a penetration test is a professional report, containing both a high-level overview as well as a detailed breakdown of all findings, risk assessment, and recommended actions.
| Training overview | ||||
|---|---|---|---|---|
| Secure Product Creation |
Security in the Dev Team |
Security Laws and Regulations |
White-Hat Hacking |
|
| Product Security Overview |  |
|
|
 |
| Security-by-Design | |
|
|
|
| Threat Modeling | |
|
|
|
| Security architecture and design patterns | |
|
|
|
| Security frameworks NIST CSF, MITRE EMB3D, and others as relevant |
|
|
|
|
| OWASP Top 10 | |
|
|
|
| Software Bill of Materials (SBOM) | |
|
|
|
| Supply Chain Security | |
|
|
|
| Incident Response in Product Security | |
|
|
|
| Risk Management | |
|
|
|
| Regulatory Overview | |
|
|
|
| NIS2 | |
|
|
|
| IEC 62443 | |
|
|
|
| Cyber Resilience Act (CRA) | |
|
|
|
| Medical Devices Security FDA Guidances |
|
|
 |
|
| Security Testing Overview | |
|
|
|
| Black-box testing Incl. vulnerability scanners |
|
|
|
|
| White-box testing Incl. code reviews, taint flow analysis |
|
|
|
|
| Web and API security Attack, defence, basic exploitation |
|
|
|
|
| OWASP Top 10 exploitation | |
|
|
|
| Advanced exploitation techniques | |
|
|
|
| IoT and IIoT attacks | |
|
|
|
| Buffer overflow workshop | |
|
|
|
| General information | ||||
| Duration | 3 days | 2 days | 2 days | 3 days |
| Training materials | |
|
|
|
| Price | $1,249* | $849* | $849* | $1,249* |
*prices per person for groups of 1 - 5. Discounts available above 5 participants.
stars mark optional content.