7Safe Training


7safe-logoCourse Title:  Certified Application Security Tester (CAST)
Course Length:  4 days
Web Link:  https://www.7safe.com/professional-development/certified-digital-forensics-courses/details/cast-advanced-application-security-testing-hands-on
Useful preparation for:     CREST Certified Web Applications Tester

CREST Overview
The CAST course is billed as an advanced application security course and as such a number of pre-requisites are recommended before attendance. The advanced nature of the course means a number of topics are not included, however these topics are generally in line with the intended audience.

The course is heavily weighted towards practical components of the CREST Web Applications syllabus and theory is learned through a combination of presentation slides and practical labs. Being an application focused course the relevant infrastructure components of the Web Applications syllabus are not covered, however the course is not intended for this purpose.

It is difficult for a course of this length to cover all components of the CREST Web Applications syllabus and this is the case with CAST.  However the labs are excellent, particularly the several practical exercises on SQL Injection and Cross Site Scripting.

This course provides useful practical experience and would benefit a suitable experienced consultant or developer as part of a structured learning programme towards the CREST Web Applications certification.

About the Course
This is an advanced practical 4 day web hacking training course for penetration testers, security researchers and security professionals needing to learn the art of security testing web applications.

This hands-on course helps the attendees gain in-depth knowledge on how to identify security vulnerabilities and subsequently identify the real risk of these vulnerabilities by exploiting them. The course also covers the syllabus, and is therefore ideal preparation, for the CREST Certified Tester (Application) qualification. The training utilises a collection of up-to-date modern hacking tools required for conducting a complete web application security assessment.

CAST is ideally suited to individuals that are working in an application testing (security assessment/administration) or developer environment, those preparing for the CREST Certified Tester (Application) qualification, or those who believe they are up for the challenge.

The CAST course is eligible for funding from the Tech Partnership Training Fund.


Course Title:  Certified Wireless Security Analyst (CWSA)
Course Length:  2 days
Web Link:  https://www.7safe.com/professional-development/certified-digital-forensics-courses/details/cwsa—wireless-security
Useful preparation for:   CREST Certified Wireless Specialist / CREST Registered Penetration Tester (wireless components)

CREST Overview
The CREST Certified Wireless Specialist examination is heavily focussed on 802.11; in fact no other wireless technologies are covered.  The course covers this topic well and provides a good introduction to candidates on the tools used to assess the security of 802.11 networks. More advanced topic on cracking wireless encryption mechanisms are included and practical exercises provide the requisite experience in these areas.  Additionally enterprise security content, complete with an example lab, is included.

The CREST Wireless Specialist syllabus covers a wide range of wireless technologies and as such any recommendation for this course should be viewed in the guise of 802.11 networks only (Appendix F).

About the Course
On this 2 day wireless security training course delegates will gain an understanding of: the evolution of wireless security; how hackers bypass wireless security; implementing wireless security measures; and the cryptographic principles behind the protocols and the attacks. Hands-on exercises reinforce theory with practice, allowing delegates to see how the methods work for themselves.

CWSA is suited to those responsible for, or with an interest in, the security of wireless networks and Wi-Fi enabled devices, including but not limited to: IT Managers, Systems/Network Administrators, IT Security Professionals and Forensic/Network Investigators.

The CWSA course is eligible for funding from the Tech Partnership Training Fund.


Course Title:  Certified Security Testing Associate (CSTA)
Course Length:  4 days
Web Link:  https://www.7safe.com/professional-development/certified-digital-forensics-courses/details/csta—ethical-hacking
Useful preparation for:  CREST Registered Penetration Tester (Infrastructure components)

CREST Overview
This course is aimed at candidates focusing on the CREST CRT certification.  It concentrates on infrastructure components of the syllabus with application security covered in a separate course (CSTP).

The course covers a wide range of topics, many of which are echoed on the CRT syllabus however it cannot considered exhaustive with a number of key components not covered; in particular content related to Appendix F Unix Security, should be reviewed.

Although a very hands on course it would benefit from discussing or at least documenting Appendix A of the CREST syllabus.  The course is aimed at CRT level testers and as such an understanding of law and compliance and the importance of reporting should be covered.  To that effect, syllabus content in Appendix A should be reviewed.

Some basic content is not covered however it does provide an entry level into CRT revision and the practicals would be of great benefit.

It is important to stress to candidates seeking CRT related courses that this course only covers the infrastructure components of the exam.

About the Course
CSTA takes delegates on a journey through the various stages of a hacking attack, or equally a penetration test, from initial information discovery and target scanning through to exploitation, privilege escalation and retaining access.

On this 4 day course, practical exercises reinforce theory with each delegate having access to a Windows 2008 domain (server and workstation) along with a Linux server. Although the course demonstrates current hacking techniques, this is always done with defence in mind and countermeasures are discussed throughout.

The course is ideally suited to anyone with responsibility for, or with an interest in, the security of IT systems, such as: system administrators, auditors, IT security officers, information security professionals and budding penetration testers.

The CSTA course is eligible for funding from the Tech Partnership Training Fund.


Course Title:  Certified Security Testing Professional (CSTP)
Course Length:  2 days
Web Link:  https://www.7safe.com/professional-development/certified-digital-forensics-courses/details/CSTP_ethical_web_application_hacking
Useful preparation for:     CREST Registered Penetration Tester / CREST Certified Web Applications Tester

CREST Overview
The CSTP course is heavily aligned with the OWASP Top 10 of 2013 with each section of the course explaining the individual OWASP issue and backing up the theory with the practical exercises. Obviously a great deal of the issues in the OWASP list align with the application components in the CREST CRT syllabus, however it is not exhaustive.

From a practical standpoint the course excels and the practical exercises would be of great benefit to CRT level candidates. Practicals include comprehensive SQL and Cross Site Scripting labs, exercises on Session Management and Authentication as well as other OWASP categories.

From a practical standpoint this course is recommended for candidates at the CRT level and provides a good level of coverage for a candidates aiming to improve their web application skills.

It is important to note that 7Safe provides two courses aimed at the CRT level; one application and one infrastructure.  No infrastructure is included in this course.

About the Course
CSTP covers the fundamentals of the industry-recognised OWASP Top Ten – “the ten most critical web application security risks”. Web application flaws can leave an organisation and its customers vulnerable to attack. This is why knowledge of, and protection against, the ‘OWASP Top Ten’ is an essential component of modern information security strategies and a requirement of the Payment Card Industry Data Security Standard (PCI DSS).

On this 2 day course, practical exercises reinforce theory as candidates test functional ASP.NET and PHP applications. The course demonstrates hacking techniques with defence in mind and countermeasures are discussed throughout.

The course is ideally suited to anyone responsible for, or with an interest in, the security of web applications, such as: system administrators, auditors, IT security officers, information security professionals, budding penetration testers, QSAs and anyone subject to the requirements of PCI DSS.

The CSTP course is eligible for funding from the Tech Partnership Training Fund.

Course Title:  Malware Investigations (CMI) – hands on
Course Length:  4 days
Web Link:  https://www.7safe.com/professional-development/certified-digital-forensics-courses/details/cmi-malware-investigation-training
Useful preparation for:  CREST Registered Intrusion Analyst

CREST Overview
The CMI course aims to align to the CREST Registered Intrusion Analysis qualification and does cover a number of topics that would be useful in preparation for this exam.

It is by no way exhaustive, as it is difficult for any course of this length to be, however through a combination of both theory and practical exercises common techniques for malware analysis are discussed.

The course would benefit candidates embarking on their journey towards CRIA, however it would not be suited to those seeking a more advanced level of instruction, particularly in areas such as network intrusion analysis.  It is important to note that the course has not been specifically designed to cover all topics of the CREST syllabus and as such a number of pre-requisites should be satisfied by candidates undertaking this training, as time restrictions prohibit the coverage of a number of core areas such as Section B and Section C of the CRIA syllabus.

About the Course
This 4 day training course is designed to extend your knowledge beyond conventional static computer forensics analysis. You will be guided through the process of conducting malware analysis, from the principles surrounding the different analysis environments and 7Safe’s malware investigation methodology to investigating network activity stemming from malicious software infection.

You will learn how to analyse and interpret malicious software and associated forensic artefacts including Trojan horses, viruses and worms:


Course Title:  Advanced Forensic Investigation (CFIS) – hands on
Course Length:  4 days
Web Link:  https://www.7safe.com/professional-development/certified-digital-forensics-courses/details/cfis-advanced-forensic-investigation
Useful preparation for:  CREST Certified Host Intrusion Analyst

CREST Overview
The CFIS course covers a number of areas useful for candidates preparing for their CCHIA exam. Candidates should be aware that the course is not exhaustive and expects a good level of forensics/intrusion knowledge before attending.

The course has not been designed specifically to align to the CREST syllabus  and would be best suited to candidates embarking on their journey towards CC HIA.

About the Course
This advanced 4 day course will provide you with the knowledge and skills to capture and process data from ‘live’ systems and an awareness of the latest guidelines and artefacts available on current Windows operating systems to enable you to conduct an efficient and comprehensive analysis.

About 7Safe Education
7Safe is a leading provider of cyber security and digital investigation services offering a diverse portfolio including penetration testing, PCI DSS compliance consulting, eDiscovery, digital forensic investigation and related education and training.  Established in 2001, 7Safe was acquired by PA Consulting Group, a global management and technology consulting firm, in December 2011.  Together we offer a comprehensive, worldwide information security service portfolio that is second to none, supporting clients ranging from global energy firms, world-leading law firms as well as a number of major government departments.

At 7Safe we believe that education is a cornerstone of effective information security and have therefore developed a highly regarded portfolio of university-accredited courses and certifications.  Our portfolio of 14 courses includes six ethical hacking training courses, five digital forensics training courses, and three information security training courses – with the courses ranging from foundation to advanced-level.   All our training is developed and delivered by our practicing consultants, an approach that guarantees up-to-date, highly relevant real-world content.  Each of our certifications culminates in an examination for an industry recognised qualification and can also be used as part of a Masters-level information security qualification we offer in partnership with De Montfort University.