Pluribus One Training offer


Course title: Machine Learning and Artificial Intelligence


Objectives and general description:
the course aims to introduce the basic elements of Machine Learning and Artificial Intelligence, using several application examples, from biometric recognition to image classification, and detection of malware. The main algorithms and techniques of Machine Learning and Artificial Intelligence will be discussed, including deep neural networks, together with the corresponding methodologies of design, development and performance evaluation.
The aim of the course is to provide participants with the ability to design Machine Learning and Artificial Intelligence systems in order to solve some application problems. There is also a technical session in which will be shown how to use some recent libraries of Machine Learning and Artificial Intelligence for the Python language, including PyTorch and Scikit-Learn
.


Training modules:

    1. Introduction to Machine Learning Systems and Artificial Intelligence (3 hours)
      - Basics of Machine Learning and Artificial Intelligence.
      - Abstraction models for data representation.
      - Supervised and unsupervised automatic learning.
      - Design and performance evaluation (training / test).

    2. Supervised Learning Algorithms (4 Hours)
      - Distance-based classification: Nearest Mean Centroid and kNN classifiers.
      - Decision Trees and Random Forests.
      - Support Vector Machines.
      - Neural Networks
      .

    3. Deep Learning and Convolutional Neural Networks (3 Hours)
      - Introduction to Deep Learning.
      - Convolutional Networks (Convolutional Neural Networks).
      - Image classification and other examples.
      - Confusing neural networks: the problem of adversarial examples
      .

    4. Practical session (6 hours)
      - Data Representation with Python.
      - Example of linear and non-linear classification with Scikit-Learn and / or PyTorch.
      - Example of classification of multi-dimensional data (face images).
      - Example of performance estimation.

Total expected length: 16 hours

Additional information:
  1. Place (main): the courses will be held in the Pluribus One operational premises - Zona Industriale CASIC, Elmas (CA), Via Segrè 19, 09067, Sardinia, Italy.
  2. Other locations: under request the courses can be held through digital platforms or in other locations, also out of Sardinia.


Course title: Web security


Objectives and general description:
the course presents the basic concepts of web application security, providing learners with a complete overview of the vulnerabilities that most commonly afflict the web applications and consequently the attacks that, by exploiting these vulnerabilities, can be brought against the applications themselves. For each vulnerability, the course also provides a guidance on the most appropriate mitigation actions to be implemented to reduce the impact of any attacks. The course is dedicated primarily to web developers and to those who want to approach the verification of the safety of the web applications.
In order to provide learners with vulnerability verification tools, some of the most relevant projects that the OWASP Foundation promotes today, will be illustrated in module 1: "OWASP Top 10", "OWASP Proactive Controls", "OWASP Application Security Verification Standard". As part of modules 2 and 3, the most common attacks will be illustrated in detail: a test environment will be made available to learners in order to conduct practical tests to identify vulnerabilities and related mitigation actions
.


Training modules:

    1. Introduction to Web Security (6 hours)
      - Theoretical session (4 hours)
      • Unified general scheme for web security assessment with concrete application examples.
      • Presentation and classification of each of the TOP 10 OWASP and of the OWASP projects within the unified general scheme.
      - Practical session (2 hours)
      Identification and mitigation of general and typical vulnerabilities of the web systems.

    2. TOP Ten OWASP – Part 1 (5 Hours)
      - Theoretical session (2 hours)
      • Data Code attacks, with particular focus on those listed in the TOP 10 OWASP:
      Injection.
      XML External Entities.
      Cross-site Scripting.
      - Practical session (3 hours)
      Identification and mitigation of problems presented in the theoretical session.

    3. TOP Ten OWASP – Part 2 (5 Hours)
      - Theoretical session (2 hours)
      • Authentication attacks, access control, availability and confidentiality, with particular focus on those listed in the TOP 10 OWASP:
      Broken authentication.
      Broken Access Control.
      Sensitive Data Exposure.

      - Practical session (3 hours)
      • Identification and mitigation of problems presented in the theoretical session.

Total expected length: 16 hours

Additional information:
  1. Place (main): the courses will be held in the Pluribus One operational premises - Zona Industriale CASIC, Elmas (CA), Via Segrè 19, 09067, Sardinia, Italy.
  2. Other locations: under request the courses can be held through digital platforms or in other locations, also out of Sardinia.


Course title: Threat Modeling on Information Systems


Objectives and general description:
Threat Modeling is an activity that allows, through the modeling of an information system, the identification and enumeration of all the threats to which the system is potentially exposed. It represents a fundamental phase in the design of information systems, which allows to identify possible security problems and related mitigation measures starting from the design phase, ensuring significant savings in the mitigation of security design flaws. As part of this course, an initial overview of Threat Modeling will be provided, showing some of the commonly used methodologies in this type of activity (e.g. Microsoft's STRIDE methodology), and the use of the commonly used graphical representations (Data Flow Diagrams) in modeling activities. The CAPEC catalog of classification and enumeration of threats will also be presented; it allows classification and enumeration of threats according to a standard taxonomy.



Training modules:

    1. Theoretical session (5 hours)
      - Threats taxonomy; STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege); DREAD (Damage Potential, Reproducibility, Exploitability, Affected Users, Discoverability).
      - Software graphical representation models for the detection of vulnerabilities and related management procedures; Data Flow Diagrams.
      - Representation of "attack trees" for the identification of possible threaths and identification of techniques and technologies for their mitigation in different application contexts.
      - The threat classification classification of the CAPEC (Common Attack Pattern Enumeration and Classification) catalog.
      - The OWASP threat modeling projects
      .

    1. Practical session (3 Hours)
      During the practical session, learners will be able to put into practice the concepts learned during the theoretical session, carrying out a threat modeling activity on a sample system.

Total expected length: 8 hours

Additional information:
  1. Place (main): the courses will be held in the Pluribus One operational premises - Zona Industriale CASIC, Elmas (CA), Via Segrè 19, 09067, Sardinia, Italy.
  2. Other locations: under request the courses can be held through digital platforms or in other locations, also out of Sardinia.


Course title: Introduction to Python


Objectives and general description:
the course aims to introduce the Python programming language and its "ecosystem", providing learners with a complete overview of the language, its main features and some of the standard libraries. The course also aims to briefly illustrate the "best practices" used in the practical development of Python applications. The course is aimed at software developers and system administrators, with a particular focus on the needs of Web application developers.



Training modules:

    1. Introduction to the language and development environment - Part 1 (4 hours)
      - Theoretical session (2 hours)
      Introduction to the Python language:
      • History & evolution, new developments.
      • General characteristics of the language and differences with other languages.
      • Possible applications, strengths & weaknesses, concrete examples of use.
      Development environment, basic concepts.
      • Writing and execution of the code: editor, Interpreters, Ide.
      • Dependencies management and "virtual environments": PIP, Virtualenv, Conda.
      - Practical session (2 hours)
      Python installation, environment setup and early examples:
      • Python installation and dependency management. Standard distribution and other distributions.
      • Creation of a "virtual environment", installation and export of dependencies.
      • Writing and execution of the first code.

    2. Python syntax - Part 1 (6 Hours)
      - Theoretical session (4 hours)
      • General syntax, indentation and comments.
      • Variables, data types, operators, functions.
      • Input & Output (Base & Intermediate): "Print" and "Input" Command line input, log on file, error handling, read & write files.
      • Flow control: if, for, while, break, continue.
      - Practical session (2 hours)
      • Practical exercises based on what was presented in the theoretical session.

    3. Python syntax - Part 2 (4 Hours)
      - Theoretical session (2 hours)
      • Introduction to data structures.
      • Structuring the code - (basic): modules and "Import" of libraries.
      • Input & Output (Advanced): Introduction to XML and JSON, Serialization & Deserialization (Pickle Format).
      • Data structures in detail: Lists, Dictionaries, Tuples, Sets.
      - Practical session (2 hours)
      • Practical exercises based on what was presented in the theoretical session.

    4. Development environment - Part 2 (2 Hours)
      - Theoretical session (2 hours)
      • Testing the code: testing libraries, PEP 8, static code testing.
      • Code security: search for vulnerabilities.

    5. Python syntax - Part 3 (4 Hours)
      - Theoretical session (3 hours)
      Structuring the code - intermediate: submodules, packages.
      • Python OOP - basic: classes, abstract classes, multiple inheritance.

Total expected length: 20 hours

Additional information:
  1. Place (main): the courses will be held in the Pluribus One operational premises - Zona Industriale CASIC, Elmas (CA), Via Segrè 19, 09067, Sardinia, Italy.
  2. Other locations: under request the courses can be held through digital platforms or in other locations, also out of Sardinia.


Course title: DNS Analysis and Botnet detection


Objectives and general description:
the course aims to introduce the DNS operating principles showing legitimate services and the abuse of DNS-related services, used as a support to perform cyber attacks. The course will also show the Host-based prevention and diagnostics and the detection techniques through network traffic analysis and the analysis of suspicious URLs.

 


Training modules:

    1. DNS traffic analysis aimed at detecting Botnet Malware - Part 1 (3 hours)
      - DNS operating principles. Legitimate services.
      - Abuse of DNS-related services and infrastructure use as a support to cyber attacks.
      - Botnets' working, typologies and structure. Channels of communication between bots and control server.

    2. DNS traffic analysis aimed at detecting Botnet Malware - Part 2 (3 hours)
      - Host-based prevention and diagnostics.
      - Detection techniques. Network traffic analysis.
      - Analysis of suspicious URLs.

Total expected length: 6 hours

Additional information:
  1. Place (main): the courses will be held in the Pluribus One operational premises - Zona Industriale CASIC, Elmas (CA), Via Segrè 19, 09067, Sardinia, Italy.
  2. Other locations: under request the courses can be held through digital platforms or in other locations, also out of Sardinia.


Course title: Design of a GDPR-compliant system


Objectives and general description:
the course aims to provide key insights (with high return on investment) for the development/adaptation of your business processes and information systems to achieve GDPR-compliance, i.e., to achieve the main requirements of GDPR according to our framework in four steps.

 


Training modules:

    1. Design of a GDPR-compliant system
      - Data audit:
      • Business Processes.
      • Data processing Activities.
      • Personal data.
      - Data Management Policies:
      • Data transfers and GDPR guarantees.
      • Access control and authentication.
      • Scope of data processing.
      • Legal base of data processing.
      • User roles for Access Control.
      • Retention.
      • Data Subject Rights.
      • Data Subject Notification.
      - Data Breach Detection:
      • Logging mechanisms.
      • Anomaly/behavioral-based event analysis.
      • Alert notification and analysis.
      - Incident Response Plan:
      • Virtual Patches.
      • Backups.
      • Recovery mechanisms.
      • Notification:
           • Secure channels.
           • Templates.
       - Data Protection Impact Assessment (DPIA):
      • Risk-based mitigation activities (in all phases).
      • Software solutions.

    2. Secure communications
      • Embedded in your GDPR-compliant system.
      • Email (S/MIME).

    3. Nods
      - Registry of data processing activities:
      • Motivations.
      • Requirements.
      • Software solutions.
      - Certification Scenarios:
      • Audit in all GDPR phases: ISO 19011.
      Privacy by design: ISO/IEC 27001.

    4. Written Test (expected duration: 40 minutes) with certificate release.

Total expected length:
    1. Complete (40 hours): the course will present in detail all points in the outline with concrete/practical examples and advices
    2. Light (16 hours): the course will briefly present all main points in the outline and will provide the key links for a follow-up

Additional information:
  1. Place (main): the courses will be held in the Pluribus One operational premises - Zona Industriale CASIC, Elmas (CA), Via Segrè 19, 09067, Sardinia, Italy.
  2. Other locations: under request the courses can be held through digital platforms or in other locations, also out of Sardinia.


Course title: Vulnerability Assessment (VA) & Penetration Testing (PT)


Objectives and general description:
in this course, purely practical, are provided the bases for the assessment of vulnerability, simulation of a cyber attack on real systems, and the documentation of VA/PT activities carried out, with the analysis of the results. The activity will include the study and use of free and/or open-source tools, such as operating systems, network scanners, web scanners, automatic vulnerability verification platforms, anonymization software, dedicated web proxies and online services useful for verification of vulnerability/simulation of cyber attacks.


Training modules:

    1. Linux Distribution for VA/PT: KALI Linux

    2. Network/server Assessment
      - NMAP.
      - OpenVAS.

    3. Attacker anonymization
      -
      TOR network & browser.

    4. CMS Scanners

    5. Online Resources
      - Immuniweb.
      - Qualys.
      - Exploit DB.
      - Google Dorks.

Total expected length: 12 hours

Additional information:
  1. Place (main): the courses will be held in the Pluribus One operational premises - Zona Industriale CASIC, Elmas (CA), Via Segrè 19, 09067, Sardinia, Italy.
  2. Other locations: under request the courses can be held through digital platforms or in other locations, also out of Sardinia.

Info

Pluribus One S.r.l.

Via Bellini 9, 09128, Cagliari (CA)

info[at]pluribus-one.it

PEC: pluribus-one[at]pec.pluribus-one.it

 

Legal entity

Share capital: € 10008

VAT no.: 03621820921

R.E.A.: Cagliari 285352


 

University of Cagliari

  Pluribus One is a spin-off of the Department of Electrical and Electronic Engineering, University of Cagliari, Italy

 

Certifications