Training

Benefit from our experience in creating
secure, robust, cost-effective embedded systems

MathEmbedded Security Training Courses range from short, embedded security primers to intensive, technical, hands-on security implementation workshops.


Securing Embedded Linux

Linux is increasingly popular for connected embedded devices.

Choose a 3, 4 or 5-day course to include all the technical detail your team needs to harden the OS and your applications against malicious or accidental security breaches, topics include:

  • Common attacks and mitigations
  • Threat modelling
  • Introduction to cryptography
  • Secure boot and the chain of trust
  • Hardening the Linux kernel
  • Sandboxing applications
  • Network and Communications attacks
  • Hardware and side-channel attacks
  • Secure software update mechanisms
  • Using Open Source code
  • Security testing and release control
Each technical topic is supported by hands-on practical sessions, which make up about 50% of the course time.

Trainees take away comprehensive notes and a Linux VirtualBox VM containing all the practical exercises.

The Wargame

During the course, trainees work through the challenges on our 'capture the flag' vulnerable Linux server.

Thinking like an attacker helps you to understand how to better protect your system.


Defensive Embedded C

Still the language of choice for most embedded systems, C is notorious for introducing accidental security holes.

This 2 or 3-day course teaches you to design, code and test C applications with security in mind, going beyond normal coding best practice, you'll understand and protect against:

  • Command Injection
  • Buffer Overflow
  • Integer Overflow
  • Format String attacks
  • Side Channel attacks
  • Memory Management vulnerabilities
  • TOCTOU vulnerabilities
  • Race Conditions
  • Insecure IPC
  • Information leakage in debug and error output
Design and code secure applications by integrating security requirements and secure coding practices into your existing workflow:

  • Secure Software Development Lifecycle
  • Coding Standards for Security and Safety
  • Using Encryption and Authentication
  • Code Signing
  • Security Code Review and Test
  • Static and Dynamic Analysis


Secure Software Development Lifecycle

This one-day course can help you to integrate security best practice into all stages of your development lifecycle, with:

  • Measurable, testable security requirements
  • Secure software architecture
  • System threat modelling
  • Security risk assessment
  • Security implementation practices
  • Security testing
  • Release management
Of these topics, Threat Modelling is probably the most unfamiliar to most, so we include a detailed exercise, working through a realistic threat model and security risk assessment.

Workshops

All our courses can be adapted to include workshops that tackle your specific security concerns (under your NDA).

In these expert-led sessions, your engineers and managers get a head start in turning theory into practice while it's still fresh in their minds.