— TRAINING COURSES —


topics include
  • Security Nuances of Private,
    Semi-Private and Open Networks
  • Common Medical Device Exploits
  • Secure Design and Implementation
  • Encryption Functions
  • Key Management
  • Secure EHR Integration
  • Secure Network Protocols
Register
Medical Device Security (1/2 Day)

Overview

This course provides the foundation for the secure design and implementation of the core cybersecurity technologies found in clinical, therapeutic and diagnostic medical devices. Taught by instructors with extensive backgrounds in secure medical device design and implementations, coursework will also include cyber-related regulatory compliance, HIPAA guidance, and secure network integration with EHR and other healthcare data repositories and services.

Participants will be presented with common medical device exploit categories and industry best practices for implementing defenses against common vulnerabilities. The coursework will explore secure architectures for medical device firmware, including cryptographic primitives, encryption functions and sound key management practices. Secure communications protocols for both wired and wireless networking, and integration with cloud endpoints, will also be reviewed.

Who should attend?

This class is intended for technology professionals involved with the development and support of medical device firmware, user space software, networking protocols and associated hardware components.

Course Preparation

General familiarity with medical device architectures and functions.

training@harborlabs.com

 


topics include
  • Web Application Development
  • Cybersecurity Design Life Cycles
  • Secure Configuration and Policy Management
  • Proper Implementation of Cryptographic Protocols (SSL/TLS)
  • Authentication
  • Web-based Attacks
  • Secure Coding Practices
  • Vulnerability Assessment
  • Browser Security
Register
Cybersecurity for Applications Developers (2 Days, 12 CPEs)

Overview

This course provides hands-on training on securing web applications and avoiding common pitfalls that lead to vulnerable systems. Students will learn about common cybersecurity errors in application development as we describe and demonstrate problem areas in applications. We utilize a running example of an application in a web application framework that we designed with some common vulnerabilities. We will perform a vulnerability analysis and source code analysis. In the hands-on labs, we will learn to discover the vulnerabilities, to fix them, and to avoid them in the future.

The course also covers browser security issues, correct use and configuration of such protocols as TLS, and handling of certificates. We will study common attacks such as XSS, CSRF, and SQL injection and learn how to build applications that are resistant to these and other attacks. Finally, we will cover secure coding practices for developers, contrasting good and bad code examples.

Who should attend?

This class is intended for anyone who wants to learn about how to include security requirements in the software development life cycle and how to properly configure, test, and deploy applications that include popular and well-regarded security mechanisms. The students should be familiar with at least one common web application frameworks.

Course Preparation

General application development knowledge or Computer Science background. Familiarity with web application development and web application containers.

training@harborlabs.com


topics include
  • Wireshark
  • PCAP files
  • Network protocol analysis
  • Live packet capture, retroactive analysis
  • TCP/IP and popular application-layer protocols (e.g., HTTP)
  • MITM (man-in-the-middle)
  • DNS injection
  • ARP cache poisoning
  • Charles Proxy
Register
Network Forensics Using Wireshark (2 Days, 12 CPEs)

Overview

Network forensics can be generally defined as monitoring a network for anomalous traffic and intrusions, and analyzing captured network traffic to reconstruct the underlying semantics. Wireshark is a free, multi-platform network packet capture and analysis tool. It has become the standard bearer for network analysis. Wireshark enables you to troubleshoot hundreds of network protocols including the entire TCP/IP suite (e.g., DNS, HTTP, and SMTP). The packet-centric approach of Wireshark is not limited to protocol troubleshooting, it is also useful for performing network forensic analysis.

In this course, you will become intimately familiar with Wireshark as we perform a live network analysis on a simulated network (i.e., virtualized network). In particular, we provide in-class instruction on the setup, configuration, and use of Wireshark, as well as in-class activities that further explore these concepts. We also provide a variety of network packet captures that will guide you through the retroactive analysis of an unknown network.

Once you have become comfortable with Wireshark, we will describe a set of network attacks and the tools that perform them. Working in small groups, you will use these tools to perform a network attack that another group will analyze in real-time. The goal is for every student to successfully perform a network attack and identify an attack using Wireshark.

The course concludes with an active capture the flag exercise.

Who should attend?

This class is intended for anyone who wants to learn about how network protocols work in the context of hands-on network packet analysis. The students should be familiar with basic networking and TCP/IP, with the concept of network layering, and with how to use a standard application user interface.

Course Preparation

General IT knowledge or Computer Science background. Laptop required.

training@harborlabs.com


topics include
  • Submission Requirements
  • Schedule & Fees Management
  • UL CAP Testing & Evaluation Process
  • UL 2900-compliant design process
  • Disqualifying Designs and Performance
  • Resubmission
  • Marketing and Promotion of Certification
Register
UL 2900-2-1 Compliance (1/2 Day)

Overview

Recognizing the market impact of the UL standard on medical device manufacturing clients, Harbor Labs is pleased to offer the UL 2900-2-1 Compliance course. Taught by instructors who have worked directly with medical device manufacturers as they achieved 2900-2-1 certification, this course is designed to accelerate the UL CAP certification process and align client products with postmarket cybersecurity regulatory requirements.

In this course, participants will be presented with an overview of the submission process, to include UL CAP testing methods and scoring criteria, required documentation, interaction with the UL CAP team, disqualifying events to avoid, schedules and fees, and the resubmission process. Instruction will also include the creation and management of internal 2900-2-1-compliant design and manufacturing processes that will accelerate future submissions.

Who should attend?

This class is intended for any medical device technologist responsible for submitting a medical device for UL-2900-2-1 certification.

Course Preparation

Technical and functional knowledge of the medical device(s) to be submitted for certification.

training@harborlabs.com