Back

Purple Teaming

3 intensive days, 2 trainers and 2 teams – red and blue – fighting for your application. Workshops created to improve both offensive and defensive security skills in your organisation.

Based on our experience in finding and fixing vulnerabilities, our own research and emergency response to incidents, we present this unique training for project teams.

What’s innovative about this approach:
        – we focus on attacking and defending a real application, YOUR application,
        – we may find vulnerabilities in the application, so security reconnaissance is included 😉
        – unique combination of competition and cooperation,
        – we can reconfigure the environment and make corrections live. 
        – we meet on site, in your office,

Two teams: 
Red – the team of developers, security champions and people interested in learning offensive security .
Blue – the team of admins, devops, cloud infrastructure specialists, and people interested in detection and prevention.


On the first day, we start by analyzing the application from a business level:

1. Functionalities it offers
2. Business processes
3. Types of users 

And from a technical level:
1. how it is build
2. its components
3. what the infrastructure looks like
4. how the application monitoring method is implemented

Then we learn how to perform threat modelling based on the application – we create scenarios that will be used later by the Red Team.

After lunch, we start with an introduction to security testing
1. Use of an HTTP proxy
2. Common vulnerabilities and ways to detect them

At the end of the first day, we run Capture The Flag contest, because we believe in hands-on experience. 



Second and third day look as follows:
 
1. The Red Team is just hacking all day long and the Blue Team is defending the application.
2. Trainers guide and assist each team,
3. We share and document:
        – Achievements of both teams,
        – Scenarios and test cases,
        – Findings, bugs, questions,
        – Problems we faced,
        – Solutions we found.

At the end of each day, we gather together and share the findings and actions of each team.

In the end of the workshop we focus on what can be improved in case of security of this application and it’s setup.

If you want to combine offensive and defensive workshops with lots of hands-on experience for your teammates and learn about your application security posture feel free to contact us.

Case study

How did we increase the security of online banking applications?

The client was one of the leading banks with a website for individual and business entities. The scope tests covered transaction website security, payment management services, financial exchange and loan products.

More soon…
They trusted us

You may also like

Security Aware Developer

Security workshops for project teams that instill knowledge of common issues in application development. They are based on real-life attack scenarios and best practices for their prevention.
Read more

Practical AWS Security Training

The growing number of intrusions into cloud environments shows that securing data and resources in cloud requires appropriate competencies. We offer training for project teams dedicated to AWS safety.
Read more

Hackflix & Skill – Security Series for developers

An interactive course in which, together with Buggy, we will guide your project team through the most common vulnerabilities we encounter in our security tests. A few seemingly insignificant bugs can lead to fatal consequences. Let’s prevent them!
Read more

Become a Client

and let’s build your safe future together

Book a Call

or leave a message