Purple Teaming

3 intensive days, 2 trainers and 2 teams – red and blue – fighting for your application. Workshops created to improve both offensive and defensive security skills in your organisation.

Based on our experience in finding and fixing vulnerabilities, our own research and emergency response to incidents, we present this unique training for project teams.

What’s innovative about this approach:
        – we focus on attacking and defending a real application, YOUR application,
        – we may find vulnerabilities in the application, so security reconnaissance is included 😉
        – unique combination of competition and cooperation,
        – we can reconfigure the environment and make corrections live. 
        – we meet on site, in your office,

Two teams: 
Red – the team of developers, security champions and people interested in learning offensive security .
Blue – the team of admins, devops, cloud infrastructure specialists, and people interested in detection and prevention.

On the first day, we start by analyzing the application from a business level:

1. Functionalities it offers
2. Business processes
3. Types of users 

And from a technical level:
1. how it is build
2. its components
3. what the infrastructure looks like
4. how the application monitoring method is implemented

Then we learn how to perform threat modelling based on the application – we create scenarios that will be used later by the Red Team.

After lunch, we start with an introduction to security testing
1. Use of an HTTP proxy
2. Common vulnerabilities and ways to detect them

At the end of the first day, we run Capture The Flag contest, because we believe in hands-on experience. 

Second and third day look as follows:
1. The Red Team is just hacking all day long and the Blue Team is defending the application.
2. Trainers guide and assist each team,
3. We share and document:
        – Achievements of both teams,
        – Scenarios and test cases,
        – Findings, bugs, questions,
        – Problems we faced,
        – Solutions we found.

At the end of each day, we gather together and share the findings and actions of each team.

In the end of the workshop we focus on what can be improved in case of security of this application and it’s setup.

If you want to combine offensive and defensive workshops with lots of hands-on experience for your teammates and learn about your application security posture feel free to contact us.

Case study

How did we increase the security of online banking applications?

The client was one of the leading banks with a website for individual and business entities. The scope tests covered transaction website security, payment management services, financial exchange and loan products.

More soon…
They trusted us

Become a Client

and let’s build your safe future together

Book a Call

or leave a message