Trainings und Workshops

我很乐意以自由职业者的身份支持您设计和实施量身定制的研讨会与培训课程。

联系信息

• 邮箱: training@lauritz-holtmann.de
• 领英: Connect on LinkedIn

英文版本见下文

在这个通过“氛围编码”仅需几个提示就能生成概念验证应用的时代，对企业员工进行定期培训以建立和维护IT安全意识至关重要。为此，我提供围绕IT安全各种主题的定制化研讨会和培训课程。这些课程既可以在您公司远程进行，也可以现场实施。

我的目标是传授可在日常工作中直接应用的实践知识。我非常注重根据参与者的具体需求和知识水平调整内容。动手练习和互动元素也是我培训课程中不可或缺的组成部分。

关于我

我是 Lauritz Holtmann，一名独立的IT安全顾问和渗透测试员，拥有IT安全硕士学位。八年来，我一直帮助企业使其IT基础设施和应用程序更加安全。我对IT安全的热忱以及在实践中积累的经验，使我能够将复杂的主题以易于理解和贴近应用的方式传授给大家。

可能的主题领域

根据您的个性化需求和参与者的知识水平，培训和研讨会可以针对不同的主题领域进行定制。可能的主题包括但不限于：

安全的软件开发 早在我的IT安全学习期间以及作为渗透测试员的工作中，我就深入研究了安全软件开发的挑战和最佳实践。在我的安全软件开发研讨会和培训中，我传授实践知识，以帮助开发人员和团队在开发过程的早期就考虑安全方面的问题。

此背景下的主题包括：

• 安全软件开发基础（SDLC）
• 网络应用和移动应用中的常见安全漏洞（OWASP Top 10， OWASP Mobile Top 10）
• 避免网络和移动应用程序中安全漏洞的最佳实践
• 识别和修复示例应用程序中安全漏洞的实践练习

2025年春季，我曾有幸在 Business Unicorns GmbH 的内部“Business Unicorns（BU）安全冠军”计划中展示本研讨会的内容。

单点登录与身份验证方法 不仅仅是在我完成关于“单点登录安全性（真实OpenID Connect实现的安全分析）”的硕士论文之后，我才深入研究身份验证方法及其安全实现。在过去几年中，作为众多渗透测试和漏洞赏金计划的一部分，我分析并检查了各种身份验证方法是否存在安全漏洞。在此过程中，我发现了数十个安全漏洞，并通过负责任披露和漏洞赏金计划报告给供应商。在这方面值得一提的例如有 CVEs CVE-2020-10770（Keycloak）、CVE-2023-6134（Keycloak）和 CVE-2024-21637（Authentik）。

此背景下适合研讨会探讨的领域包括：

• 身份验证方法和单点登录（SSO）基础
• 实施SSO解决方案时的安全方面和挑战
• SSO实现中的常见安全漏洞和攻击向量（OAuth 2.0， OpenID Connect， SAML）
• 分析和保护SSO实现的动手练习

2025年12月，我有幸在 Personio 的一个研讨会中展示了部分此类内容。该研讨会除了理论内容外，还包括在一个专门开发的动手实验环境中进行实践练习，用于分析和保护SSO实现（NodeJS SP + Keycloak 作为 IdP），以及分享来自我的漏洞赏金活动（仅限已披露的报告）的真实安全漏洞案例。

English Version

I am happy to support you as a freelancer in developing and conducting tailored workshops and training sessions:

Contact

• Email: training@lauritz-holtmann.de
• LinkedIn: Connect on LinkedIn

In today’s world, where PoC applications generated through vibe-coding are only a few prompts away, it is essential for employees to receive regular training to build and maintain awareness of IT security. I offer tailored workshops and training sessions on various IT security topics, delivered either remotely or on-site at your company.

My goal is to provide practical knowledge that can be directly applied in day-to-day work. I place great emphasis on adapting the content to the specific needs and knowledge levels of the participants. Hands-on exercises and interactive elements are an integral part of my training and can be tailored to your requirements.

Possible Topics Depending on your individual requirements and the knowledge level of the participants, the training and workshops can be tailored to various topics. Possible topics include:

Secure Software Development During my studies in IT security and my work as a penetration tester, I have intensively dealt with the challenges and best practices of secure software development. In my workshops and training sessions on secure software development, I convey practical knowledge to help developers and IT teams consider security aspects early in the development process.

Topics in this context include:

• Basics of secure software development (SDLC, DevSecOps)
• Common security vulnerabilities in web applications and mobile applications (OWASP Top 10, OWASP Mobile Top 10)
• Best practices for avoiding security vulnerabilities in web and mobile applications
• Practical exercises for identifying and fixing security vulnerabilities in sample applications

In spring 2025, I had the opportunity to present content from this workshop as part of the internal “Business Unicorns (BU) Security Champion” program of Business Unicorns GmbH.

SSO and Authentication Methods Not only since my master’s thesis on Single Sign-On Security (Security Analysis of real-life OpenID Connect Implementations) have I been intensively dealing with authentication methods and their secure implementation. In recent years, I have analyzed and examined various authentication methods for security vulnerabilities as part of numerous penetration tests and bug bounty programs.

Topics in this context include:

• Basics of authentication methods and Single Sign-On (SSO)
• Security aspects and challenges in implementing SSO solutions
• Common security vulnerabilities and attack vectors in SSO implementations (OAuth 2.0, OpenID Connect, SAML)
• Hands-on exercises for analyzing and securing SSO implementations

In December 2025, I had the opportunity to present content from this workshop as part of a workshop with Personio. The workshop included not only theoretical content but also practical exercises in a specially developed hands-on lab for analyzing and securing SSO implementations, as well as insights into real security vulnerabilities from my bug bounty activities (disclosed reports only).

If you are interested in my most recent research or disclosed advisories, feel free to check them out! A full CV is avaiable here.