دسته: دوره ها

Threat Modeling aims to improve security through the practice of identifying threats, attacks vulnerabilities for the purpose of defining countermeasures to prevent or mitigate loss, damage or destruction of an application, system or data.

Syllabus

Threat Modeling Fundamentals

Performing Threat Modeling with the Microsoft Threat Modeling Methodology

Performing Threat Modeling with the OCTAVE Methodology

Performing Threat Modeling with the PASTA Methodology

Threat Modeling with the Microsoft Threat Modeling Tool

Building and Leading an Effective Threat Modeling Program

Pluralsight: Threat Modeling

ادامه مطلب

PHP is one of the most widely-used web programming languages in the world. In this course, you’ll learn to write more secure PHP code. Web applications are under attack every day. PHP, being one of the most widely-used programming languages on the web, is one of the main targets. Some oddities, especially those of older versions, facilitate some of the attacks. This course, PHP Web Application Security, helps developers to understand security risks, how vulnerabilities can be exploited, and how to avoid those attacks. First you’ll learn about how to defend against cross-site scripting, including new approaches such as content security policy. Next, you’ll learn about how cross-site request forgery works, why it works so well, and how you can implement protection using PHP. Finally, the course will wrap up by teaching you how to protect against SQL injection attacks, covering not only MySQL, but also other relevant databases PHP supports. By the end of this course, you’ll have the knowledge to anticipate and defend against the major threats against web applications today.

Syllabus

PHP Web Application Security

Input Validation

Cross-site Scripting (XSS)

SQL Injection

State Management

Cross-site Request Forgery (CSRF)

Storing Passwords

Error Handling

Conclusion

Pluralsight: Web Application Security

ادامه مطلب

This skill will teach you a basic understanding and applicability of Zero Trust Architecture (ZTA). The intention of this skill is to help you understand the foundational concepts of Zero Trust Architecture (ZTA), when and how to employ it, as well as understanding the resource implications and related decisions that need to be made. We also cover determining the deployment scenarios and use cases for ZTA, as well as migrating to and maturing associated programs.

Syllabus

Zero Trust Architecture (ZTA): Getting Started

Zero Trust Architecture (ZTA): Strategize and Establish

Zero Trust Architecture (ZTA): Use Case Identification and Implementation

Zero Trust Architecture (ZTA): Migration, Review and Maturation

Pluralsight: Zero Trust Architecture (ZTA)

ادامه مطلب

In today’s threat landscape, sophisticated adversaries have routinely demonstrated the ability to compromise enterprise networks and remain hidden for extended periods of time. To achieve this, malware authors employ a wide variety of obfuscation and anti-analysis techniques at each phase of an attack. Developing the skills necessary as a malware analyst to properly detect, triage and reverse engineer advanced attacker intrusion tactics and techniques requires experience and a diverse set of tools and skills. In this path you will develop the skills and knowledge necessary to analyze malicious office documents, dig deep into native and interpreted code through disassembly and decompilation, identify and defeat prevalent obfuscation techniques. The courses in this path with take you from malware analysis basics to advanced topics so that you can generate valuable threat intelligence to aid in your efforts to defend your organization, respond more effectively to an incident or gain deeper understanding of the latest malware threats. This skills path may assist in attaining the knowledge and skills outlined in the NICE Cybersecurity Workforce Framework in the following areas: K0259 & K0479 Knowledge of malware analysis concepts and methodologies. S0131 Skill in analyzing malware.

Syllabus

Malware Analysis Fundamentals

Malware Analysis: Initial Access Techniques

Malware Analysis: Malicious Activity Detection

Malware Analysis: Initial File Triage

Getting Started Analyzing Malware Infections

Getting Started with Reverse Engineering

Pluralsight: Malware Analysis

ادامه مطلب

Virtualization is used by IT professionals in the datacenter, on the desktop, and in the cloud to gain tremendous efficiency. In this path, you’ll learn everything you need to know about server, desktop, storage, and network virtualization to get you started in today’s virtualization-dependent world.

Syllabus

Virtualization: The Big Picture

Fundamentals of Server Virtualization

Fundamentals of Storage Virtualization

Fundamentals of Network Virtualization

Virtualization in the Real World

Pluralsight: Fundamentals of Virtualization

ادامه مطلب

Testing network security controls and discovering vulnerabilities are important parts of any organizations security plan. Nmap (“Network Mapper”) is a free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X.

Syllabus

Getting Started with Nmap 7

Testing Security Controls and Detecting Vulnerabilities with Nmap 7

Maximizing Nmap 7 for Security Auditing

Scanning for Vulnerabilities with Nmap 7 Scripting Engine (NSE)

Pluralsight: Information Security Testing and Auditing with Nmap

ادامه مطلب