A Splunk Enterprise Security (ES) Admin manages a Splunk Enterprise Security environment, including ES event processing and normalization, deployment requirements, technology add-ons, settings, risk analysis settings, threat intelligence and protocol intelligence configuration, and customization’s. This skill demonstrates an individual’s ability to install, configure, and manage a Splunk Enterprise Security deployment.
Threat Modeling aims to improve security through the practice of identifying threats, attacks vulnerabilities for the purpose of defining countermeasures to prevent or mitigate loss, damage or destruction of an application, system or data.
PHP is one of the most widely-used web programming languages in the world. In this course, you’ll learn to write more secure PHP code. Web applications are under attack every day. PHP, being one of the most widely-used programming languages on the web, is one of the main targets. Some oddities, especially those of older versions, facilitate some of the attacks. This course, PHP Web Application Security, helps developers to understand security risks, how vulnerabilities can be exploited, and how to avoid those attacks. First you’ll learn about how to defend against cross-site scripting, including new approaches such as content security policy. Next, you’ll learn about how cross-site request forgery works, why it works so well, and how you can implement protection using PHP. Finally, the course will wrap up by teaching you how to protect against SQL injection attacks, covering not only MySQL, but also other relevant databases PHP supports. By the end of this course, you’ll have the knowledge to anticipate and defend against the major threats against web applications today.
This skill will teach you a basic understanding and applicability of Zero Trust Architecture (ZTA). The intention of this skill is to help you understand the foundational concepts of Zero Trust Architecture (ZTA), when and how to employ it, as well as understanding the resource implications and related decisions that need to be made. We also cover determining the deployment scenarios and use cases for ZTA, as well as migrating to and maturing associated programs.
Testing network security controls and discovering vulnerabilities are important parts of any organizations security plan. Nmap (“Network Mapper”) is a free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X.
NIST defines an Intrusion Detection System (IDS) as software that looks for suspicious activity and alerts administrators. In the NIST Special Publication 800-62 it goes on to say that it is a security service that monitors and analyzes network or system events for the purpose of finding, and providing real-time or near real-time warning of, attempts to access system resources in an unauthorized manner. NIST Special Publication 800-161 states that an Intrusion Prevention System (IPS) is software that has all the capabilities of an intrusion detection system and can also attempt to stop possible incidents. Such systems are key in enterprise network security monitoring. This skills path is designed for anyone looking to learn and utilize the most popular open source IDS/IPS tools; Snort, Suricata and Zeek (formally Bro). The learner can study the tool that best fits their needs and environment or review all three. For each tool you will gain an understanding of the fundamentals of each tool in the getting started courses. You’ll then discover scripting and rule sets, before looking at extensions, frameworks and integrations. The final course will be utilizing the tools in an enterprise environment or for distributed operations.
