ＨｉｄｅＺｅｒｏＯｎｅ

Syllabus

PHP Web Application Security

Input Validation

Cross-site Scripting (XSS)

SQL Injection

State Management

Cross-site Request Forgery (CSRF)

Storing Passwords

Error Handling

Conclusion

Pluralsight: Web Application Security

This skill will teach you a basic understanding and applicability of Zero Trust Architecture (ZTA). The intention of this skill is to help you understand the foundational concepts of Zero Trust Architecture (ZTA), when and how to employ it, as well as understanding the resource implications and related decisions that need to be made. We also cover determining the deployment scenarios and use cases for ZTA, as well as migrating to and maturing associated programs.

Syllabus

Zero Trust Architecture (ZTA): Getting Started

Zero Trust Architecture (ZTA): Strategize and Establish

Zero Trust Architecture (ZTA): Use Case Identification and Implementation

Zero Trust Architecture (ZTA): Migration, Review and Maturation

Pluralsight: Zero Trust Architecture (ZTA)

Syllabus

Getting Started with Nmap 7

Testing Security Controls and Detecting Vulnerabilities with Nmap 7

Maximizing Nmap 7 for Security Auditing

Scanning for Vulnerabilities with Nmap 7 Scripting Engine (NSE)

Pluralsight: Information Security Testing and Auditing with Nmap

NIST defines an Intrusion Detection System (IDS) as software that looks for suspicious activity and alerts administrators. In the NIST Special Publication 800-62 it goes on to say that it is a security service that monitors and analyzes network or system events for the purpose of finding, and providing real-time or near real-time warning of, attempts to access system resources in an unauthorized manner. NIST Special Publication 800-161 states that an Intrusion Prevention System (IPS) is software that has all the capabilities of an intrusion detection system and can also attempt to stop possible incidents. Such systems are key in enterprise network security monitoring. This skills path is designed for anyone looking to learn and utilize the most popular open source IDS/IPS tools; Snort, Suricata and Zeek (formally Bro). The learner can study the tool that best fits their needs and environment or review all three. For each tool you will gain an understanding of the fundamentals of each tool in the getting started courses. You’ll then discover scripting and rule sets, before looking at extensions, frameworks and integrations. The final course will be utilizing the tools in an enterprise environment or for distributed operations. 

Syllabus

1. Enterprise Security Monitoring with Snort
2. Enterprise Security Monitoring with Suricata
3. Enterprise Security Monitoring with Zeek (formerly Bro)

Pluralsight: Enterprise Security Monitoring with Open Source Network IDS & IPS

Regular expressions are universally embedded in the world of information technology. They are a part of many programming languages, databases, search engines, and command-line tools. As an information security professional, you are continuously analyzing textual data for indicators of compromise, juicy data morsels to exfiltrate, forensic artifacts, supporting evidence in threat hunting, and so much more. Familiarity with regular expressions is a skill, a very life-enhancing essence if you like, to take your information security analysis capabilities from “just ok” to “wizard level.” They are applicable in so many places that you really cannot afford to not have this knowledge.Join me for a four-hour session that takes you on a journey through regular expression POSIX, BRE, ERE, and PCRE syntax and explores various tools that you probably use daily through the lens of regular expressions. Your life will be forever changed when you can apply the power of regular expressions to your professional duties.

Antisyphon: Regular Expressions, Your New Lifestyle w/ Joff Thyer