ＨｉｄｅＺｅｒｏＯｎｅ

EC-Council’s Certified Chief Information Security Officer Program has empowered information security professionals to achieve their professional goals across the globe. It is a program developed and delivered by seasoned security executives. It equips future executives with business and technical knowledge so they can succeed at the highest levels of the security industry. The Program is designed by seasoned CISOs to help train professionals in the business of security. The Certified CISO Program is a global community of security leadership focused on delivering security capabilities aligned to the business.

Many organizations deploy private registry servers in their internal/external application development/deployment environment. Unfortunately, most often, these servers are not securely deployed. In this entirely lab based course, we will look at various configurational vulnerabilities in docker registry servers. In these labs we have used common deployment architectures of a registry server and shown how an attacker can get valuable information out of images stored on the server.

Today, all enterprises, large and small depend on VoIP to provide voice communication both internally and externally to the company. Most organizations even have dedicated Voice VLANs and/or physical ports to carry VoIP traffic. Hence, it is important to understand VoIP traffic, security concerns and its encryption/decryption for network forensics and Red-Blue teaming purposes. This course does exactly that!

Most of us have used Wireshark either academically or professionally for traffic analysis. Its a great tool for microscopic analysis of what is happening in the network. However, its greatest strength is also its greatest weakness i.e. it is extremely difficult to do macroscopic analysis, create custom reports, extract only certain fields from packets for offline analysis etc. This is where Tshark comes in! Tshark is a command line tool created by the Wireshark team and shares the same powerful parsing engine as Wireshark. It is capable of doing most things we’ve come to love Wireshark for, but with the “from command line” advantage. This makes it ideal for batch analysis, offline processing and routine automation of traffic analysis tasks. In this course, we will explore many of these capabilities. It is assumed you have a basic working knowledge of Wireshark and traffic analysis.

The C|SCU curriculum is designed to educate computer users on the more practical aspects of networking and security, allowing them to expand their computer skills. Students will develop a foundational understanding of a variety of computer and network security concerns, including identity theft, credit card fraud, online banking phishing scams, malware, loss of sensitive information, and social engineering. This certification is an excellent complement to educational offerings in the domain of security and networking.

Have you ever wondered about how web applications are attacked in the real world and what you can do to mitigate every attack? The Web Defense Professional Learning Path will illustrate exactly how each attack works, what the impact of each attack is, how to fix it, and how the exploit no longer works after the fix. This learning path will also give you in-depth, practical advice about how to simplify your defense and how to implement attack mitigations that actually work (regardless of you having access to the source code or not).

Learning path at a glance:

• Close the gap between Web application attack and defense
• Mitigation advice for multiple platforms and languages
• The most comprehensive and practical coverage of the OWASP Testing Guide
• Comprehensively aligned to OWASP methodologies, tools, and tests
• Covers and goes beyond OWASP TOP 10
• Detailed techniques and methodology to simplify the defense of web applications
• No boring theory: practice-oriented curriculum
• Over 20 different lab scenarios to practice with
• Advanced usage of OWASP ZAP, OWASP OWTF, ModSecurity…
• Coverage of OWASP Cheat Sheets, OWASP OpenSAMM, OWASP ModSecurity Core Rule Set