برچسب: Security

The next generation of security leadership must bridge the gap between security staff and senior leadership by strategically planning how to build and run effective security programs. Yet, creating a security strategy, executing a plan that includes sound policy coupled with top-notch leadership is hard for IT and security professionals because we spend so much time responding and reacting. We almost never do strategic planning until we get promoted to a senior position, and then we are not equipped with the skills we need to run with the pack. This information security course will provide you with the tools to build a cybersecurity strategic plan, an entire IT security policy, and lead your teams in the execution of your plan and policy. By the end of class you will have prepared an executive presentation, read 3 business case studies, responded to issues faced by 4 fictional companies, analyzed 15 case scenarios, and responded to 15 Cyber42 events.

Syllabus

MGT514.1: Strategic Planning Foundations
MGT514.2: Strategic Roadmap Development
MGT514.3: Security Policy Development and Assessment
MGT514.4: Leadership and Management Competencies
MGT514.5: Strategic Planning Workshop

MGT514: Security Strategic Planning, Policy, and Leadership

ادامه مطلب

DevOps is taking the world by storm, but the often overlooked part is that keeping applications secure is increasingly important. So how do you keep your entire development chain secure and within compliance? This path answers that question by showing you the fundamentals of DevSecOps and keeping your CI/CD pipelines safe while incorporating security best practices into your DevOps lifecycle.

Syllabus

DevSecOps: The Big Picture

Approaching Automated Security Testing in DevSecOps

Performing DevSecOps Automated Security Testing

Integrating Automated Security Testing Tools

Integrating Incident Response into DevSecOps

Enabling Security Governance and Compliance in DevSecOps

Pluralsight: Fundamentals of DevSecOps

ادامه مطلب

In this course, you will learn to reverse engineer. That will allow you to protect intellectual property, find vulnerabilities, and pull apart malware. Join me in making the world a little safer. In the prior courses we learned there are 4 main techniques to secure code: design review, static analysis, manual audit, and dynamic (fuzz) testing. But, once the code is fielded, hackers will begin researching exploits against it. In this course, learn how and why compiled binaries are examined and scoured for weaknesses, and why reversing is also a required malware analysis skill and is sometimes needed for low-level developers working with undocumented APIs. After watching this course you’ll be familiar all of the above and with the popular IDA pro tool and how to use it. Download the IDA pro demo to complete the labs.

Syllabus

Using IDA Pro to Reverse Code

Learning x86 and Calling Conventions

Understanding C-to-Assembly and Compiled Structures

Patching a Compiled Binary

Reversing C++

Extending IDA with Scripts

Pluralsight: Security for Hackers and Developers

ادامه مطلب

A Splunk Enterprise Security (ES) Admin manages a Splunk Enterprise Security environment, including ES event processing and normalization, deployment requirements, technology add-ons, settings, risk analysis settings, threat intelligence and protocol intelligence configuration, and customization’s. This skill demonstrates an individual’s ability to install, configure, and manage a Splunk Enterprise Security deployment.

Syllabus

Splunk Enterprise Security: Big Picture

Planning, Deploying, and Configuring Splunk Enterprise Security

Managing Splunk Enterprise Security Data and Dashboards

Designing and Creating Add-ons for Splunk Enterprise Security

Tuning and Creating Correlation Searches in Splunk Enterprise Security

Configuring Threat Intelligence in Splunk Enterprise Security

Pluralsight: Splunk Enterprise Security Administration

ادامه مطلب

Threat Modeling aims to improve security through the practice of identifying threats, attacks vulnerabilities for the purpose of defining countermeasures to prevent or mitigate loss, damage or destruction of an application, system or data.

Syllabus

Threat Modeling Fundamentals

Performing Threat Modeling with the Microsoft Threat Modeling Methodology

Performing Threat Modeling with the OCTAVE Methodology

Performing Threat Modeling with the PASTA Methodology

Threat Modeling with the Microsoft Threat Modeling Tool

Building and Leading an Effective Threat Modeling Program

Pluralsight: Threat Modeling

ادامه مطلب

PHP is one of the most widely-used web programming languages in the world. In this course, you’ll learn to write more secure PHP code. Web applications are under attack every day. PHP, being one of the most widely-used programming languages on the web, is one of the main targets. Some oddities, especially those of older versions, facilitate some of the attacks. This course, PHP Web Application Security, helps developers to understand security risks, how vulnerabilities can be exploited, and how to avoid those attacks. First you’ll learn about how to defend against cross-site scripting, including new approaches such as content security policy. Next, you’ll learn about how cross-site request forgery works, why it works so well, and how you can implement protection using PHP. Finally, the course will wrap up by teaching you how to protect against SQL injection attacks, covering not only MySQL, but also other relevant databases PHP supports. By the end of this course, you’ll have the knowledge to anticipate and defend against the major threats against web applications today.

Syllabus

PHP Web Application Security

Input Validation

Cross-site Scripting (XSS)

SQL Injection

State Management

Cross-site Request Forgery (CSRF)

Storing Passwords

Error Handling

Conclusion

Pluralsight: Web Application Security

ادامه مطلب