Course

Secure protocols and applications

Having secure protocols can be used to protect the data in an organization’s network and secure applications can prevent security issues in the first place. Learn the basics of secure software and application development.

    Syllabus

  • Exam question review Video — 00:03:22
    • Connecting to any Internet resource commonly uses DNS to resolve host names to IP addresses. In this episode, the viewer is presented with a DNS scenario and must determine which type of attack has occurred.

  • Security+ – Secure and Insecure Protocols Lab — 00:30:00
    • Security by design is an approach to software and hardware development that aims to construct systems free of vulnerabilities by implementing best practices and safeguards. However, it is relatively new as a notion, and prior to it, the aim of software developers was more oriented in functionality than security. The same principle can be seen in protocols such as HTTP, FTP, or POP. Because they apply no data encryption, these protocols are often referred to as clear-text protocols. Anyone who is intercepting the traffic between two entities that communicate using clear-text protocols can see the data flowing through the network in plain text. These protocols gave rise to attacks such as Man-in-the-middle (a malicious actor impersonating legitimate users) and sensitive data exposure. To cover the security holes of clear-text protocols, versions that applied encryption to data were developed.

  • Web application security Video — 00:08:01
    • The OWASP Top 10 identifies common Web application attacks. This episode also discusses secure coding practices that should be applied to each system (or software) development life cycle (SDLC) phase.

  • Request forgery attacks Video — 00:04:56
    • Hijacked authenticated user sessions can result in Cross-Site Request Forgery (CSRF) attacks. This episode explains how these attacks occur and how they can be mitigated.

  • FTP packet capture Video — 00:03:28
    • FTP continues to be used for file transfers over the Internet, but it is inherently insecure. This episode also discusses how to harden the use of FTP by instead using secure variations such as SSH File Transfer Protocol (SFTP) and File Transfer Protocol, Secure (FTPS).

  • OWASP ZAP web app scan lab Video — 00:04:24
    • The OWASP to 10 is a list of the most common web application attacks. Using the OWASP Zed Attack Proxy (ZAP) provides a method for testing a web application for common vulnerabilities.

  • Web app vulnerability scanning Video — 00:05:43
    • This episode shows how specialized Web application vulnerability scanning tools can be used to identity security flaws in a Web application.

  • Cross-site scripting attacks Video — 00:07:15
    • Web apps that do not properly validate or sanitize user-supplied input could be susceptible to Cross-Site Scripting (XSS) attacks.

  • Secure web and e-mail Video — 00:11:57
    • This episode covers how to harden Web and e-mail servers using load balancers, proxy servers and NAT. POP, IMAP, SMTP and S/MIME are also covered.

  • DNS security Video — 00:05:10
    • DNS is a crucial network service used by everybody to resolve names to IP addresses and as a result, it is a target for attackers. This episode also discusses other protocols such has Simple Network Management Protocol (SNMP) and Secure Shell (SSH).

  • Ask me anything Video — 00:02:00
    • Securing web applications involves not only IT administrators but also software developers. In this episode, Mike provides a distinction between input validation and input sanitization.

Syllabus

Course description

You're in good company

CY

We use Infosec Skills to provide continuous training to our technicians and to prepare them for various certifications. Infosec Skills allows us to create personalized training programs that focus on each of our technicians’ particular roles and see their progress as they take courses. We also, recommend it to clients to make their IT support teams better.

Caleb Yankus

DS

This has been utilized to bridge the skills gap across our cyber team and to aid them as they prepare for their various certifications. It also has provided a nice learning foundation for our various cyber team members to utilize as we continue to find ways for cross-utilization with operations while minimizing the downtime needed to ensure everyone’s knowledge is the same.

Daniel Simpson

IS

We use Infosec Skills to provide base level knowledge for employees. We also use the services to provide in depth learning for employees as they encounter new technologies. If an employee is is assigned to a new project, we can rely on Infosec Skills to provide a rapid concentrated learning environment. This rapid concentrated learning positions our employees for success.

Infosec Skills Teams client

Plans & pricing

  • Infosec Skills Personal

    $299 / year

    • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
    • 100s of hands-on labs in cloud-hosted cyber ranges
    • Custom certification practice exams (e.g., CISSP, Security+)
    • Skill assessments
    • Infosec peer community support
  • Infosec Skills Teams

    $799 per license / year

    • Team administration and reporting
    • Dedicated client success manager
    • Single sign-on (SSO)
      Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
    • Integrations via API
      Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
    • 190+ role-guided learning paths and assessments (e.g., Incident Response)
    • 100s of hands-on labs in cloud-hosted cyber ranges
    • Create and assign custom learning paths
    • Custom certification practice exams (e.g., CISSP, CISA)
    • Optional upgrade: Guarantee team certification with live boot camps

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments

Award-winning training that you can trust

Comprehensive Cybersecurity Training - Infosec Skills
Cybersecurity Education and Training Gold Award - Infosec IQ
Top Rated Award - Infosec Skills
2021 G2 Summer - Leader - Tech Skills Dev, Online Course, eLearning Content
Top 20 Company - Online Learning Library