Course

Secure Protocols and Applications

Having secure protocols can be used to protect the data in an organization’s network and secure applications can prevent security issues in the first place. Learn the basics of secure software and application development.

Syllabus

DNS security

Video — 00:05:10

DNS is a crucial network service used by everybody to resolve names to IP addresses and as a result, it is a target for attackers. This episode also discusses other protocols such has Simple Network Management Protocol (SNMP) and Secure Shell (SSH).

FTP packet capture

Video — 00:03:28

FTP continues to be used for file transfers over the Internet, but it is inherently insecure. This episode also discusses how to harden the use of FTP by instead using secure variations such as SSH File Transfer Protocol (SFTP) and File Transfer Protocol,

Secure web and e-mail

Video — 00:11:57

This episode covers how to harden Web and e-mail servers using load balancers, proxy servers and NAT. POP, IMAP, SMTP and S/MIME are also covered.

Request forgery attacks

Video — 00:04:56

Hijacked authenticated user sessions can result in Cross-Site Request Forgery (CSRF) attacks. This episode explains how these attacks occur and how they can be mitigated.

Cross-site scripting attacks

Video — 00:07:15

Web apps that do not properly validate or sanitize user-supplied input could be susceptible to Cross-Site Scripting (XSS) attacks.

Web application security

Video — 00:08:01

The OWASP Top 10 identifies common Web application attacks. This episode also discusses secure coding practices that should be applied to each system (or software) development life cycle (SDLC) phase.

Web app vulnerability scanning

Video — 00:05:43

This episode shows how specialized Web application vulnerability scanning tools can be used to identity security flaws in a Web application.

Exam question review

Video — 00:03:22

Connecting to any Internet resource commonly uses DNS to resolve host names to IP addresses. In this episode, the viewer is presented with a DNS scenario and must determine which type of attack has occurred.

OWASP ZAP web app scan lab

Video — 00:04:24

The OWASP to 10 is a list of the most common web application attacks. Using the OWASP Zed Attack Proxy (ZAP) provides a method for testing a web application for common vulnerabilities.

Ask me anything

Video — 00:02:00

Securing web applications involves not only IT administrators but also software developers. In this episode, Mike provides a distinction between input validation and input sanitization.

Security+ – Secure and Insecure Protocols

Lab — 00:30:00

Security by design is an approach to software and hardware development that aims to construct systems free of vulnerabilities by implementing best practices and safeguards. However, it is relatively new as a notion, and prior to it, the aim of software developers was more oriented in functionality than security. The same principle can be seen in protocols such as HTTP, FTP, or POP. Because they apply no data encryption, these protocols are often referred to as clear-text protocols. Anyone who is intercepting the traffic between two entities that communicate using clear-text protocols can see the data flowing through the network in plain text. These protocols gave rise to attacks such as Man-in-the-middle (a malicious actor impersonating legitimate users) and sensitive data exposure. To cover the security holes of clear-text protocols, versions that applied encryption to data were developed.

Meet the author

Mike Meyers, affectionately called the “Alpha Geek,” is the industry’s leading authority on CompTIA certifications. He is the president and co-founder of Total Seminars, LLC, a provider of PC and network repair seminars, books, videos and courseware for thousands of organizations throughout the world. Mike has been involved in the computer and network repair industry since 1987 as a technician, instructor, author, consultant and speaker. He has sold over a million IT and certification books, including the best-selling CompTIA A+ Certification All-in-One Exam Guide and CompTIA Network+ Certification All-in-One Exam Guide. He has personally taught thousands of students, including U.S. senators, U.S. Supreme Court Justices, members of the United Nation, every branch of the U.S. Armed Forces, many branches of the Department of Justice, hundreds of corporate clients and academic students at every level.

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments

You're in good company

CY

We use Infosec Skills to provide continuous training to our technicians and to prepare them for various certifications. Infosec Skills allows us to create personalized training programs that focus on each of our technicians’ particular roles and see their progress as they take courses. We also, recommend it to clients to make their IT support teams better.

Caleb Yankus

DS

This has been utilized to bridge the skills gap across our cyber team and to aid them as they prepare for their various certifications. It also has provided a nice learning foundation for our various cyber team members to utilize as we continue to find ways for cross-utilization with operations while minimizing the downtime needed to ensure everyone’s knowledge is the same.

Daniel Simpson

IS

We use Infosec Skills to provide base level knowledge for employees. We also use the services to provide in depth learning for employees as they encounter new technologies. If an employee is is assigned to a new project, we can rely on Infosec Skills to provide a rapid concentrated learning environment. This rapid concentrated learning positions our employees for success.

Infosec Skills Teams client

Plans & pricing

  • Infosec Skills Personal

    $299 / year

    • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
    • 100s of hands-on labs in cloud-hosted cyber ranges
    • Custom certification practice exams (e.g., CISSP, Security+)
    • Skill assessments
    • Infosec peer community support
  • Infosec Skills Teams

    $799 per license / year

    • Team administration and reporting
    • Dedicated client success manager
    • Single sign-on (SSO)
      Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
    • Integrations via API
      Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
    • 190+ role-guided learning paths and assessments (e.g., Incident Response)
    • 100s of hands-on labs in cloud-hosted cyber ranges
    • Create and assign custom learning paths
    • Custom certification practice exams (e.g., CISSP, CISA)
    • Optional upgrade: Guarantee team certification with live boot camps

Award-winning training that you can trust

Comprehensive Cybersecurity Training - Infosec Skills
Cybersecurity Education and Training Gold Award - Infosec IQ
Top Rated Award - Infosec Skills
Technical Skills Development - Small Business, Mid-Market
Top 20 Online Learning Library