Syllabus
DNS security
Video — 00:05:10
DNS is a crucial network service used by everybody to resolve names to IP addresses and as a result, it is a target for attackers. This episode also discusses other protocols such has Simple Network Management Protocol (SNMP) and Secure Shell (SSH).
FTP packet capture
Video — 00:03:28
FTP continues to be used for file transfers over the Internet, but it is inherently insecure. This episode also discusses how to harden the use of FTP by instead using secure variations such as SSH File Transfer Protocol (SFTP) and File Transfer Protocol,
Secure web and e-mail
Video — 00:11:57
This episode covers how to harden Web and e-mail servers using load balancers, proxy servers and NAT. POP, IMAP, SMTP and S/MIME are also covered.
Request forgery attacks
Video — 00:04:56
Hijacked authenticated user sessions can result in Cross-Site Request Forgery (CSRF) attacks. This episode explains how these attacks occur and how they can be mitigated.
Cross-site scripting attacks
Video — 00:07:15
Web apps that do not properly validate or sanitize user-supplied input could be susceptible to Cross-Site Scripting (XSS) attacks.
Web application security
Video — 00:08:01
The OWASP Top 10 identifies common Web application attacks. This episode also discusses secure coding practices that should be applied to each system (or software) development life cycle (SDLC) phase.
Web app vulnerability scanning
Video — 00:05:43
This episode shows how specialized Web application vulnerability scanning tools can be used to identity security flaws in a Web application.
Exam question review
Video — 00:03:22
Connecting to any Internet resource commonly uses DNS to resolve host names to IP addresses. In this episode, the viewer is presented with a DNS scenario and must determine which type of attack has occurred.
OWASP ZAP web app scan lab
Video — 00:04:24
The OWASP to 10 is a list of the most common web application attacks. Using the OWASP Zed Attack Proxy (ZAP) provides a method for testing a web application for common vulnerabilities.
Ask me anything
Video — 00:02:00
Securing web applications involves not only IT administrators but also software developers. In this episode, Mike provides a distinction between input validation and input sanitization.
Security+ – Secure and Insecure Protocols
Lab — 00:30:00
Security by design is an approach to software and hardware development that aims to construct systems free of vulnerabilities by implementing best practices and safeguards. However, it is relatively new as a notion, and prior to it, the aim of software developers was more oriented in functionality than security. The same principle can be seen in protocols such as HTTP, FTP, or POP. Because they apply no data encryption, these protocols are often referred to as clear-text protocols. Anyone who is intercepting the traffic between two entities that communicate using clear-text protocols can see the data flowing through the network in plain text. These protocols gave rise to attacks such as Man-in-the-middle (a malicious actor impersonating legitimate users) and sensitive data exposure. To cover the security holes of clear-text protocols, versions that applied encryption to data were developed.

Meet the author
Mike Meyers, affectionately called the “Alpha Geek,” is the industry’s leading authority on CompTIA certifications. He is the president and co-founder of Total Seminars, LLC, a provider of PC and network repair seminars, books, videos and courseware for thousands of organizations throughout the world. Mike has been involved in the computer and network repair industry since 1987 as a technician, instructor, author, consultant and speaker. He has sold over a million IT and certification books, including the best-selling CompTIA A+ Certification All-in-One Exam Guide and CompTIA Network+ Certification All-in-One Exam Guide. He has personally taught thousands of students, including U.S. senators, U.S. Supreme Court Justices, members of the United Nation, every branch of the U.S. Armed Forces, many branches of the Department of Justice, hundreds of corporate clients and academic students at every level.
Unlock 7 days of free training
- 1,400+ hands-on courses and labs
- Certification practice exams
- Skill assessments
You're in good company
We use Infosec Skills to provide continuous training to our technicians and to prepare them for various certifications. Infosec Skills allows us to create personalized training programs that focus on each of our technicians’ particular roles and see their progress as they take courses. We also, recommend it to clients to make their IT support teams better.
Caleb Yankus
This has been utilized to bridge the skills gap across our cyber team and to aid them as they prepare for their various certifications. It also has provided a nice learning foundation for our various cyber team members to utilize as we continue to find ways for cross-utilization with operations while minimizing the downtime needed to ensure everyone’s knowledge is the same.
Daniel Simpson
We use Infosec Skills to provide base level knowledge for employees. We also use the services to provide in depth learning for employees as they encounter new technologies. If an employee is is assigned to a new project, we can rely on Infosec Skills to provide a rapid concentrated learning environment. This rapid concentrated learning positions our employees for success.
Infosec Skills Teams client
Plans & pricing
-
Infosec Skills Personal
- 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
- 100s of hands-on labs in cloud-hosted cyber ranges
- Custom certification practice exams (e.g., CISSP, Security+)
- Skill assessments
- Infosec peer community support
-
Infosec Skills Teams
- Team administration and reporting
- Dedicated client success manager
-
Single sign-on (SSO)
Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
-
Integrations via API
Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
- 190+ role-guided learning paths and assessments (e.g., Incident Response)
- 100s of hands-on labs in cloud-hosted cyber ranges
- Create and assign custom learning paths
- Custom certification practice exams (e.g., CISSP, CISA)
- Optional upgrade: Guarantee team certification with live boot camps
Award-winning training that you can trust




