Secure protocols and applications Course
1 hour, 5 minutes
Syllabus
DNS security
Video - 00:05:00
DNS is a crucial network service used by everybody to resolve names to IP addresses and as a result, it is a target for attackers. This episode also discusses other protocols such has Simple Network Management Protocol (SNMP) and Secure Shell (SSH).
FTP packet capture
Video - 00:03:00
FTP continues to be used for file transfers over the Internet, but it is inherently insecure. This episode also discusses how to harden the use of FTP by instead using secure variations such as SSH File Transfer Protocl (SFTP) and File Transfer Protocol, Secure (FTPS).
Secure web and e-mail
Video - 00:12:00
This episode covers how to harden Web and e-mail servers using load balancers, proxy servers and NAT. POP, IMAP, SMTP and S/MIME are also covered.
Request forgery attacks
Video - 00:05:00
Hijacked authenticated user sessions can result in Cross-Site Request Forgery (CSRF) attacks. This episode explains how these attacks occur and how they can be mitigated.
Cross-site scripting attacks
Video - 00:07:00
Web apps that do not properly validate or sanitize user-supplied input could be susceptible to Cross-Site Scripting (XSS) attacks.
Web application security
Video - 00:05:00
The OWASP Top 10 identifies common Web application attacks. This episode also discusses secure coding practices that should be applied to each system, or software, development life cycle, or SDLC phase.
OWASP Top 10
Video - 00:12:00
In this episode you will learn all about the OWASP Top 10.
Web app vulnerability scanning
Video - 00:06:00
This episode shows how specialized Web application vulnerability scanning tools can be used to identity security flaws in a Web application.
Chapter 11 exam question review
Video - 00:03:00
Connecting to any Internet resource commonly uses DNS to resolve host names to IP addresses. In this episode, the viewer is presented with a DNS scenario and must determine which type of attack has occurred.
OWASP ZAP web app scan lab
Video - 00:04:00
The OWASP to 10 is a list of the most common web application attacks. Using the OWASP Zed Attack Proxy (ZAP) provides a method for testing a web application for common vulnerabilities.
Chapter 11 Ask Me Anything (AMA)
Video - 00:02:00
Securing web applications involves not only IT administrators but also software developers. In this episode, Mike provides a distinction between input validation and input sanitization.
Unlock 7 days of free training
- 1,400+ hands-on courses and labs
- Certification practice exams
- Skill assessments
Plans & pricing
Infosec Skills Personal
$299 / year
- 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
- 100s of hands-on labs in cloud-hosted cyber ranges
- Custom certification practice exams (e.g., CISSP, Security+)
- Skill assessments
- Infosec peer community support
Infosec Skills Teams
$799 per license / year
- Team administration and reporting
- Dedicated client success manager
-
Single sign-on (SSO)
Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
-
Integrations via API
Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
- 190+ role-guided learning paths and assessments (e.g., Incident Response)
- 100s of hands-on labs in cloud-hosted cyber ranges
- Create and assign custom learning paths
- Custom certification practice exams (e.g., CISSP, CISA)
- Optional upgrade: Guarantee team certification with live boot camps
Learn about scholarships and financing with
Award-winning training you can trust
