Learning Path

Web Server Protection

Learn how to implement and monitor the security of a web server or web application.

What you will learn

This learning path begins with necessary networking and infrastructure concepts, allowing you to apply those concepts to the design, preparation and installation of your platform. As you progress through the nine courses, you will build defense-in-depth skills that allow you to design or improve your platform defenses, and implement and maintain a monitoring strategy that fits your business needs.

Wistia video thumbnail


Introduction to the Web

Course — 01:57:34

K0061, K0221, K0395, K0470, K0471, K0491, K0565

Get an introduction to the web, how it works and the basic protocols required to use it.

Infrastructure Components

Course — 02:17:46

K0113, K0202, K0324, K0452, K0488, K0516, K0561, K0565, S0084

This serves as an introduction to some of the most common infrastructure components and how are they used for providing web server services.

Preparation – Design Considerations

Course — 01:09:11

K0011, K0057, K0170, K0180, K0286, K0322, K0333, K0491, K0516, K0560, S0152

Learn the basic considerations and implementation of diverse controls for web server platform design.

Preparation – Hardening

Course — 02:18:34

K0167, K0205, K0406, S0121

Learn what hardening is and identify the different components that require hardening.


Course — 01:42:41

K0132, K0412, S0120

Explore some of the common log formats and how to customize the web server configuration.

Command Line

Course — 02:18:36

K0129, K0318, S0019, S0267

Learn the purpose of some of the basic command-line tools and how to use them.

Web Application Firewalls

Course — 01:58:29

K0049, K0202, K0487, K0561, K0624, S0170

Learn about the different types of WAF configurations, as well as the OWASP CRS and its capabilities.


Course — 02:39:48

K0054, K0180, S0136, S0155

In this course, you’ll explore the different elements involved in planning the monitoring of a web server, as well as what to look for on the logs and alarms.

Active Defense

Course — 00:52:11

K0005, K0006, K0013, K0135

Understand how to deploy active defense mechanisms that would allow the web server to prevent or delay attacks.

Web Server Protection Skill Assessment

Assessment — 53 questions — 00:26:30

Meet the author

Manuel Leos Rivas earned a bachelor’s degree in Business Administration and Computer Systems Engineering at the Universidad Autónoma de Nuevo Leon in Mexico and a Master of Science in Information Security Engineering with focus on Incident Response at the SANS Technology Institute. He holds over 50 cybersecurity-related certifications from GIAC, CompTIA, isc2, and AWS, among others.

Manuel has worked in cybersecurity for over 20 years in four different countries. He started his career in IT/Information security in 2000 as Network and Firewall Administrator in Mexico. Later in 2007, he switched to information security as Security Analyst and compliance coordinator.

In 2011, he started working for Gemalto (now Thales DIS). Gemalto relocated Manuel to France as Solution Security Expert and a few years later to Canada to work as Cloud Security Engineer for Gemalto. At Gemalto, Manuel managed ModSecurity Web Applications Firewalls protecting over a thousand websites and applications. He implemented hardening and multiple SIEMs in highly secured environments for large multinational companies in diverse sectors like banking and mobile network operators.

Since 2016, Manuel has committed part of his time to improving the OWASP ModSecurity Core Rule Set as one of the OWASP CRS developers and contributed numerous improvements to the project.

AWS Canada hired Manuel in 2019 as Cloud Security Architect to provide professional services to Public Sector companies, including government, education, health, insurance, and power utilities.

In 2021 Manuel relocated to the United States of America to work for Backblaze as Cloud Security Architect.

The details

Learning path insights

How to claim CPEs

Should you complete this learning path, you’ll be able to download a certificate of completion. Use this to claim your CPEs or CPUs.

Associated NICE Work Roles

All Infosec training maps directly to the NICE Workforce Framework for Cybersecurity to guide you from beginner to expert across 52 Work Roles.

  • All-Source Analyst
  • Mission Assessment Specialist
  • Exploitation Analyst

No software. No set up. Unlimited access.

Skip the server racks and spin up a realistic environment with one click. Infosec Skills cyber ranges require no additional software, hardware or server space so your team can spend less time configuring environments and more time learning. Unlimited cyber range access is included in every lnfosec Skills subscription so your team can skill up however they learn best.

Plans & pricing

  • Infosec Skills Personal

    $299 / year

    • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
    • 100s of hands-on labs in cloud-hosted cyber ranges
    • Custom certification practice exams (e.g., CISSP, Security+)
    • Skill assessments
    • Infosec peer community support
  • Infosec Skills Teams

    $799 per license / year

    • Team administration and reporting
    • Dedicated client success manager
    • Single sign-on (SSO)
      Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
    • Integrations via API
      Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
    • 190+ role-guided learning paths and assessments (e.g., Incident Response)
    • 100s of hands-on labs in cloud-hosted cyber ranges
    • Create and assign custom learning paths
    • Custom certification practice exams (e.g., CISSP, CISA)
    • Optional upgrade: Guarantee team certification with live boot camps

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments

You're in good company


We use Infosec Skills to provide continuous training to our technicians and to prepare them for various certifications. Infosec Skills allows us to create personalized training programs that focus on each of our technicians’ particular roles and see their progress as they take courses. We also, recommend it to clients to make their IT support teams better.

Caleb Yankus


This has been utilized to bridge the skills gap across our cyber team and to aid them as they prepare for their various certifications. It also has provided a nice learning foundation for our various cyber team members to utilize as we continue to find ways for cross-utilization with operations while minimizing the downtime needed to ensure everyone’s knowledge is the same.

Daniel Simpson


We use Infosec Skills to provide base level knowledge for employees. We also use the services to provide in depth learning for employees as they encounter new technologies. If an employee is is assigned to a new project, we can rely on Infosec Skills to provide a rapid concentrated learning environment. This rapid concentrated learning positions our employees for success.

Infosec Skills Teams client