Description:
In this 12-video course, learners will discover security aspects focusing on OWASP Top 10 2017 Item A3: Sensitive Data Exposure, Item A2: Broken Authentication and Item A1: Injection. Key concepts covered in this course include details about OWASP Top 10 2017 Item A3, sensitive data exposure, and how data are transmitted over networks; how to prevent sensitive data disclosure through mitigating and protecting; and how to enable BitLocker encryption for a web server disk volume. Next, learn details about OWASP Top 10 2017 Item A2, broken authentication, and learn how to secure authentication; observe how to enable multifactor authentication (MFA) for an Amazon Web Services user account; and learn how to retrieve sensitive data through password reset pages. Finally, learn details about OWASP Top 10 2017 Item A1, injection – how attackers feed malicious input to a web application; and how to validate user input before allowing submission for execution. The concluding exercise deals with how authentication can be hardened, how to list mitigations against SQL injection attacks, and how MFA enhances security.
Target Audience:
Duration: 00:43
Description:
Explore security aspects focusing on OWASP Top 10 2017 Item A6: Security Misconfiguration, Item A5: Broken Access Control, and Item A4: XML External Entities in this 11-video course. Key concepts covered in this course include details about OWASP Top 10 2017 Item A6, and how security misconfigurations can come in many different forms and on different levels of a web application ecosystem; and learning how security misconfigurations can be mitigated. Next, learn how to lock down anonymous cloud storage access; observe how to disable SSLv3 on web browsers and web servers; and learn details about OWASP Top 10 2017 Item A5 broken access control, and how broken access control can be mitigated. Learners will then observe how to use the Microsoft Azure Cloud computing environment to create a shared access signature to limit access to sensitive files. Finally, learn the details about OWASP Top 10 2017 Item A4 covering XML external entities and how XML external entity vulnerabilities can be mitigated.
Target Audience:
Duration: 00:47
Description:
In this 11-video course, learners will discover security aspects focusing on OWASP Top 10 2017 Item A9: Using Components with Known Vulnerabilities; Item A8: Insecure Deserialization; and Item A7: Cross-Site Scripting (XSS). Key concepts covered in this course include details about OWASP Top 10 2017 Item A9, dealing with known vulnerabilities, and examining different types of common vulnerabilities; and details about OWASP Top 10 2017 Item A8, which involves insecure deserialization and transmission of objects between network hosts programmatically, or storage of an object in a file, such as storing something in a web browser cookie. Next, learn how insecure deserialization can be mitigated by treating it as user input; learn how to secure traffic by encrypting it with IPSec to protect serialized data; and learn details about OWASP Top 10 2017 Item A7 relating to XSS and how XSS can be mitigated. Finally, you will learn to perform a fuzz test by using OWASP ZAP; and how to identify insecure components, serialization, and XSS.
Target Audience:
Duration: 00:38
Description:
A lack of log analysis and security event monitoring results in security breaches going undetected for long periods of time. Learners can explore aspects and recommendations focusing on OWASP Top 10 2017 item A10: Insufficient Logging and Monitoring, in this 10-video course. Key concepts covered here include the details of OWASP Top 10 Item A10, which deals with common logging security flaws and insufficient logging and monitoring; learning how to mitigate insufficient logging and monitoring with an incident response plan; and learning how to configure Windows Event Viewer log forwarding. Next, you will observe how to configure a Linux environment for centralized logging using rsyslog forwarding; how to build a custom Windows Event Viewer log view; and how to attach a PowerShell script to a specific logged event. Finally, learn how to use a Windows Data Collector Set to establish a performance baseline; and how to use the Windows Performance Monitor tool to create a performance baseline and identify performance anomalies which could indicate security compromises.
Target Audience:
Duration: 00:45
Description:
A number of high-level security controls such as web application firewalls and secure coding practices go a long way toward securing web applications. In this 10-video course, learners can explore vulnerability scanning and penetration testing tools and procedures. Key concepts covered in this course include learning to adhere to secure coding guidelines at all phases of the SDLC; how a web application firewall is much more of an in-depth solution for web application security than a traditional firewall; and how to configure a web application firewall for a Microsoft Azure web application. Next, learn why malicious users and ethical hackers perform network and vulnerability scans; learn the importance of conducting periodic penetration tests with the goal to exploit vulnerabilities to determine risk; how to perform a network scan by using Nmap, which identifies devices on the network. Conclude by observing how to perform a vulnerability scan using Nessus; and how to test the security of a web application with OWASP ZAP.
Target Audience:
Duration: 00:44
Description:
Web applications rely on numerous underlying infrastructure components, including public key infrastructure (PKI). Discover the overall web application ecosystem with a focus on the OWASP Top 10 2017. Key concepts covered in this 13-video course include how to identify common web application security issues and their impacts; how tools such as Nmap, Metasploit, and Nessus can be used for benign and malicious purposes; and how the OWASP Top 10 helps to secure web applications. Next, you will learn the OWASP security tools; how to identify common web application architecture and development techniques and the role that clients and servers play; and how TLS supersedes SSL and tools such as SSL Labs can test PKI implementations. Learners then observe how PKI certificates can enhance web application security; how to configure HTTPS bindings for Microsoft IIS websites; and how to configure Microsoft IIS websites to require client certificates. Finally, learn how to configure HTTPS bindings for Linux Apache websites, and how to scan a public Internet site's PKI configuration to determine the site's security posture.
Target Audience:
Duration: 01:01