Ethical Hacker Foundation and Security Analysts Course Semester 2

Transcription

1 Brochure Software Education Ethical Hacker Foundation and Security Analysts Course Semester 2 The Security Management Course is a graduate-level foundation course in the Information Security space.

2 Brochure Ethical Hacker Foundation and Security Analysts Course Semester 2 Ethical Hacker Foundation and Security Analysts Course Semester 2 The course covers the basic concepts, principles, and fundamental approaches to secure computers, applications, and networks, which are the foundations of the Ethical Hacking and Security Management course. Security Management Course at a Glance: This course is intended for: Participants interested in understanding and applying concepts of Security and its management to real-world applications Job seekers in the Security Tester, Ethical Hacker, and Security Analyst fields At the end of both semesters, participants will be able to understand the following: End-to-End Security Management Risk Assessment Software Application Security Database Security Cryptography Algorithms and Protocols Malware Network Threats and Defenses Web Security Mobile Security Legal and Ethical Issues and Privacy Course Objectives At the end of the course, you should be able to: Describe the cryptography algorithms and protocols used in Security Management Explain security incident and event management Define various network threats and defenses Explain web security and web application scanners Describe mobile security Prerequisites/Recommended Skills Participants should have: Taken an undergraduate level course on, or be otherwise familiar with, operating systems and networks Prior programming experience with C, Java, and.net are recommended Basic Linux, Windows, HTTP, and database knowledge Completed the Security Management Semester 1 course A Windows desktop or server or laptop with a minimum of 6 GB to 8 GB RAM to load two VMs (Windows and Linux VM); disk space of a minimum 75 GB is required with respect to the hardware prerequisites. This course uses Micro Focus software tools and some freeware tools for demonstrations and labs. 2

3 Course Topics Modules Objectives Module 1 Cryptography Encryption/Decryption Encryption/Decryption Definition Encryption History Encryption Basics Types of Cryptography Hash Functions Hash Function Properties Hash Function Example Symmetric Encryption Asymmetric Encryption Attacks on Encryption Module 2 Web Security using Micro Focus Fortify WebInspect How the Web Works Cookies The Web and Security Attacks on the Web Cross Site Scripting (XSS) Cross Site Scripting Example XSS Consequences XSRF Cross Site Request Forgery XSRF Example XSS vs. XSRF Structured Query Language SQL Injection Attacks Web Application Scanner Using Fortify WebInspect Application Security Testing SAST versus DAST in the SDLC Fortify WebInspect and HTTP Protocol Server Response Status Codes Scan Policy Vulnerability Evaluation Reporting Module 3 Security Protocols Why Security Protocols? Authentication Protocols Mutual Authentication Shared Secret Mutual Authentication Simplified Mutual Authentication Reflection Attack Key Exchange Protocols Session Keys Key Distribution Centre Exchanging Public Key Certificate Kerberos PGP (Pretty Good Privacy) SSL (Secure Sockets Layer) Continued on the next page 3

4 Brochure Ethical Hacker Foundation and Security Analysts Course Semester 2 Modules Objectives Module 3 Security Protocols continued SSH (Secure Shell) Module 4 Types of Attacks Module 5 End to End Security Management Platform using Micro Focus ArcSight SCP (Secure CoPy) and SFTP (Secure File Transfer Protocol) IPSec (Internet Protocol Security) DoS Attacks Ping Flood Ping of Death Port Scanning ARP Spoofing ACK Flood FTP Bounce Attack TCP Session Hijacking Man-In-The-Middle Attack Social Engineering Attacks OS Finger Printing Stealth Scan Key-Loggers ICMP Tunneling LOKI Attack TCP Sequence Attack CAM Table Overflow What Is the ArcSight Portfolio? Importance of the ArcSight Portfolio in Corporations ESM and Logger Management Center Security Information and Event Management Concepts User Behavior Analysis (UBA) Features DNS Malware Analytics (DMA) Features Reporting **Because Micro Focus ArcSight requires a high-end hardware configuration, some of the features will be shown in a demo mode due to limitations. In addition to the Micro Focus software tools, this course also covers demonstrations and labs using the following freeware: CentOS GUI LAMP stack Linux/Apache/Mysql/PHP Burpsuite portswigger DVWA tool XVWA tool NMAP on Linux NJRAT (Trojan) CRYTTOOLS About Micro Focus Micro Focus is a global software company with 40 years of experience in delivering and supporting enterprise software solutions that help customers innovate faster with lower risk. By applying proven expertise in software and security, we enable customers to utilize new technology solutions while maximizing the value of their investments in critical IT infrastructure and business applications. As a result, they can build, operate and secure the IT systems that bring together current business logic and applications with emerging technologies in essence, bridging the old and the new to meet their increasingly complex business demands. 4

5 Additional contact information and office locations: H 02/ Micro Focus. All rights reserved. Micro Focus and the Micro Focus logo, among others, are trademarks or registered trademarks of Micro Focus or its subsidiaries or affiliated companies in the United Kingdom, United States and other countries. All other marks are the property of their respective owners.