Embark on a thorough exploration of cybersecurity & DevSecOps through our engaging online course. Dive into practical training, covering essential principles, security controls, ethical hacking, and secure DevOps practices. Acquire hands-on skills to navigate the dynamic field of information security. Join us in this educational journey and become proficient in the integration of cybersecurity and DevSecOps.
Introduction to Information Security and Security Principles
#yo3s4mzi1y
The CIA Triad
#4odiyjsqor
Security Principles
#02hpots6v2
Security Controls and Strategies
Shift-left Security
Administrative Segmentation
Threat Modelling and Threat Intelligence
Table-Top Tactics.
Continuous Patching and Supply Chain Validation
Encryption
Login and Chaos Testing.
Cybersecurity Laws, Regulations, Standards and Frameworks.
Types of Hackers
Hacktivism
Patch Tuesday
Exploit Thursday
Zero Day Attack
Common Vulnerabilities and Exposure details (CVE).
CVE Identifiers – CVE identifiers uniquely identify security vulnerabilities.
Common Vulnerability Scoring System (CVSS).
Different types of Testing
Legislations and Regulations in Information Security
Linux Fundamentals
Introduction to Linux
Different types of Linux Distro
Importance of Kali Linux
Accessing the Command Line
Manage Files from the Command Line
Create, View, and Edit Text Files
Manage Local Users and Groups
Control Access to Files
Monitor and Manage Linux Processes
Control Services and Daemons
Manage Networking
Archive and Transfer Files
Install and Update Software Packages
Manage Network Security
I/O redirection
Environment Variables
Text Search and Manipulation
Compare files: comm, diff, vimdiff
Downloading files
Netcat (Connect, Listen, transfer file, and remote administration).
Linux Services
SSH Service Install and Configuration.
FTP service Installation and configuration.
HTTP service Installation and configuration
HTTPS service install and configuration.
SQL service install and configuration.
Crud Application
Networking Fundamentals
Introduction of Networks.
Components of Data Communication.
Network Topology.
Computer Network Architecture
Categories of Computer Networks.
OSI Model.
ICMP messages
IPV4
TCP and UDP messages
Subnetting
Routing
Switching
NAT
VPN (SSL/TLS and IPSec).
IDPS
Firewall
Cryptography
Introduction to Cryptography
Introduction to Private Key Cryptography
Introduction to Public Key Cryptography
Introduction to Digital Signature
Introduction to Hashing (Message Integrity)
Passive Information Gathering:
Website Recon
Whois Enumeration
Netcraft
Recon-ng
User Information gathering
Active Information Gathering:
DNS Server Enumeration
Reverse Lookup
Forward Lookup
DNS Zone transfer
Port scanning:
Port scanning concepts.
Ports scanning with NMAP
Vulnerability Scanning:
How Vulnerability Scanning Works.
Manual vs Automated Scanning.
Internal and Internet scanning.
Authenticated vs Unauthenticated scanning.
Scanning with Nessus
Scanning with NMAP
Password Attacks:
Wordlists
Brute force attacks
SSH brute force
HTTP post brute force.
Web Application Security:
Security Header Scanner
SSL Server Test
Server-side topics
SQL injection
Command Injection
Broken Auth and Session Management
IDOR (Insecure Direct Object Reference)
Clear text transmission/ sensitive data exposure
Authentication
Path traversal
File inclusion attack
Business logic vulnerabilities
Information disclosure
Access control
File upload vulnerabilities
Server-side request forgery (SSRF)
XXE injection
Client-side topics
Cross-site scripting (XSS)
Cross-site request forgery (CSRF)
Cross-origin resource sharing (CORS)
Clickjacking
DOM-based vulnerabilities
HTTP Host header attacks
API Security
Introduction to DevOps Security
Security limitation of the DevOps
The Need for DevSecOps
Understanding DevSecOps
Principles of DevSecOps
Threat Modeling
DevSecOps Tools
SAST (Sonar Cude)
Secure coding (Github security)
DAST (OWASP ZAP and Net security)
Penetration testing (Burp Suite)
Infra scan tools (Nessus)
SCA (Retire JS)
Container Security
Aqua Microscanner (Securing containers)
Anchore (Securing Containers)
Monitoring (Nagios or Splunk)
WAF
Security At design
Key Security Principles
Principle of Least Privilege (PoLP)
Defense in Depth
Fail-Safe Defaults
Separation of Duties (SoD)
Security through Obscurity
Security in Commit
Security in Acceptance
Deployment Strategy
Secrets Management
Compliance
DevSecOps Pipeline and CI\CD Implementation
The modules will mainly consist of the lab combining all the tools and concepts learned.