Overview
Overview
Introduction to Cyber Security and Penetration Testing
- Virtualization overview
- Demonstration of Kali Linux
- What is Risk?
- 5 Phases of Hacking
- TCP/IP and OSI model
Linux for Pentesters
- Linux Overview
- Footprinting Concepts
Information Gathering and NMAP Scanning
- Maltego Overview :
- Nikto Overview :
- Dirbuster Overview :
- NMAP : Scanning the Network :
Networking and Scanning Methods
- Nessus vulnerability assessment
- Netcat for Pentester
- Wireshark ยท Go Deep.
Burp Suite – Application Security Testing Software
- Introduction to Burp suite
- Website Fundamentals
Introduction to WAPT (Web Application Penetration Testing)
- Basic Overview of OWASP Projects
- THC-Hydra overview
Basic Overview of Command Injection, File upload Vulnerability
- Command Injection vulnerability :
- File Uploads Vulnerability :
SQL injection, XSS attacks :
- What is SQL Injection Vulnerability?
- Practical with SQLMAP
- What is XSS?
- Types of XSS
Information Security Compliance, Python For Offensive PenTest
- Python For Offensive PenTest
- VAPT Life Cycle
- HIPAA Privacy
Information security compliance and management
- ISMS 27001 Risk Management
- NIST Cyber Framework
- HiTrust Compliance.
OS Hardening and Linux Security
-
- OS Compliance
- Vulnerability scan with Nessus/ Nexpose
- Intro to CIS Benchmarks
- CIS Controls
- Account Security
- PAM
- Password Security
- User-level Access Management
- Security by Account Type
- Network Security
- Network Security Basics
- Securing SSHD
- Linux Firewall Fundamentals
- Configuring the Firewall from the Command Line
- SELinux
- Port Scanning
- Application and Filesystem Security
- File and Directory Permissions
- Special Modes – Sticky Bits and SUID
- File Attributes
- ACLs
- Rootkits
- OS Patching and vulnerability management with yum
- Logging and Auditing
- Linux OS logs – dmesg, btmp, wtmp, messages and access logs
- Audit
- Automated server hardening with Ansible
- OS Compliance
AWS Cloud Security
-
- Access Control and Management
- IAM
- MFA
- Identity Federation
- Network Security, Logging, Encryption, and Application security
- NaCl and VPC Security
- AWS WAF & Shield
- CloudTrail
- KMS
- Governance, Risk Management, and Compliance
- Guard duty
- AWS Inspector
- AWS Config
- AWS Security Hub
- Data Protection and secrets management
- S3 security
- DynamoDB security
- Secrets Manager
- Access Control and Management
Compliance as Code and monitoring
-
- Intro to Compliance as Code and policy enforcement
- Sentinel
- Inspec
- Intro to Dashboards and Automated Vulnerability Detection
- Archery
- Intro to Compliance as Code and policy enforcement
Container Security
-
- Securing Docker
- Docker Namespaces
- Control groups and Docker
- Using AppArmor profiles
- Using seccomp profiles
- Using capabilities
- Container Security Monitoring
- Monitor Container Security Parameters with OSQuery
- Compliance and monitoring with Falco
- Container Vulnerability Scanning and Audit
- Static Analysis – Container Security Scanning
- Intro to Clair / Anchor
- Intro to Docker-Bench
- Docker Runtime Security
- Twistlock
- Securing Docker
DevSecOps – Build & Deployment Security
Burp Suite Recap
Burp suite Spider
Burp Suite Intruder
Burp Suite Repeater
LFI and Directory Traversal attacks
LFI – Local File inclusion
Directory traversal
DevOps Recap & Security Challenges
DevOps:
Security Challenges in DevOps.
Deployment Strategies & Security in Pre-Commit
Deployment Strategies (Blue/Green)
Shift Left
Security in Pre-Commit
Security in Commit
SAST & Component Analysis
SonarQube
Jenkins tutorials
- What is Jenkins?
- What is CI/CD pipeline?
DAST & OWASP ZAP
DAST & Security Acceptance Testing
OWASP ZAP
Quick Recap for DAST
Quick recap
Some Quick Questions
CTF and Bonus section
Quick recap
CTF (Capture the Flag)
Some Quick Questions
Course Features
- Lectures 20
- Quizzes 0
- Duration 60 hours
- Language English
- Students 237
- Assessments Yes
Curriculum
Curriculum
-
Introduction to Cyber Security and Penetration Testing
L
-
Linux for Pentesters
-
Information Gathering and NMAP Scanning
-
Networking and Scanning Methods
-
Burp Suite - Application Security Testing Software
-
Introduction to WAPT (Web Application Penetration Testing)
-
Basic Overview of Command Injection, File upload Vulnerability
-
SQL injection, XSS attacks
-
Information Security Compliance, Python For Offensive PenTest
-
Information security compliance and management
-
Burp Suite Recap
-
LFI and Directory Traversal Attack
-
Devsecops Recap
-
Security in Pre-Commit
-
Security in Commit
-
CI/CD Integrations
-
Security in Acceptance
-
SonarQube and Jenkins Integration
-
Quick Recap for DAST
-
CTF and Bonus Sections
Instructor
Instructor
