Embark on a thorough exploration of cybersecurity & DevSecOps through our engaging online course. Dive into practical training, covering essential principles, security controls, ethical hacking, and secure DevOps practices. Acquire hands-on skills to navigate the dynamic field of information security. Join us in this educational journey and become proficient in the integration of cybersecurity and DevSecOps.
Introduction to Information Security and Security Principles
- The CIA Triad
- Security Principles
- Security Controls and Strategies
- Shift-left Security
- Administrative Segmentation
- Threat Modelling and Threat Intelligence
- Table-Top Tactics.
- Continuous Patching and Supply Chain Validation
- Encryption
- Login and Chaos Testing.
- Cybersecurity Laws, Regulations, Standards and Frameworks.
- Types of Hackers
- Hacktivism
- Patch Tuesday
- Exploit Thursday
- Zero Day Attack
- Common Vulnerabilities and Exposure details (CVE).
- CVE Identifiers – CVE identifiers uniquely identify security vulnerabilities.
- Common Vulnerability Scoring System (CVSS).
- Different types of Testing
- Legislations and Regulations in Information Security
Linux Fundamentals
- Introduction to Linux
- Different types of Linux Distro
- Importance of Kali Linux
- Accessing the Command Line
- Manage Files from the Command Line
- Create, View, and Edit Text Files
- Manage Local Users and Groups
- Control Access to Files
- Monitor and Manage Linux Processes
- Control Services and Daemons
- Manage Networking
- Archive and Transfer Files
- Install and Update Software Packages
- Manage Network Security
- I/O redirection
- Environment Variables
- Text Search and Manipulation
- Compare files: comm, diff, vimdiff
- Downloading files
- Netcat (Connect, Listen, transfer file, and remote administration).
Linux Services
- SSH Service Install and Configuration.
- FTP service Installation and configuration.
- HTTP service Installation and configuration
- HTTPS service install and configuration.
- SQL service install and configuration.
- Crud Application
Networking Fundamentals
- Introduction of Networks.
- Components of Data Communication.
- Network Topology.
- Computer Network Architecture
- Categories of Computer Networks.
- OSI Model.
- ICMP messages
- IPV4
- TCP and UDP messages
- Subnetting
- Routing
- Switching
- NAT
- VPN (SSL/TLS and IPSec).
- IDPS
- Firewall
Cryptography
- Introduction to Cryptography
- Introduction to Private Key Cryptography
- Introduction to Public Key Cryptography
- Introduction to Digital Signature
- Introduction to Hashing (Message Integrity)
Passive Information Gathering:
- Website Recon
- Whois Enumeration
- Netcraft
- Recon-ng
- User Information gathering
Active Information Gathering:
-
DNS Server Enumeration
-
- Reverse Lookup
- Forward Lookup
- DNS Zone transfer
-
-
Port scanning:
-
- Port scanning concepts.
- Ports scanning with NMAP
-
Vulnerability Scanning:
- How Vulnerability Scanning Works.
- Manual vs Automated Scanning.
- Internal and Internet scanning.
- Authenticated vs Unauthenticated scanning.
- Scanning with Nessus
- Scanning with NMAP
Password Attacks:
- Wordlists
- Brute force attacks
- SSH brute force
- HTTP post brute force.
- Web Application Security:
- Security Header Scanner
- SSL Server Test
- Server-side topics
- SQL injection
- Command Injection
- Broken Auth and Session Management
- IDOR (Insecure Direct Object Reference)
- Clear text transmission/ sensitive data exposure
- Authentication
- Path traversal
- File inclusion attack
- Business logic vulnerabilities
- Information disclosure
- Access control
- File upload vulnerabilities
- Server-side request forgery (SSRF)
- XXE injection
- Client-side topics
- Cross-site scripting (XSS)
- Cross-site request forgery (CSRF)
- Cross-origin resource sharing (CORS)
- Clickjacking
- DOM-based vulnerabilities
- HTTP Host header attacks
- API Security
Introduction to DevOps Security
- Security limitation of the DevOps
- The Need for DevSecOps
- Understanding DevSecOps
- Principles of DevSecOps
- Threat Modeling
DevSecOps Tools
- SAST (Sonar Cude)
- Secure coding (Github security)
- DAST (OWASP ZAP and Net security)
- Penetration testing (Burp Suite)
- Infra scan tools (Nessus)
- SCA (Retire JS)
- Container Security
- Aqua Microscanner (Securing containers)
- Anchore (Securing Containers)
- Monitoring (Nagios or Splunk)
- WAF
Security At design
- Key Security Principles
- Principle of Least Privilege (PoLP)
- Defense in Depth
- Fail-Safe Defaults
- Separation of Duties (SoD)
- Security through Obscurity
- Security in Commit
- Security in Acceptance
- Deployment Strategy
- Secrets Management
- Compliance
DevSecOps Pipeline and CI\CD Implementation
- The modules will mainly consist of the lab combining all the tools and concepts learned.
