20 Penetration Testing courses in Swanley delivered Live Online

Duration 5 Days 30 CPD hours This course is intended for IS Security Owners Security Officers Ethical Hackers Information Owners Penetration Testers System Owners and Managers Cyber Security Engineers Overview Upon completion, the Certified Professional Ethical Hacker candidate will be able to competently take the C)PEH exam. To protect an information system you need to be able to see that system through the eyes of the attacker.ÿThe Certified Professional Ethical Hackerÿcertification course is the foundational training to Mile2?s line of penetration testing courses because it teaches you to think like a hacker.ÿ Therefore, you can set up dynamic defenses to prevent intrusion. First, you will learn the value of vulnerability assessments.ÿ Then, you will discover how to use those assessments to make powerful changes in an information system?s security. Additionally, you will learn how malware and destructive viruses function and how to implement counter response and preventative measures when it comes to a network hack. Course Introduction Introduction to Ethical Hacking Linux Fundamentals Protocols Cryptography Password Cracking Malware Security Devices Information Gathering ? Passive Reconnaissance Social Engineering Active Reconnaissance Vulnerability Assessment Network Attacks Hacking Servers Hacking Web Technologies Hacking Wireless Technologies Maintaining Access and Covering Tracks

Duration 5 Days 30 CPD hours This course is intended for Coders Web Application Engineers IS Managers Application Engineers Developers Programmers Overview Upon completion, Certified Secure Web Application Engineer students will be able to establish industry acceptable auditing standards with current best practices and policies. Students will also be prepared to competently take the CSWAE exam. Secure Web Application Engineers work to design information systems that are secure on the web. Organizations and governments fall victim to internet-based attacks every day. In many cases, web attacks could be thwarted but hackers, organized criminal gangs, and foreign agents are able to exploit weaknesses in web applications. The Secure Web programmer knows how to identify, mitigate and defend against all attacks through designing and building systems that are resistant to failure. With this course you will learn how to develop web applications that aren?t subject to common vulnerabilities, and how to test and validate that their applications are secure, reliable and resistant to attack. Course Outline Web Application Security OWASP Top 10 Threat Modeling & Risk Management Application Mapping Authentication and Authorization Attacks Session Management Attacks Application Logic Attacks Data Validation AJAX Attacks Code Review And Security Testing Web Application Penetration Testing Secure SDLC Cryptography Additional course details: Nexus Humans Certified Secure Web Application Engineer training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the Certified Secure Web Application Engineer course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

Duration 4 Days 24 CPD hours This course is intended for This is an intermediate-level programming course, designed for experienced .Net developers who wish to get up and running on developing well defended software applications. Real world programming experience with .Net is required. Overview Students who attend Attacking and Securing .Net Web Applications will leave the course armed with the skills required to recognize actual and potential software vulnerabilities and implement defenses for those vulnerabilities. This course begins by developing the skills required to fingerprint a web application and then scan it for vulnerabilities and bugs. Practical labs using current tools and techniques provide students with the experience needed to begin testing their own applications. Students also gain a deeper understanding of how attackers probe applications to understand the runtime environment as well as find potential weaknesses. This course the introduces developers to the most common security vulnerabilities faced by web applications today. Each vulnerability is examined from a .Net perspective through a process of describing the threat and attack mechanisms, recognizing associated vulnerabilities, and, finally, designing, implementing effective defenses. Practical labs reinforce these concepts with real vulnerabilities and attacks. Students are then challenged to design and implement the layered defenses they will need in defending their own applications. There is an emphasis on the underlying vulnerability patterns since the technologies, use cases, and methods of attack as constantly changing. The patterns remain the same through all the change and flux. This 'skills-centric' course is about 50% hands-on lab and 50% lecture, designed to train attendees in secure web application development, coding and design, coupling the most current, effective techniques with the soundest industry practices. Our instructors and mentors are highly experienced practitioners who bring years of current 'on-the-job' experience into every classroom. This lab-intensive course provides hands-on .Net security training that offers a unique look at .Net application security. Beginning with penetration testing and hunting for bugs in .Net web applications, you thoroughly examine best practices for defensively coding web applications, covering all the OWASP Top Ten as well as several additional prominent vulnerabilities. You will repeatedly attack and then defend various assets associated with fully functional web applications and services, driving home the mechanics of how to secure .Net web applications in the most practical of terms. Bug Hunting Foundation Why Hunt Bugs? Safe and Appropriate Bug Hunting/Hacking Scanning Web Applications Scanning Applications Overview Moving Forward from Hunting Bugs Removing Bugs Foundation for Securing Applications Principles of Information Security Bug Stomping 101 Unvalidated Data Injection Broken Authentication Sensitive Data Exposure XML External Entities (XXE) Broken Access Control Bug Stomping 102 Security Misconfiguration Cross Site Scripting (XSS) Deserialization/Vulnerable Components Insufficient Logging and Monitoring Spoofing, CSRF, and Redirects Moving Forward with Application Security Applications: What Next? .NET Issues and Best Practices Making Application Security Real Time Permitting Topics Cryptography Overview .NET Cryptographic Services

Duration 4 Days 24 CPD hours This course is intended for This is an intermediate -level programming course, designed for experienced Java developers who wish to get up and running on developing well defended software applications. Familiarity with Java and JEE is required and real world programming experience is highly recommended. Ideally students should have approximately 6 months to a year of Java and JEE working knowledge. Overview Students who attend Attacking and Securing Java Web Applications will leave the course armed with the skills required to recognize actual and potential software vulnerabilities and implement defenses for those vulnerabilities. This course begins by developing the skills required to fingerprint a web application and then scan it for vulnerabilities and bugs. Practical labs using current tools and techniques provide students with the experience needed to begin testing their own applications. Students also gain a deeper understanding of how attackers probe applications to understand the runtime environment as well as find potential weaknesses. This course the introduces developers to the most common security vulnerabilities faced by web applications today. Each vulnerability is examined from a Java/JEE perspective through a process of describing the threat and attack mechanisms, recognizing associated vulnerabilities, and, finally, designing, implementing, and testing effective defenses. Practical labs reinforce these concepts with real vulnerabilities and attacks. Students are then challenged to design and implement the layered defenses they will need in defending their own applications. There is an emphasis on the underlying vulnerability patterns since the technologies, use cases, and methods of attack as constantly changing. The patterns remain the same through all the change and flux. This 'skills-centric' course is about 50% hands-on lab and 50% lecture, designed to train attendees in secure web application development, coding and design, coupling the most current, effective techniques with the soundest industry practices. Our engaging instructors and mentors are highly experienced practitioners who bring years of current 'on-the-job' experience into every classroom. This lab-intensive course provides hands-on Java / JEE security training that offers a unique look at Java application security. Beginning with penetration testing and hunting for bugs in Java web applications, you embrace best practices for defensively coding web applications, covering all the OWASP Top Ten as well as several additional prominent vulnerabilities. You will repeatedly attack and then defend various assets associated with fully functional web applications and services, allowing you to experience the mechanics of how to secure JEE web applications in the most practical of terms. Bug Hunting Foundation Why Hunt Bugs? Safe and Appropriate Bug Hunting/Hacking Scanning Web Applications Scanning Applications Overview Moving Forward from Hunting Bugs Removing Bugs Foundation for Securing Applications Principles of Information Security Bug Stomping 101 Unvalidated Data Broken Authentication Sensitive Data Exposure XML External Entities (XXE) Broken Access Control Bug Stomping 102 Security Misconfiguration Cross Site Scripting (XSS) Deserialization/Vulnerable Components Insufficient Logging and Monitoring Spoofing, CSRF, and Redirects Moving Forward with Application Security Applications: What Next? Making Application Security Real

Duration 5 Days 30 CPD hours This course is intended for Security Professionals Incident Handling Professionals Anyone in a Security Operations Center Forensics Experts Cybersecurity Analysts Overview Our Certified Cyber Security Analyst course helps you prepare an organization to create a complete end to end solution for proactively monitoring, preventing, detecting, and mitigating threats as they arise in real time. Do not fool yourself, this course is far more advanced than you may expect. It is fast paced and thorough, so you can enjoy a well-rounded experience. Be ready to dig deep into the details of security analysis for today's needs. When we are done you will be able to setup and deploy state of the art open source and for purchase analysis tools, intrusion detection tools, syslog servers, SIEMs, along with integrating them for the entire company to find and an many cases prevent today's exploits. This course maps to the mile2 Certified Cyber Security Analyst Exam as well as the CompTIA CySA+CS0-001 certification exam. Our Certified Cyber Security Analyst course helps you prepare an organization to create a complete end to end solution for proactively monitoring, preventing, detecting, and mitigating threats as they arise in real time.Do not fool yourself, this course is far more advanced than you may expect. It is fast paced and thorough, so you can enjoy a well-rounded experience. Be ready to dig deep into the details of security analysis for today?s needs.When we are done you will be able to setup and deploy state of the art open source and for purchase analysis tools, intrusion detection tools, syslog servers, SIEMs, along with integrating them for the entire company to find and an many cases prevent today?s exploits.This course maps to the mile2 Certified Cyber Security Analyst Exam as well as the CompTIA CySA+CS0-001 certification exam. Blue Team?Principles Network Architecture?and how it lays the groundwork Defensive Network Security Data Locations?and how they tie together Security?Operations?Center The People, Processes, and Technology Triage and Analysis Digital Forensics Incident Handling Vulnerability Management Automation, Improvement, and Tuning Digital?Forensics Investigative Theory and?Processes Digital Acquisition Evidence Protocols Evidence Presentation Computer Forensics?Laboratory Protocols Processing Techniques Specialized?Artifacts Advanced Forensics for Today?s?Exploitations Malware Analysis Creating the Safe Environment Static Analysis Dynamic Analysis Behavior Based Analysis What is different about?Ransomware? Manual Code Reversing Traffic Analysis Manual Analysis Principles Automated?Analysis Principles Signatures?compared to?Behaviors Application Protocols Analysis Principles Networking Forensics Assessing the Current State of Defense with the?Organization Network Architecture and Monitoring Endpoint Architecture and Monitoring Automation, Improvement, and continuous?monitoring Leveraging SIEM for Advanced Analytics Architectural Benefits Profiling and?Baselining Advanced Analytics Defeating the Red Team with Purple Team tactics Penetration Testing?with full knowledge Reconnaissance Scanning Enumeration Exploitation Lateral Movement Additional course details: Nexus Humans C)CSA: Cybersecurity Analyst Mile 2 training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the C)CSA: Cybersecurity Analyst Mile 2 course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

Duration 4 Days 24 CPD hours This course is intended for Students in this course are interested in designing and implementing DevOps processes or in passing the Microsoft Azure DevOps Solutions certification exam. This course provides the knowledge and skills to design and implement DevOps processes and practices. Students will learn how to plan for DevOps, use source control, scale Git for an enterprise, consolidate artifacts, design a dependency management strategy, manage secrets, implement continuous integration, implement a container build strategy, design a release strategy, set up a release management workflow, implement a deployment pattern, and optimize feedback mechanisms Prerequisites Successful learners will have prior knowledge and understanding of: Cloud computing concepts, including an understanding of PaaS, SaaS, and IaaS implementations. Both Azure administration and Azure development with proven expertise in at least one of these areas. Version control, Agile software development, and core software development principles. It would be helpful to have experience in an organization that delivers software. AZ-104T00 - Microsoft Azure Administrator AZ-204T00: Developing Solutions for Microsoft Azure 1 - Introduction to DevOps What is DevOps? Explore the DevOps journey Identify transformation teams Explore shared goals and define timelines 2 - Choose the right project Explore greenfield and brownfield projects Decide when to use greenfield and brownfield projects Decide when to use systems of record versus systems of engagement Identify groups to minimize initial resistance Identify project metrics and key performance indicators (KPIs) 3 - Describe team structures Explore agile development practices Explore principles of agile development Define organization structure for agile practices Explore ideal DevOps team members Enable in-team and cross-team collaboration Select tools and processes for agile practices 4 - Choose the DevOps tools What is Azure DevOps? What is GitHub? Explore an authorization and access strategy Migrate or integrate existing work management tools Migrate or integrate existing test management tools Design a license management strategy 5 - Plan Agile with GitHub Projects and Azure Boards Link GitHub to Azure Boards Configure GitHub Projects Manage work with GitHub Project boards Customize Project views Collaborate using team discussions Agile Plan and Portfolio Management with Azure Boards 6 - Introduction to source control Explore DevOps foundational practices What is source control? Explore benefits of source control Explore best practices for source control 7 - Describe types of source control systems Understand centralized source control Understand distributed source control Explore Git and Team Foundation Version Control Examine and choose Git Understand objections to using Git Describe working with Git locally 8 - Work with Azure Repos and GitHub Migrate from TFVC to Git Use GIT-TFS Develop online with GitHub Codespaces 9 - Structure your Git Repo Explore monorepo versus multiple repos Implement a change log 10 - Manage Git branches and workflows Explore branch workflow types Explore feature branch workflow Explore Git branch model for continuous delivery Explore GitHub flow Explore fork workflow Version Control with Git in Azure Repos 11 - Collaborate with pull requests in Azure Repos Collaborate with pull requests Examine GitHub mobile for pull request approvals 12 - Identify technical debt Examine code quality Examine complexity and quality metrics Measure and manage technical debt Integrate other code quality tools Plan effective code reviews 13 - Explore Git hooks Implement Git hooks 14 - Plan foster inner source Explore foster inner source Implement the fork workflow Describe inner source with forks 15 - Manage Git repositories Work with large repositories Purge repository data Manage releases with GitHub Repos Automate release notes with GitHub 16 - Explore Azure Pipelines Explore the concept of pipelines in DevOps Describe Azure Pipelines Understand Azure Pipelines key terms 17 - Manage Azure Pipeline agents and pools Choose between Microsoft-hosted versus self-hosted agents Explore job types Explore predefined agent pool Understand typical situations for agent pools Communicate with Azure Pipelines Communicate to deploy to target servers Examine other considerations Describe security of agent pools Configure agent pools and understanding pipeline styles 18 - Describe pipelines and concurrency Understand parallel jobs Estimate parallel jobs Describe Azure Pipelines and open-source projects Explore Azure Pipelines and Visual Designer Describe Azure Pipelines and YAML 19 - Explore continuous integration Learn the four pillars of continuous integration Explore benefits of continuous integration Describe build properties Enable Continuous Integration with Azure Pipelines 20 - Implement a pipeline strategy Configure agent demands Implement multi-agent builds Explore source control types supported by Azure Pipelines 21 - Integrate with Azure Pipelines Describe the anatomy of a pipeline Understand the pipeline structure Detail templates Explore YAML resources Use multiple repositories in your pipeline 22 - Introduction to GitHub Actions What are Actions? Explore Actions flow Understand workflows Describe standard workflow syntax elements Explore events Explore jobs Explore runners Examine release and test an action 23 - Learn continuous integration with GitHub Actions Describe continuous integration with actions Examine environment variables Share artifacts between jobs Examine Workflow badges Describe best practices for creating actions Mark releases with Git tags Create encrypted secrets Use secrets in a workflow Implement GitHub Actions for CI/CD 24 - Design a container build strategy Examine structure of containers Work with Docker containers Understand Dockerfile core concepts Examine multi-stage dockerfiles Examine considerations for multiple stage builds Explore Azure container-related services Deploy Docker containers to Azure App Service web apps 25 - Introduction to continuous delivery Explore traditional IT development cycle What is continuous delivery? Move to continuous delivery Understand releases and deployments Understand release process versus release 26 - Create a release pipeline Describe Azure DevOps release pipeline capabilities Explore release pipelines Explore artifact sources Choose the appropriate artifact source Examine considerations for deployment to stages Explore build and release tasks Explore custom build and release tasks Explore release jobs Configure Pipelines as Code with YAML 27 - Explore release recommendations Understand the delivery cadence and three types of triggers Explore release approvals Explore release gates Use release gates to protect quality Control Deployments using Release Gates 28 - Provision and test environments Provision and configure target environments Configure automated integration and functional test automation Understand Shift-left Set up and run availability tests Explore Azure Load Testing Set up and run functional tests 29 - Manage and modularize tasks and templates Examine task groups Explore variables in release pipelines Understand variable groups 30 - Automate inspection of health Automate inspection of health Explore events and notifications Explore service hooks Configure Azure DevOps notifications Configure GitHub notifications Explore how to measure quality of your release process Examine release notes and documentation Examine considerations for choosing release management tools Explore common release management tools 31 - Introduction to deployment patterns Explore microservices architecture Examine classical deployment patterns Understand modern deployment patterns 32 - Implement blue-green deployment and feature toggles What is blue-green deployment? Explore deployment slots Describe feature toggle maintenance 33 - Implement canary releases and dark launching Explore canary releases Examine Traffic Manager Understand dark launching 34 - Implement A/B testing and progressive exposure deployment What is A/B testing? Explore CI-CD with deployment rings 35 - Integrate with identity management systems Integrate GitHub with single sign-on (SSO) Explore service principals Explore Managed Identity 36 - Manage application configuration data Rethink application configuration data Explore separation of concerns Understand external configuration store patterns Examine Key-value pairs Examine App configuration feature management Integrate Azure Key Vault with Azure Pipelines Manage secrets, tokens and certificates Examine DevOps inner and outer loop Integrate Azure Key Vault with Azure DevOps Enable Dynamic Configuration and Feature Flags 37 - Explore infrastructure as code and configuration management Explore environment deployment Examine environment configuration Understand imperative versus declarative configuration Understand idempotent configuration 38 - Create Azure resources using Azure Resource Manager templates Why use Azure Resource Manager templates? Explore template components Manage dependencies Modularize templates Manage secrets in templates Deployments using Azure Bicep templates 39 - Create Azure resources by using Azure CLI What is Azure CLI? Work with Azure CLI 40 - Explore Azure Automation with DevOps Create automation accounts What is a runbook? Understand automation shared resources Explore runbook gallery Examine webhooks Explore source control integration Explore PowerShell workflows Create a workflow Examine checkpoint and parallel processing 41 - Implement Desired State Configuration (DSC) Understand configuration drift Explore Desired State Configuration (DSC) Explore Azure Automation State configuration (DSC) Examine DSC configuration file Explore hybrid management Implement DSC and Linux Automation on Azure 42 - Implement Bicep What is Bicep? Install Bicep Understand Bicep file structure and syntax 43 - Introduction to Secure DevOps Describe SQL injection attack Understand DevSecOps Explore Secure DevOps Pipeline Explore key validation points Explore continuous security validation Understand threat modeling 44 - Implement open-source software Explore how software is built What is open-source software Explore corporate concerns with open-source software components Explore common open-source licenses Examine license implications and ratings 45 - Software Composition Analysis Inspect and validate code bases for compliance Explore software composition analysis (SCA) Integrate Mend with Azure Pipelines Implement GitHub Dependabot alerts and security updates Integrate software composition analysis checks into pipelines Examine tools for assess package security and license rate Interpret alerts from scanner tools Implement security and compliance in an Azure Pipeline 46 - Static analyzers Explore SonarCloud Explore CodeQL in GitHub Manage technical debt with SonarCloud and Azure DevOps 47 - OWASP and Dynamic Analyzers Plan Implement OWASP Secure Coding Practices Explore OWASP ZAP penetration test Explore OWASP ZAP results and bugs 48 - Security Monitoring and Governance Implement pipeline security Explore Microsoft Defender for Cloud Examine Microsoft Defender for Cloud usage scenarios Explore Azure Policy Understand policies Explore initiatives Explore resource locks Explore Azure Blueprints Understand Microsoft Defender for Identity 49 - Explore package dependencies What is dependency management? Describe elements of a dependency management strategy Identify dependencies Understand source and package componentization Decompose your system Scan your codebase for dependencies 50 - Understand package management Explore packages Understand package feeds Explore package feed managers Explore common public package sources Explore self-hosted and SaaS based package sources Consume packages Publish packages Package management with Azure Artifacts 51 - Migrate consolidating and secure artifacts Identify existing artifact repositories Migrate and integrating artifact repositories Secure access to package feeds Examine roles Examine permissions Examine authentication 52 - Implement a versioning strategy Understand versioning of artifacts Explore semantic versioning Examine release views Promote packages Explore best practices for versioning 53 - Introduction to GitHub Packages Publish packages Install a package Delete and restore a package Explore package access control and visibility 54 - Implement tools to track usage and flow Understand the inner loop Explore Azure Monitor and Log Analytics Examine Kusto Query Language (KQL) Explore Application Insights Implement Application Insights Monitor application performance with Application Insights 55 - Develop monitor and status dashboards Explore Azure Dashboards Examine view designer in Azure Monitor Explore Azure Monitor workbooks Explore Power BI Build your own custom application 56 - Share knowledge within teams Share acquired knowledge within development teams Integrate with Azure Boards Share team knowledge using Azure Project Wiki 57 - Design processes to automate application analytics Explore rapid responses and augmented search Integrate telemetry Examine monitoring tools and technologies 58 - Manage alerts, blameless retrospectives and a just culture Examine when get a notification Explore how to fix it Explore smart detection notifications Improve performance Understand server response time degradation Reduce meaningless and non-actionable alerts Examine blameless retrospective Develop a just culture

Duration 5 Days 30 CPD hours This course is intended for This course is designed primarily for cybersecurity practitioners who perform job functions related to protecting information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. This course focuses on the knowledge, ability, and skills necessary to provide for the defense of those information systems in a cybersecurity context, including protection, detection, analysis, investigation, and response processes. In addition, the course ensures that all members of an IT team?everyone from help desk staff to the Chief Information Officer?understand their role in these security processes. Overview In this course, you will assess and respond to security threats and operate a systems and network security analysis platform. You will: - Assess information security risk in computing and network environments. - Analyze reconnaissance threats to computing and network environments. - Analyze attacks on computing and network environments. - Analyze post-attack techniques on computing and network environments. - Implement a vulnerability management program. - Collect cybersecurity intelligence. - Analyze data collected from security and event logs. - Perform active analysis on assets and networks. - Respond to cybersecurity incidents. - Investigate cybersecurity incidents. - Address security issues with the organization's technology architecture. The course introduces tools and tactics to manage cybersecurity risks, identify various types of common threats, evaluate the organization's security, collect and analyze cybersecurity intelligence, and handle incidents as they occur. 1 - ASSESSING INFORMATION SECURITY RISK Identify the Importance of Risk Management Assess Risk Mitigate Risk Integrate Documentation into Risk Management 2 - ANALYZING RECONNAISSANCE THREATS TO COMPUTING AND NETWORK ENVIRONMENTS Assess the Impact of Reconnaissance Incidents Assess the Impact of Social Engineering 3 - ANALYZING ATTACKS ON COMPUTING AND NETWORK ENVIRONMENTS Assess the Impact of System Hacking Attacks Assess the Impact of Web-Based Attacks Assess the Impact of Malware Assess the Impact of Hijacking and Impersonation Attacks Assess the Impact of DoS Incidents Assess the Impact of Threats to Mobile Security Assess the Impact of Threats to Cloud Security 4 - ANALYZING POST-ATTACK TECHNIQUES Assess Command and Control Techniques Assess Persistence Techniques Assess Lateral Movement and Pivoting Techniques Assess Data Exfiltration Techniques Assess Anti-Forensics Techniques 5 - MANAGING VULNERABILITIES IN THE ORGANIZATION Implement a Vulnerability Management Plan Assess Common Vulnerabilities Conduct Vulnerability Scans Conduct Penetration Tests on Network Assets 6 - COLLECTING CYBERSECURITY INTELLIGENCE Deploy a Security Intelligence Collection and Analysis Platform Collect Data from Network-Based Intelligence Sources Collect Data from Host-Based Intelligence Sources 7 - ANALYZING LOG DATA Use Common Tools to Analyze Logs Use SIEM Tools for Analysis 8 - PERFORMING ACTIVE ASSET AND NETWORK ANALYSIS Analyze Incidents with Windows-Based Tools Analyze Incidents with Linux-Based Tools Analyze Malware Analyze Indicators of Compromise 9 - RESPONDING TO CYBERSECURITY INCIDENTS Deploy an Incident Handling and Response Architecture Mitigate Incidents Prepare for Forensic Investigation as a CSIRT 10 - INVESTIGATING CYBERSECURITY INCIDENTS Apply a Forensic Investigation Plan Securely Collect and Analyze Electronic Evidence Follow Up on the Results of an Investigation 11 - ADDRESSING SECURITY ARCHITECTURE ISSUES Remediate Identity and Access Management Issues Implement Security During the SDLC Additional course details: Nexus Humans CompTIA Cybersecurity Analyst Certification (CySA Plus) (Exam CS0-003) training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the CompTIA Cybersecurity Analyst Certification (CySA Plus) (Exam CS0-003) course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

Duration 5 Days 30 CPD hours This course is intended for Penetration Testers Microsoft Administrator Security Administrators Active Directory Administrators Anyone looking to learn more about security Overview The person who carries this certification should be able to analyze an organization's existing systems then plan and create an incident handling system that will prevent, detect, and respond to cyber attacks The Certified Incident Handling Engineer course, C)IHE, is designed to help Incident Handlers, System Administrators, and Security Engineers understand how to plan, create and utilize their systems. Prevent, detect and respond to attacks through the use of hands-on labs in our exclusive Cyber Range. With this in-depth training, you will learn to develop start to finish processes for establishing your Incident Handling team, strategizing for each type of attack, recovering from attacks and much more. Course Outline Incident Handling Explained Incident Response Policy, Plan and Procedure Creation Incident Response Team Structure Incident Response Team Services Incident Response Recommendations Preparation Detection and Analysis Containment, Eradication and Recovery GRR Rapid Response Request Tracker for Incident Response Post Incident Activity Incident Handling Checklist Incident Handling Recommendations Coordination and Information Sharing

Duration 4 Days 24 CPD hours This course is intended for Penetration Testers Microsoft Administrators Security Administrators Active Directory Administrators Anyone looking to learn more about security Overview Upon completion, Certified IS Security Manager students will have a strong foundation in Cyber Security & IS management standards with current best practices and will be prepared to competently take the C)ISSM exam. Companies will lean on a Certified IS Security Manager, C)ISSM to create solutions for tomorrow?s problems, today. When it comes to identifying critical issues and providing effective IS management solutions.ÿ ÿThe knowledge and course content provided in the Certified Information Systems Security Manager ? C)ISSM will not only cover ISACA©?s CISM exam but will provide a measurable certification that demonstrates proficiency in the IS Management Field. The Certified Information Systems Security Manager covers the skills and knowledge to assess threat analysis and risks, Risk & incident management, Security programs and CISO roles, IS security strategy and frameworks, Audit and Risk management creation of policies, compliance and awareness, as well as DR and BCP development, deployment and maintenance. Course Outline Introduction Information Security Governance Information Risk Management and Compliance Information Security Program Development and Management Information Security Incident Management Additional course details: Nexus Humans C)ISSM - Certified Information Systems Security Manager Mile 2 training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the C)ISSM - Certified Information Systems Security Manager Mile 2 course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

Duration 5 Days 30 CPD hours This course is intended for This course is targeted towards the information technology (IT) professional that has a minimum 1 year IT Security and Networking experience. This course would be ideal for Information System Owners, Security Officers, Ethical Hackers, Information Owners, Penetration Testers, System Owner and Managers as well as Cyber Security Engineers. Overview Upon completion, the Certified Professional Ethical Hacker candidate will be able to competently take the CPEH exam. The CPEH certification training enables students to understand the importance of vulnerability assessments and how to implement counter response along with preventative measures when it comes to a network hack. Security Fundamentals Overview The Growth of Environments and Security Our Motivation? The Goal: Protecting Information! CIA Triad in Detail Approach Security Holistically Security Definitions Definitions Relationships Method: Ping The TCP/IP Stack Which Services Use Which Ports? TCP 3-Way Handshake TCP Flags Malware Types of Malware Types of Malware Cont... Types of Viruses More Malware: Spyware Trojan Horses Back Doors DoS DDoS Packet Sniffers Passive Sniffing Active Sniffing Firewalls, IDS and IPS Firewall ? First Line of Defense IDS ? Second Line of Defense IPS ? Last Line of Defense? Firewalls Firewall Types: (1) Packet Filtering Firewall Types: (2) Proxy Firewalls Firewall Types ? Circuit-Level Proxy Firewall Type of Circuit- Level Proxy ? SOCKS Firewall Types ? Application-Layer Proxy Firewall Types: (3) Stateful Firewall Types: (4) Dynamic Packet-Filtering Firewall Types: (5) Kernel Proxies Firewall Placement Firewall Architecture Types ? Screened Host Multi- or Dual-Homed Screened Subnet Wi-Fi Network Types Wi-Fi Network Types Widely Deployed Standards Standards Comparison 802.11n - MIMO Overview of Database Server Review Access Controls Overview Role of Access Control Definitions More Definitions Categories of Access Controls Physical Controls Logical Controls ?Soft? Controls Security Roles Steps to Granting Access Access Criteria Physical Access Control Mechanisms Biometric System Types Synchronous Token Asynchronous Token Device Memory Cards Smart Card Cryptographic Keys Logical Access Controls OS Access Controls Linux Access Controls Accounts and Groups Password & Shadow File Formats Accounts and Groups Linux and UNIX Permissions Set UID Programs Trust Relationships Review Protocols Protocols Overview OSI ? Application Layer OSI ? Presentation Layer OSI ? Session Layer Transport Layer OSI ? Network Layer OSI ? Data Link OSI ? Physical Layer Protocols at Each OSI Model Layer TCP/IP Suite Port and Protocol Relationship Conceptual Use of Ports UDP versus TCP Protocols ? ARP Protocols ? ICMP Network Service ? DNS SSH Security Protocol SSH Protocols ? SNMP Protocols ? SMTP Packet Sniffers Example Packet Sniffers Review Cryptography Overview Introduction Encryption Cryptographic Definitions Encryption Algorithm Implementation Symmetric Encryption Symmetric Downfalls Symmetric Algorithms Crack Times Asymmetric Encryption Public Key Cryptography Advantages Asymmetric Algorithm Disadvantages Asymmetric Algorithm Examples Key Exchange Symmetric versus Asymmetric Using the Algorithm Types Together Instructor Demonstration Hashing Common Hash Algorithms Birthday Attack Example of a Birthday Attack Generic Hash Demo Instructor Demonstration Security Issues in Hashing Hash Collisions MD5 Collision Creates Rogue Certificate Authority Hybrid Encryption Digital Signatures SSL/TLS SSL Connection Setup SSL Hybrid Encryption SSH IPSec - Network Layer Protection IPSec IPSec Public Key Infrastructure Quantum Cryptography Attack Vectors Network Attacks More Attacks (Cryptanalysis) Review Why Vulnerability Assessments? Overview What is a Vulnerability Assessment? Vulnerability Assessment Benefits of a Vulnerability Assessment What are Vulnerabilities? Security Vulnerability Life Cycle Compliance and Project Scoping The Project Overview Statement Project Overview Statement Assessing Current Network Concerns Vulnerabilities in Networks More Concerns Network Vulnerability Assessment Methodology Network Vulnerability Assessment Methodology Phase I: Data Collection Phase II: Interviews, Information Reviews, and Hands-On Investigation Phase III: Analysis Analysis cont. Risk Management Why Is Risk Management Difficult? Risk Analysis Objectives Putting Together the Team and Components What Is the Value of an Asset? Examples of Some Vulnerabilities that Are Not Always Obvious Categorizing Risks Some Examples of Types of Losses Different Approaches to Analysis Who Uses What? Qualitative Analysis Steps Quantitative Analysis ALE Values Uses ALE Example ARO Values and Their Meaning ALE Calculation Can a Purely Quantitative Analysis Be Accomplished? Comparing Cost and Benefit Countermeasure Criteria Calculating Cost/Benefit Cost of a Countermeasure Can You Get Rid of All Risk? Management?s Response to Identified Risks Liability of Actions Policy Review (Top-Down) Methodology Definitions Policy Types Policies with Different Goals Industry Best Practice Standards Components that Support the Security Policy Policy Contents When Critiquing a Policy Technical (Bottom-Up) Methodology Review Vulnerability Tools of the Trade Vulnerability Scanners Nessus SAINT ? Sample Report Tool: Retina Qualys Guard http://www.qualys.com/products/overview/ Tool: LANguard Microsoft Baseline Analyzer MBSA Scan Report Dealing with Assessment Results Patch Management Options Review Output Analysis and Reports Overview Staying Abreast: Security Alerts Vulnerability Research Sites Nessus SAINT SAINT Reports GFI Languard GFI Reports MBSA MBSA Reports Review Reconnaissance, Enumeration & Scanning Reconnaissance Overview Step One in the Hacking ?Life-Cycle? What Information is Gathered by the Hacker? Passive vs. Active Reconnaissance Footprinting Defined Social Access Social Engineering Techniques Social Networking Sites People Search Engines Internet Archive: The WayBack Machine Footprinting Tools Overview Maltego GUI Johnny.Ihackstuff.com Google (cont.) Domain Name Registration WHOIS Output DNS Databases Using Nslookup Traceroute Operation Web Server Info Tool: Netcraft Introduction to Port Scanning Which Services use Which Ports? Port Scan Tips Port Scans Shou