• Professional Development
  • Medicine & Nursing
  • Arts & Crafts
  • Health & Wellbeing
  • Personal Development

1424 Courses

CMMC for Business Professionals: A Practical Guide to Getting Ready for CMMC

By Nexus Human

Duration 1 Days 6 CPD hours This course is intended for This course provides an introductory overview of the CMMC program for organizational decision makers. Business and IT leaders and IT staff might consider taking this course to learn about the CMMC Model to get a sense of what's required for a successful assessment, and the various ways they can start preparing. Overview In this course, you will identify the key elements and potential impacts of the Cybersecurity Maturity Model Certification (CMMC) program. You will: Identify the crucial elements that are driving the CMMC initiative. Describe the architecture of the CMMC Model and the rationale behind it. Prepare your organization for a successful CMMC Assessment. Identify the roles and responsibilities in the CMMC ecosystem and describe the phases of an Assessment. The Cybersecurity Maturity Model Certification (CMMC), managed by The Cyber AB (formerly known as the CMMC Accreditation Body or the CMMC-AB), is a program through which an organization's cybersecurity program maturity is measured by their initial and ongoing compliance with applicable cybersecurity practices. This course provides a complete review of the key elements of this important program and will entitle you to a CMMC Trailblazer badge.Important: This curriculum product is not considered CMMC-AB Approved Training Material (CATM). This course is not intended as certification preparation and does not qualify students to sit for the CMMC CP certification exam. Identifying What's at Stake Topic A: Identify the Threats and Regulatory Responses Topic B: Identify Sensitive Information Describing CMMC Topic A: Describe the CMMC Model Architecture Topic B: Describe the CMMC Program Getting Ready for a CMMC Assessment Topic A: Scope Your Environment Topic B: Analyze the CMMC Assessment Guides Topic C: Foster a Mature Cybersecurity Culture Topic D: Identify Helpful Documents Topic E: Evaluate Your Readiness Interacting with the CMMC Ecosystem Topic A: Identify the CMMC Ecosystem Topic B: Describe a CMMC Assessment

CMMC for Business Professionals: A Practical Guide to Getting Ready for CMMC
Delivered OnlineFlexible Dates
Price on Enquiry

Cisco Implementing Automation for Cisco Security Solutions v1.0 (SAUI)

By Nexus Human

Duration 3 Days 18 CPD hours This course is intended for Channel and Customer Engineers Network Engineer System Engineer Wireless Engineer Consulting Systems Engineer Technical Solutions Architect Network Admisnistrator Wireless Design Engineer Network Manager Channel SEs Sales Engineer Channel AMs Account Manager Overview Upon completing this course, students will be able to meet these objectives: Understand the overall architecture of the Cisco security solutions and how APIs help enable security Understand how to use Cisco Firepower APIs Understand how pxGrid APIs function and their benefits Understand what capabilities the Cisco Stealthwatch APIs offer and construct API requests to them for configuration changes and auditing purposes Understand the features and benefits of using Cisco Stealthwatch Cloud APIs Learn how to use the Cisco Umbrella Investigate API Understand the Functionality provided by Cisco AMP and its APIs Learn how to use Cisco Threat Grid APIs to analyze, search, and dispose of threats This course demonstrates the tools and the benefits of leveraging programmability and automation in Cisco Security Solutions, including Cisco Firepower Management Center, Cisco Firepower Threat Defense, Cisco ISE, Cisco pxGrid, Cisco Stealthwatch Enterprise, Cisco Stealthwatch Cloud, Cisco Umbrella, Cisco AMP, Cisco Threat grid, and Cisco Security Management Appliances. Students will learn how to use the API for each Cisco security solution and specific applications of when the API benefits IT security content. Introducing Cisco Security APIs Role of APIs in Cisco Security Solutions Cisco Firepower, Cisco ISE, Cisco pxGrid, and Cisco Stealthwatch APIs Use cases and security workflow Consuming Cisco Advanced Malware Protection APIs Cisco AMP overview Cisco AMP endpoint API Cisco AMP use cases and workflows Discovery 1: Query Cisco AMP endpoint APIs for verifying compliance Using Cisco ISE Introducing Cisco Identity services engine Cisco ISE use cases Cisco ISE APIs Using Cisco pxGrid APIs Cisco pxGrid overview WebSockets and STOMP messaging protocol Discovery 2: Use the REST API and Cisco pxGrid with Cisco Identity services engine Using Cisco Threat Grid APIs Cisco threat grid overview Cisco threat grid API Cisco threat grid use cases and workflows Discovery 3: Construct a Python script using the Cisco threat grid API Investigating Cisco Umbrella Security Data Programmatically Cisco Umbrella investigate API overview Cisco Umbrella investigate API: Details Discovery 4: Query security data with the Cisco Umbrella investigate API Exploring Cisco Umbrella Reporting and Enforcement APIs Cisco Umbrella reporting and enforcement APIs: Overview Cisco Umbrella reporting and enforcement APIs: Deep dive Discovery 5: Generate reports using the Cisco Umbrella reporting API Automating Security with Cisco Firepower APIs Review basic constructs of Firewall policy management Design policies for automation Cisco FMC APIs in depth Discovery 6: Explore the Cisco Firepower management center API Cisco FTD automation with ansible Discovery 7: Use ansible to automate Cisco Firepower threat defense configuration Cisco FDM API in depth Discovery 8: Automate Firewall policies using the Cisco Firepower device manager API Operationalizing Cisco Stealthwatch and Its API Capabilities Cisco Stealthwatch overview Cisco Stealthwatch APIs: Details Discovery 9: Automate alarm policies and create reports using the Cisco Stealthwatch APIs Using Cisco Stealthwatch Cloud APIs Cisco Stealthwatch Cloud overview Cisco Stealthwatch Cloud APIs: Deep dive Discovery 10: Construct a report using Cisco stealthwatch Cloud APIs Describing Cisco Security Management Appliance APIs Cisco SMA APIs overview Cisco SMA API Discovery 11: Construct reports using Cisco SMA APIs

Cisco Implementing Automation for Cisco Security Solutions v1.0 (SAUI)
Delivered OnlineFlexible Dates
Price on Enquiry

Certified Kubernetes Security Specialist (CKS)

By Nexus Human

Duration 5 Days 30 CPD hours This course is intended for Security Professionals working with Kubernetes Clusters Container Orchestration Engineers DevOps Professionals Overview In this course, students will learn and practice essential Kubernetes concepts and tasks in the following sections: Cloud Security Fundamentals Cluster Hardening System Hardening Minimize Microservice Vulnerabilities Supply Chain Security Disaster Recovery Secure Back-up and Restore This class prepares students for the Certified Kubernetes Security Specialist (CKS) exam. Kubernetes is a Cloud Orchestration Platform providing reliability, replication, and stabilitywhile maximizing resource utilization for applications and services. By the conclusion of this hands-on, vendor agnostic training you will be equipped with a thorough understanding ofcloud security fundamentals, along with the knowledge, skills and abilities to secure a Kubernetes cluster, detect threats, and properly resolve a security catastrophe. This courseincludes hands-on instruction which develops skills and knowledge for securing container-based applications and Kubernetes platforms, during build, deployment, and runtime. We prioritizecovering all objectives and concepts necessary for passing the Certified Kubernetes Security Specialist (CKS) exam. You will be provided the components necessary to assemble your ownhigh availability Kubernetes environment and harden it for your security needs. Learning Your Environment Underlying Infrastructure Using Vim Tmux Cloud Security Primer Basic Principles Threat Analysis Approach CIS Benchmarks Securing your Kubernetes Cluster Kubernetes Architecture Pods and the Control Plane Kubernetes Security Concepts Install Kubernetes using kubeadm Configure Network Plugin Requirements Kubeadm Basic Cluster Installing Kubeadm Join Node to Cluster Kubeadm Token Manage Kubeadm Tokens Kubeadm Cluster Upgrade Securing the kube-apiserver Configuring the kube-apiserver Enable Audit Logging Falco Deploy Falco to Monitor System Calls Enable Pod Security Policies Encrypt Data at Rest Encryption Configuration Benchmark Cluster with Kube-Bench Kube-Bench Securing ETCD ETCD Isolation ETCD Disaster Recovery ETCD Snapshot and Restore Purge Kubernetes Purge Kubeadm 3Purge Kubeadm Image Scanning Container Essentials Secure Containers Creating a Docker Image Scanning with Trivy Trivy Snyk Security Manually Installing Kubernetes Kubernetes the Alta3 Way Deploy Kubernetes the Alta3 Way Validate your Kubernetes Installation Sonobuoy K8s Validation Test Kubectl (Optional) Kubectl get and sorting kubectl get kubectl describe Labels (Optional) Labels Labels and Selectors Annotations Insert an Annotation Securing your Application Scan a Running Container Tracee Security Contexts for Pods Understanding Security Contexts AppArmor Profiles AppArmor Isolate Container Kernels gVisor Pod Security Pod Security Policies Deploy a PSP Pod Security Standards Enable PSS Open Policy Agent (OPA) Admission Controller Create a LimitRange Open Policy Agent Policy as Code Deploy Gatekeeper User Administration Contexts Contexts Authentication and Authorization Role Based Access Control Role Based Access Control RBAC Distributing Access Service Accounts Limit Pod Service Accounts Securing Secrets Secrets Create and Consume Secrets Hashicorp Vault Deploy Vault Securing the Network Networking Plugins NetworkPolicy Deploy a NetworkPolicy mTLS Linkerd mTLS with istio istio Threat Detection Active Threat Analysis Host Intrusion Detection Deploy OSSEC Network Intrusion Detection Deploy Suricata Physical Intrusion Detection Disaster Recovery Harsh Reality of Security Deploy a Response Plan Kasten K10 Backups Deploy K10

Certified Kubernetes Security Specialist (CKS)
Delivered OnlineFlexible Dates
Price on Enquiry

CertNexus Certified Internet of Things Practitioner (CIoTP)

By Nexus Human

Duration 3 Days 18 CPD hours This course is intended for This course is designed for IT professionals with baseline skills in computer hardware, software support, and development who want to learn how to design, develop, implement, operate, and manage Internet of Things devices and related systems. It is for those interested in learning more about embedded systems, microcontroller programming, IoT security, and the development life cycle for IoT projects. While students will gain hands-on experience assembling a prototype IoT device and using software development tools, these activities are closely guided, so previous experience in electronics assembly and programming are not required. This course prepares students for taking the CertNexus Certified Internet of Things (IoT) Practitioner (Exam ITP-110). Overview In this course, you will learn how to apply Internet of Things technologies to solve real-world problems. You will: Construct and program an IoT device. Communicate with an IoT device using wired and wireless connections. Process sensor input and control an actuator on an IoT device. Manage security, privacy, and safety risks on IoT projects. Plan an IoT prototyping and development project. In this course, you will learn general strategies for planning, designing, developing, implementing, and maintaining an IoT system through various case studies and by assembling and configuring an IoT device to work in a sensor network. You will create an IoT device based on an ESP8266 microcontroller, implementing various common IoT features, such as analog and digital sensors, a web-based interface, MQTT messaging, and data encryption. The instructor led course includes an exam voucher for the Certified Internet of Things Practitioner (CIoTP) exam (exam ITP-110). Planning an IoT Implementation Select a General Architecture for an IoT Project Identify Benefits and Challenges of IoT Constructing and Programming an IoT Device Select and Configure a Processing Unit Select a Microcontroller Power Source Use a Software Development Kit to Program an IoT Device Communicating with an IoT Device Communicate Using Wired Connections Communicate Using Wireless Connections Communicate Using Internet Protocols Processing IoT Data Process IoT Device Input and Output Process Data in the Cloud Provide Machine to Machine Communication Managing Risks on IoT Projects Identify IoT Security and Privacy Risks Manage IoT Security and Privacy Risks Manage IoT Safety Risks Undertaking an IoT Project Identify Real World Applications for IoT Follow the IoT Development Lifecycle Additional course details: Nexus Humans CertNexus Certified Internet of Things Practitioner (CIoTP) training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the CertNexus Certified Internet of Things Practitioner (CIoTP) course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

CertNexus Certified Internet of Things Practitioner (CIoTP)
Delivered OnlineFlexible Dates
Price on Enquiry

Computer Engineering: Software and Web development, Coding, Network, Database & Security

4.8(9)

By Skill Up

Flash Sale! 24-in-1 Diploma Bundle | CPD Certified | Free PDF & Transcript Certificates | Lifetime Access

Computer Engineering: Software and Web development, Coding, Network, Database & Security
Delivered Online On Demand7 days
£129

ISACA CGEIT Training Boot Camp

By Nexus Human

Duration 4 Days 24 CPD hours This course is intended for Risk professionals Business analysts Project managers Compliance professionals IT professionals Anyone whose work includes evaluating and mitigating risk Overview This boot camp prepares you to pass the ISACA CGEIT exam, which covers four domain areas designed to reflect the work performed by individuals who have a significant management, advisory or assurance role relating to the governance of IT. Domain 1: Governance of enterprise IT Domain 2: IT resources Domain 3: Benefits realization Domain 4: Risk optimization This CGEIT Boot Camp is designed for experienced IT governance personnel and those who have responsibilities for the stewardship of IT resources. You will learn how to effectively implement and manage governance across all areas of technology ? as well as align that technology with strategic enterprise goals. This training also explains the CGEIT examination process and helpsprepare you for your CGEIT exam by providing guidance and testing your exam readiness through sample questions. You?ll leave fully prepared to earn your CGEIT certification. Course Outline Domain 1: Governance of enterprise IT Domain 2: IT resources Domain 3: Benefits realization Domain 4: Risk optimization

ISACA CGEIT Training Boot Camp
Delivered OnlineFlexible Dates
Price on Enquiry

EXIN Information Security Foundation based on ISO/IEC 27001 - Professional

By Nexus Human

Duration 3 Days 18 CPD hours This course is intended for Security professionals. This module is intended for everyone who is involved in the implementation, evaluation and reporting of an information security program, such as an Information Security Manager (ISM), Information Security Officer (ISO) or a Line Manager, Process Manager or Project Manager with security responsibilities. Basic knowledge of Information Security is recommended, for instance through the EXIN Information Security Foundation based on ISO/IEC 27001 certification. Overview The module Information Security Management Professional based on ISO/IEC 27001 (ISMP.EN) tests understanding of the organizational and managerial aspects of information security.The subjects of this module are: Information security perspectives: business, customer, service provider/supplier Risk Management: analysis, controls, remaining risks Information security controls: organizational, technical, physical. Information security is the preservation of confidentiality, integrity and availability of information (ISO/IEC 27000 definition). Information security is gaining importance in the Information Technology (IT) world. Globalization of the economy is leading to an ever-increasing exchange of information between organizations (their staff, customers and suppliers) and an explosion in the use of networked computers and computing devices. The core activities of many companies completely rely on IT. Enterprise resource planning (ERP) management systems, the control systems that govern how a building runs or a manufacturing machine functions, day-to-day communications - everything - runs on computers. The vast majority of information - the most valuable commodity in the world - passes through IT. Information is crucial for the continuity and proper functioning of both individual organizations and the economies they fuel; this information must be protected against access by unauthorized people, protected against accidental or malicious modification or destruction and must be available when it is needed. Companies and individual users of technology are also beginning to understand how important security is and are beginning to make choices based on the security of the technology or service. Information Security Perspectives The candidate understands the business interest of information security The canidate understands the customer perspective on governance The candidate understands the supplierïs responsibilities in security assurance Risk Mangement The candidate understands the principles of risk management The candidate knows how to control risks The candidate knows how to deal with remaining risks Information Security Controls The candidate has knowledge of organizational controls The candidate has knowledge of technical controls The candidate has knowledge of physical, employment-related and continuity controls

EXIN Information Security Foundation based on ISO/IEC 27001 - Professional
Delivered OnlineFlexible Dates
Price on Enquiry

Palo Alto Networks: Cortex XSOAR 6.8: Automation and Orchestration(EDU-380)

By Nexus Human

Duration 4 Days 24 CPD hours This course is intended for Security-operations (SecOps), or security, orchestration, automation, and response (SOAR) engineers, managed security service providers (MSSPs), service delivery partners, system integrators, and professional services engineers Overview This training is designed to enable a SOC, CERT, CSIRT, or SOAR engineer to start working with Cortex XSOAR integrations, playbooks, incident-page layouts, and other system features to facilitate resource orchestration, process automation, case management, and analyst workflow. The course includes coverage of a complete playbook-development process for automating a typical analyst workflow to address phishing incidents. This end-to-end view of the development process provides a framework for more focused discussions of individual topics that are covered in the course. The Cortex? XSOAR 6.8: Automation and Orchestration (EDU-380) course is four days of instructor-led training that will help you: Configure integrations, create tasks, and develop playbooks Build incident layouts that enable analysts to triage and investigate incidents efficiently Identify how to categorize event information and map that information to display fields Develop automations, manage content, indicator data, and artifact stores, schedule jobs, organize users and user roles, oversee case management, and foster collaboration This class is powered by Cloud Harmonics. Course Outline Module 1 - Core Functionality and Feature Sets Module 2 - Enabling and Configuring Integrations Module 3 - Playbook Development Module 4 - Classification and Mapping Module 5 - Layout Builder Module 6 - Solution Architecture Module 7 - Docker Module 8 - Automation Development and Debugging Module 9 - The Marketplace and Content Management Module 10 - Indicators and Threat Intelligence Management Module 11 - Jobs and Job Scheduling Module 12 - Users and Role-Based Access Controls (RBAC) Module 13 - Integration Development Additional course details: Nexus Humans Palo Alto Networks: Cortex XSOAR 6.8: Automation and Orchestration(EDU-380) training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the Palo Alto Networks: Cortex XSOAR 6.8: Automation and Orchestration(EDU-380) course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

Palo Alto Networks: Cortex XSOAR 6.8: Automation and Orchestration(EDU-380)
Delivered OnlineFlexible Dates
Price on Enquiry

IS20SECURITYCON - IS20 Security Controls Mile 2

By Nexus Human

Duration 4 Days 24 CPD hours This course is intended for Information Assurance Managers/Auditors System Implementors/administrators IT Administrators Auditors/Auditees Federal Agencies/Contractors Security Vendors and Consulting Groups Overview Upon completion, the IS20 Security Controls candidate will be able to not only competently take the IS20 Controls exam but will also have an understanding of how to implement the top 20 most critical controls in the work place. IS20 controls are the Top Twenty Most Critical Security Controls in Information Technology.ÿ This 4 day training course covers proven tools and methodologies needed to execute and analyze the Top Twenty Most Critical Security Controls. Nearly all organizations that maintain sensitive information are adopting these Security Controls. These controls were chosen by leading government and private organizations who are experts on how attacks work and what can be done to prevent them from happening. The controls were selected as the best way to block known attacks as well as help search for and alleviate any damage from the attacks that are successful. This course allows the security professional to see how to implement controls in an existing network through highly effective and economical automation. For management, this training is the best way to distinguish how you will assess whether these security controls are effectively being administered. Introduction Critical Control 1 Critical Control 2 Critical Control 3 Critical Control 4 Critical Control 5 Critical Control 6 Critical Control 7 Critical Control 8 Critical Control 9 Critical Control 10 Critical Control 11 Critical Control 12 Critical Control 13 Critical Control 14 Critical Control 15 Critical Control 16 Critical Control 17 Critical Control 18 Critical Control 19 Critical Control 20

IS20SECURITYCON - IS20 Security Controls Mile 2
Delivered OnlineFlexible Dates
Price on Enquiry

Information Assurance (STIG) Overview (TT8800)

By Nexus Human

Duration 2 Days 12 CPD hours This course is intended for The intended audience for this comprehensive course on Information Assurance and STIGs includes professionals with roles such as: IT professionals - System administrators, network engineers, and security analysts who are responsible for maintaining and securing IT infrastructure and web applications. Developers - Software engineers and web developers who design, implement, and maintain web applications, and need to integrate security best practices throughout the development process. Project teams - Cross-functional teams that collaborate on application development projects, including members from development, testing, and deployment teams. Technical leads - Senior software engineers or architects who oversee technical aspects of projects and ensure the implementation of secure design and coding practices. Project managers - Professionals responsible for planning, executing, and closing projects, ensuring that security requirements are met throughout the project lifecycle. Overview Working in an interactive learning environment, guided by our application security expert, you'll explore: The concepts and terminology behind defensive coding Threat Modeling as a tool in identifying software vulnerabilities based on realistic threats against meaningful assets The entire spectrum of threats and attacks that take place against software applications in today's world The role that static code reviews and dynamic application testing to uncover vulnerabilities in applications The vulnerabilities of programming languages as well as how to harden installations The basics of Cryptography and Encryption and where they fit in the overall security picture The requirements and best practices for program management as specified in the STIGS The processes and measures associated with the Secure Software Development (SSD) The basics of security testing and planning Understand the concepts and terminology behind defensive coding Understand Threat Modeling as a tool in identifying software vulnerabilities based on realistic threats against meaningful assets Learn the entire spectrum of threats and attacks that take place against software applications in today's world Discuss the role that static code reviews and dynamic application testing to uncover vulnerabilities in applications Understand the vulnerabilities of programming language as well as how to harden installations Understand the basics of Cryptography and Encryption and where they fit in the overall security picture Understand the fundamentals of XML Digital Signature and XML Encryption as well as how they are used within the web services arena Understand the requirements and best practices for program management as specified in the STIGS Understand the processes and measures associated with the Secure Software Development (SSD) Understand the basics of security testing and planning The Information Assurance (STIG) Overview is a comprehensive two-day course that delves into the realm of Information Assurance, empowering you to enhance your cybersecurity skills, understand the essentials of STIGs, and discover cutting-edge web application security practices. This immersive experience is tailored for IT professionals, developers, project teams, technical leads, project managers, testing/QA personnel, and other key stakeholders who seek to expand their knowledge and expertise in the evolving cybersecurity landscape. The course focuses on the intricacies of best practices for design, implementation, and deployment, inspired by the diverse and powerful STIGs, ultimately helping participants become more proficient in application security.The first half of the course covers the foundations of DISA's Security Technical Implementation Guides (STIGs) and learn the ethical approach to bug hunting, while exploring the language of cybersecurity and dissecting real-life case studies. Our expert instrtors will guide you through the importance of respecting privacy, working with bug bounty programs, and avoiding common mistakes in the field.The next half delves into the core principles of information security and application protection, as you learn how to identify and mitigate authentication failures, SQL injections, and cryptographic vulnerabilities. You?ll gain experience with STIG walkthroughs and discover the crucial steps for securing web applications.Throughout the course, you'll also explore the fundamentals of application security and development, including checklists, common practices, and secure development lifecycle (SDL) processes. You?ll learn from recent incidents and acquire actionable strategies to strengthen your project teams and IT organizations. You'll also have the opportunity to explore asset analysis and design review methodologies to ensure your organization is prepared to face future cybersecurity challenges. DISA's Security Technical Implementation Guides (STIGs) The motivations behind STIGs Requirements that the various software development roles must meet Implementing STIG requirements and guidelines Why Hunt Bugs? The Language of CyberSecurity The Changing Cybersecurity Landscape AppSec Dissection of SolarWinds The Human Perimeter Interpreting the 2021 Verizon Data Breach Investigation Report First Axiom in Web Application Security Analysis First Axiom in Addressing ALL Security Concerns Lab: Case Study in Failure Safe and Appropriate Bug Hunting/Hacking Working Ethically Respecting Privacy Bug/Defect Notification Bug Bounty Programs Bug Hunting Mistakes to Avoid Principles of Information Security Secuity Is a Lifecycle Issue Minimize Attack Surface Area Layers of Defense: Tenacious D Compartmentalize Consider All Application States Do NOT Trust the Untrusted Identification and Authentication Failures Applicable STIGs Quality and Protection of Authentication Data Proper hashing of passwords Handling Passwords on Server Side Session Management HttpOnly and Security Headers Lab: STIG Walk-Throughs Injection Applicable STIGs Injection Flaws SQL Injection Attacks Evolve Drill Down on Stored Procedures Other Forms of Server-Side Injection Minimizing Injection Flaws Client-side Injection: XSS Persistent, Reflective, and DOM-Based XSS Best Practices for Untrusted Data Lab: STIG Walk-Throughs Applications: What Next? Common Vulnerabilities and Exposures CWE/SANS Top 25 Most Dangerous SW Errors Strength Training: Project Teams/Developers Strength Training: IT Organizations Cryptographic Failures Applicable STIGs Identifying Protection Needs Evolving Privacy Considerations Options for Protecting Data Transport/Message Level Security Weak Cryptographic Processing Keys and Key Management Threats of Quantum Computing Steal Now, Crack Later Threat Lab: STIG Walk-Throughs Application Security and Development Checklists Checklist Overview, Conventions, and Best Practices Leveraging Common AppSec Practices and Control Actionable Application Security Additional Tools for the Toolbox Strength Training: Project Teams/Developers Strength Training: IT Organizations Lab: Recent Incidents SDL Overview Attack Phases: Offensive Actions and Defensive Controls Secure Software Development Processes Shifting Left Actionable Items Moving Forward Lab: Design Study Review Asset Analysis Asset Analysis Process Types of Application-Related Assets Adding Risk Escalators Discovery and Recon Design Review Asset Inventory and Design Assets, Dataflows, and Trust Boundaries Risk Escalators in Designs Risk Mitigation Options

Information Assurance (STIG) Overview (TT8800)
Delivered OnlineFlexible Dates
Price on Enquiry