Cyber Security Courses Online

About

The course gives an insight into secure software design, development and testing through Microsoft Secure Development Lifecycle (SDL) with a focus on web application security. It provides a level 100 overview of the fundamental building blocks of SDL, followed by design techniques to apply to detect and fix flaws in early stages of the development process of web applications.

Dealing with the development phase, the course gives an overview of the typical security relevant programming bugs in web applications. In this it follows the OWASP Top Ten, but also introduces some client-side issues tackling Javascript security, Ajax and HTML5.

Attack methods are presented for the discussed vulnerabilities along with the associated mitigation techniques, all explained through a number of hands-on exercises providing live hacking fun for the participants. Introduction of different security testing methods is followed by demonstrating the effectiveness of various testing tools. Participants can understand the operation of these tools through a number of practical exercises by applying the tools to the already discussed vulnerable code.

Content

• Understand basic concepts of security, IT security and secure coding
• Get known to the essential steps of Microsoft Secure Development Lifecycle
• Learn secure design and development practices
• Learn about secure implementation principles
• Learn client-side vulnerabilities and secure coding practices
• Understand security testing methodology
• Get sources and further readings on secure coding practices

About

Both Java and .NET development environments provide powerful means for security development, but developers should know how to apply the various architecture- and coding-level programming techniques in order to implement the desired security functionality and avoid vulnerabilities.

Providing hands-on knowledge, the course contains numerous exercises on how to use various APIs and tools to prevent untrusted code from performing privileged actions, protect resources through strong authentication and authorization, provide secured remote procedure calls, handle sessions, introduce different implementations for certain functionality, and many more.

Most importantly, the course explains the most frequent and severe programming flaws typically committed by programmers. General web-based vulnerabilities are demonstrated through presenting the relevant attacks, while the recommended coding techniques and mitigation methods are explained in the context of both development platforms. Besides the typical security-relevant Java and .NET bugs, the introduced security vulnerabilities cover both language-specific issues and problems stemming from the runtime environments one should be aware of. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques.

Participants attending this course will

• Understand basic concepts of security, IT security and secure coding
• Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
• Have a practical understanding of cryptography
• Learn to use various security features of the Java development environment
• Learn to use various security features of the .NET development environment
• Get information about some recent vulnerabilities in .NET and ASP.NET
• Learn about typical coding mistakes and how to avoid them
• Get information about some recent vulnerabilities in the Java framework
• Get sources and further readings on secure coding practices

About

The biggest challenge for professionals working on design and development of crypto chip-sets is to be continuously up-to-date regarding the attack methods and their mitigation. Serving them, this course explains various physical and logical attacks on security chips, possible countermeasures and best practices.

Regarding physical attacks, the passive attacks are detailed through optical reverse engineering and various side channel analysis methods, while active attacks are discussed with special emphasis on fault injection, Focused Ion Beams and hardware Trojans. The very powerful passive and active combined attack (PACA) type is introduced through the practical example of RSA implementations. Discussion of logical attacks not only covers practical attacks against specific cryptographic algorithm implementations, but also the relevant programming bugs and mitigation techniques like buffer overflow or integer problems are introduced.

Finally, a set of guidelines is assembled to follow by engineers working in this field, and the testing methods are presented that can help to find and avoid the discussed security flaws and vulnerabilities.

About

As voice over IP (VoIP) systems are vulnerable to the same threats as data networks – like viruses, identity theft, spam, fraud, privacy invasion, and denial of service attacks –, aim of this training is to teach programmers, software architects, network engineers and project managers to the VoIP security features, the various security issues of VoIP, and most importantly the best practices to support risk mitigation.

VoIP security is introduced at the raw protocol level, concentrating on attack methodologies that are used against the most popular VoIP protocols. Participants will not only be able to choose and use the appropriate standards and best practices, but will also be prepared to fix the occurring vulnerabilities by applying the relevant countermeasures.

About

The term hack has several related meanings in the technology and computer science fields. It may refer to a clever or quick fix to a computer program problem, or to what may be perceived to be a clumsy or inelegant (but usually relatively quick) solution to a problem. The term is also used to refer to a modification of a program or device to give the user access to features that were otherwise unavailable.

Course Content

• Introduction
• Microsoft Windows
• Novell
  • Novell Windows NT Hacks
    • Gain C: Access
    • Gain Program Access on C:
    • Using PowerPoint to run applications
    • Using Notepad run applications
    • Getting Access to invisible drives
    • Getting Passwords
  • Advanced Novell Hacking

About

As society becomes more dependent upon the technology of computers in this information age, the more vulnerable humans seem to be to cyberthreats. So much time, energy and resources are expended on fighting these cyberthreats that it would be wise to first understand what type(s) of threats have, do or potentially could exist.

Understanding threat(s) and the potentiality of attack on one's computer system should be one (and maybe the first) step in an attempt at warding off the damage and danger that could happen to you, the user. However, one must also be cognizant of the fact that some threats are beyond the everyday user's, and even the expert's, ability to prevent.

The attacks can happen without notice and without one's knowledge, but knowing how some of these attacks could take place, one maybe able to limit one's chances of being a statistic in the cyberworld. Don't be an uninformed target -- be ready and aware of the danger -- then undertake to implement security systems that maybe able to ward against such treats.

Course Content

• DOS: Denial-of-Service
• Protecting your computer
• Protecting Against Hardware Loss, Hardware Damage and System Failure
• Worms
• Viruses
• Social Engineering
  • Phishing
  • Spear Phishing
• Botnets
• Man-in-the-middle

About

The objective of this course is to provide a quick but in-depth review of the topics required to pass the Certified Information Systems Security Professional (CISSP) exam.

Contents

• Physical and Environmental Security
• Information Security and Risk Management
• Access Control Systems
• Cryptography
• Security Architecture and Design
• Business Continuity and Disaster Recovery Planning
• Telecommunications and Network Security
• Application Security
• Operations Security
• Legal, Regulations, Compliance and Investigations

About

Our rapidly increasing technology including a global network has allowed educators the opportunity to create, communicate, and store information in incredible ways. Students have access to instant information. Classes can learn with peers who live on the other side of the globe. School systems can store and access information on students, staff, and operational issues with ease.

In addition, many schools/districts are being rewarded grants that allow for the purchase of technology tools to which they otherwise would never have had financial access. Entire districts are being set up with laptops, LCD projectors, and other tech tools including staff training and mentoring for Classrooms for the Future grants. Here is a link that provides information on Classrooms for the Future

Unfortunately, with all of this wonderful technology available, there are several security concerns that arise. It is our duty as school staff members and parents to work together to keep our children safe while using these technology tools. Here is an incomplete list of security issues brought on by technology integration:

1. Students/staff downloading unauthorized software with viruses
2. Students, staff, or outsiders hacking into confidential information
3. Staff/students accessing, distributing, and/or downloading illegal material via the school network
4. Hardware being stolen or damaged
5. Students/staff using technology communication tools to bully/harass/intimidate/etc. others
6. Denial of Service (DOS) attacks from outsiders or insiders
7. Students/staff displaying or sharing passwords

Because of these issues listed above (and more), there is a need to train our staff and students in the area of security awareness. There are important steps for all members of an organization to take in order to keep our school community and network system safe. 

Course Content

• Introduction
• Teacher Information
  • Internet Safety
    • For your students
    • For yourself
  • Hardware Security/Safety
• Student Information
  • Safe at School
  • Cell Phone Safety
  • Preventing Cyberbullying
  • Preventing Sexting
  • Preventing Grooming

About

Many institutions and businesses invest large sums of money to create and ensure a secure computer system for all its stakeholders. Outlays of monies bring together hardware, software, policies, procedures, physical parameters, and training to construct a fortress of protection for its data, network, and, ultimately, its mission. Without the sense and assumption of a secure computer network, revenues would be lost, data compromised, and secrets unfolded.

But every system relies on the identification and authentication of the user. The system would not have been built if not for the intention of users to access and use the system, whatever that system may offer to the users. Almost always is a user accessing the system from a remote area away from the system’s administrators. They need to have a way to identify each user and authenticate that the user’s digital identity matches the physical user sitting in front of the computer or server is mandatory. Add to this drama that the user is human. This very nature is what may bring down and create the weakest link in the strongest fortress. As Schneier (2000) stated, "Think of security… as a chain. The security of the entire system is only as strong as the weakest link." That weakest link is many times the user of the system; unlike the human in the food chain, where a man takes a prominent stand, in the access and security of computer networks, the human is many times the weak prey or entry point to what is secure with the assumption that the right users are identified and authenticated.

Course Content

• Introduction
• Username/Password Combinations for Identification & Authentication
• How Can Passwords be Uncovered
• Securing Passwords with Secure Practices
• Password Tips for BlackBerry Users
• Password Management Tips for iPad & iPhone
• Password Protection Feature in Firefox Web Browser
• Facebook and Passwords
• Microsoft Online Safety Password Advice
• Enabling Firmware Password Protection in MAC OS X
• How to Protect Unattended Computer
• Better Password Practices
• Teaching Students Better Password Practices

About

Security and Maintenance is a component of Windows in charge of monitoring and displaying alerts about various security- and performance-related metrics It is a Microsoft Windows component. It is also a part of Windows XP,

Content

• Introduction to Windows security feature
• Identity and Access Management
• Administration of device accessibility
• Tips with Microsoft Security Logs
• Monitoring of activities and report generation

About

Digital security is various ways of protecting computer's internet account and files from intrusion by an outside user

Content

• Overview of cybersecurity
• Cybersecurity effective planning and architecture

About

Malware Analysis is the study of the functionality, origin, and potential impact of malware samples. A study or process of determining the functionality, origin, and potential impact of a given malware sample such as a virus, worm, trojan horse, rootkit, or backdoor. Malware or malicious software is any computer software intended to harm the host operating system or to steal sensitive data from users, organizations, or companies. Malware may include software that gathers user information without permission.

Content

• The work environment for malware analysis
• Metadata related to malware
• Malware Integration with an existing system
• Learn IDA Pro and X64dbg
• Malicious features
• Coding / encryption algorithms
• Coding and hook injection
• Use of forensic memory

About

Cloud computing security is broad set of policies, technologies, applications, and controls utilized to protect virtualized IP, data, applications, services, and the associated infrastructure of cloud computing/

Content

• Introduction to cloud-based technology
• Virtualized network in Azure cloud computing network
• On-site and hosted solutions
• SaaS, PaaS, and IaaS. 
• Cloud computing vulnerabilities
• The work environment in Microsoft Azure.

About

pfSense is a firewall/router computer software distribution based on FreeBSD. pfSense Community Edition (CE) is the open-source version while pfSense Plus has moved to a closed source model. It is installed on a physical computer or a virtual machine to make a dedicated firewall/router for a network. It can be configured and upgraded through a web-based interface and requires no knowledge of the underlying FreeBSD system to manage.

Content

• Installation and configuration
• pfSense network security
• pfSense GUI, firewall, and other essential features
• Configure network interface controllers and share multiple LANs
• Troubleshooting networks
• Remote access to internal resources using VPNs and SSH tunnels
• Scanning network traffic

About

Nagios Core, formerly known as Nagios, is a free and open-source computer-software application that monitors systems, networks, and infrastructure. Nagios offers to monitor and alerting services for servers, switches, applications, and services. It alerts users when things go wrong and alert them a second time when the problem has been resolved.

Ethan Galstad and a group of developers originally wrote Nagios as NetSaint. As of 2015 they actively maintain both the official and unofficial plugins. Nagios is a recursive acronym: "Nagios Ain't Gonna Insist On Sainthood" – "sainthood" makes reference to the original name NetSaint, which changed in response to a legal challenge by owners of a similar trademark. "Agios" (or "hagios") also transliterates the Greek word άγιος, which means "saint".

Content

• Overview
• Nagios agents
  • NRPE
  • NRDP
  • NSClient++
  • NCPA
• Nagios XI

About

This course gives students a benchmark comprehension of regular network safety dangers, weaknesses, and threats. A review of how essential digital assaults are built and applied to genuine frameworks is likewise included. Models incorporate basic Unix kernel hacks, Internet worms, and Trojan in programming utilities. Organization assaults, for example, distributed denial of service (DDOS) and botnet-assaults are likewise depicted and shown utilizing examples from the recent many years.

Natural scientific models are laid out, for example, the confidentiality/integrity/availability (CIA) security danger framework, and models are utilized to represent how these various sorts of threats can corrupt genuine resources. The course likewise incorporates a prologue to essential network safety hazard investigation, with a review of how danger resource grids can be utilized to focus on danger choices. Dangers, weaknesses, and assaults are inspected and planned with regards to framework security designing procedures.

Content

• Definitions
• Prevalence
• Cyberwarfare and cyberterrorism
• Factors
  • Spectacularity factor
  • Vulnerability factor
• Professional hackers to cyberterrorists
• Types of attack
  • Syntactic attacks
    • Viruses
    • Worms
    • Trojan horses

About

A penetration test, colloquially known as a pen test, pentest or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system; this is not to be confused with a vulnerability assessment. The test is performed to identify both weaknesses (also referred to as vulnerabilities), including the potential for unauthorized parties to gain access to the system's features and data, as well as strengths, enabling a full risk assessment to be completed.

Content

• History
• Tools
  • Specialized OS distributions
  • Software frameworks
• Penetration testing phases
  • Vulnerabilities
  • Payload

About

The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. It is owned by Boston, Massachusetts-based security company Rapid7.

Its best-known sub-project is the open-source Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive and related research.

The Metasploit Project includes anti-forensic and evasion tools, some of which are built into the Metasploit Framework. Metasploit is pre-installed in the Kali Linux operating system.

Content

• Features of the Metasploit framework
• Metasploit tools
• Metasploit environment
• Metasploit capabilities for Web Application Security

About

Backbone.js is a JavaScript library with a RESTful JSON interface and is based on the model–view–controller application design paradigm. Backbone is known for being lightweight, as its only hard dependency is on one JavaScript library, Underscore.js, plus jQuery for use of the full library. It is designed for developing single-page web applications, and for keeping various parts of web applications (e.g. multiple clients and the server) synchronized. Backbone was created by Jeremy Ashkenas, who is also known for CoffeeScript and Underscore.js.

When handling the DOM Backbone.js adopts an imperative programming style, in contrast with a declarative programming style (common in AngularJS using data-attributes).

Content

• Getting Started
  • Introduction
  • Models and Views
  • Collections
  • API integrations
  • Rendering
  • Routing
• Events
• Models
• Collection
• Router
• Utility
• Examples

About

You could be doing a better job of website security... If only there was a simple way to implement SSL with signed keys? PHP-CA is an easy to use and easy to administer Certificate Authority that runs in PHP.