Powered by Dadonet Academy Srl
Il corso è composto da 8 lezioni da 5 ore ciascuna
Orario 8:30 – 13:30

PROGRAMMA

Part I: Threats, Attacks, and Vulnerabilities

1. Social Engineering Techniques

The Social Engineer

Phishing and Related Attacks

Principles of Influence (Reasons for Effectiveness)

2. Attack Basics

Malware

Physical Attacks

Adversarial Artificial Intelligence (AI)

Password Attacks

Downgrade Attacks

3. Application Attacks

Race Conditions

Improper Software Handling

Resource Exhaustion

Overflows

Code Injections

Driver Manipulation

Request Forgeries

Directory Traversal

Replay Attack

Secure Sockets Layer (SSL) Stripping

Application Programming Interface (API) Attacks

Pass-the-Hash Attack

4. Network Attacks

Wireless

Man-in-the-Middle

Layer 2 Attacks

Domain Name System (DNS) Attacks

Denial of Service

Malicious Code and Script Execution

5. Threat Actors, Vectors, and Intelligence Sources

Threat Actor Attributes

Threat Actor Types

Vectors

Threat Intelligence and Research Sources

6. Vulnerabilities

Cloud-Based vs. On-Premises

Zero-Day

Weak Configurations

Third-Party Risks

Impacts

7. Security Assessment Techniques

Vulnerability Scans

Threat Assessment

8. Penetration Testing Techniques

Testing Methodology

Team Exercises

Part II: Architecture and Design

 

9. Enterprise Security Concepts

Configuration Management

Data Confidentiality

Deception and Disruption

10. Virtualization and Cloud Computing

Virtualization

On-Premises vs. Off-Premises

Cloud Models

11. Secure Application Development, Deployment, and Automation

Application Environment

Integrity Measurement

Change Management and Version Control

Secure Coding Techniques

Automation and Scripting

Scalability and Elasticity

12. Authentication and Authorization Design

Identification and Authentication, Authorization, and Accounting (AAA)

Multifactor Authentication

Single Sign-on

Authentication Technologies

13. Cybersecurity Resilience

Redundancy

Backups

Defense in Depth

14. Embedded and Specialized Systems

Embedded Systems

SCADA and ICS

Smart Devices and IoT

15. Physical Security Controls

Perimeter Security

Internal Security

Equipment Security

Environmental Controls

Secure Data Destruction

16. Cryptographic Concepts

Cryptosystems

Use of Proven Technologies and Implementation

Steganography

Cryptography Use Cases

Cryptography Constraints

Part III: Implementation

17. Secure Protocols

Secure Web Protocols

Secure File Transfer Protocols

Secure Email Protocols

Secure Internet Protocols

Secure Protocol Use Cases

18. Host and Application Security Solutions

Endpoint Protection

Application Security

Hardware and Firmware Security

Operating System Security

19. Secure Network Design

Network Devices and Segmentation

Security Devices and Boundaries

20. Wireless Security Settings

Access Methods

Wireless Cryptographic Protocols

Authentication Protocols

Wireless Access Installations

21. Secure Mobile Solutions

Communication Methods

Mobile Device Management Concepts

Enforcement and Monitoring

Deployment Models

22. Cloud Cybersecurity Solutions

Cloud Workloads

Third-Party Cloud Security Solutions

23. Identity and Account Management Controls

Account Types

Account Management

Account Policy Enforcement

24. Authentication and Authorization Solutions

Authentication

Access Control

25. Public Key Infrastructure

PKI Components

Part IV: Operations and Incident Response

26. Organizational Security

Shell and Script Environments

Network Reconnaissance and Discovery

Packet Capture and Replay

Password Crackers

Forensics and Data Sanitization

27. Incident Response

Attack Frameworks

Incident Response Plan

Incident Response Process

Continuity and Recovery Plans

28. Incident Investigation

SIEM Dashboards

Logging

Network Activity

29. Incident Mitigation

Containment and Eradication

30. Digital Forensics

Data Breach Notifications

Strategic Intelligence/Counterintelligence Gathering

Track Person-hours

Order of Volatility

Chain of Custody

Data Acquisition

Part V: Governance, Risk, and Compliance

31. Control Types

 

Nature of Controls

Functional Use of Controls

Compensating Controls

32. Regulations, Standards, and Frameworks

Industry-Standard Frameworks and Reference Architectures

Benchmarks and Secure Configuration Guides

33. Organizational Security Policies

Policy Framework

Human Resource Management Policies

Third-Party Risk Management

34. Risk Management

Risk Analysis

Risk Assessment

Business Impact Analysis

35. Sensitive Data and Privacy

Sensitive Data Protection

Privacy Impact Assessment