Det finnes mange kurs i Websikkerhet, og det er mange kursleverandører å velge mellom. For å finne Websikkerhet kurs fra en spesifikk leverandør, kan du scrolle gjennom listen av kursleverandører som tilbyr Websikkerhet kurs. Vi håper du finner alle de kurs innen Websikkerhet du leter etter. Hvis du ikke finner kurs med startdato som passer deg, ta gjerne kontakt med oss, slik at vi kan komplettere våre kursoversikt med Websikkerhet kurs fra andre kursleverandører som tilbyr kurs til ytterligere startdatoer.
This course is just a great workshop that teaches how to implement securing technologies one at a time. [+]
This course is just a great workshop that teaches how to implement securing technologies one at a time. The course covers all aspects of Windows infrastructure security that everybody talks about and during the course you will learn how to implement them! Our goal is to teach you how to design and implement secure infrastructures based on the reasonable balance between security and comfort with great knowledge of attacker’s possibilities.
This is a deep dive course on infrastructure services security, a must-go for enterprise administrators, security officers and architects. It is delivered by one of the best people in the market in the security field – with practical knowledge from tons of successful projects, many years of real-world experience, great teaching skills and no mercy for misconfigurations or insecure solutions. In this workshop you will investigate the critical tasks for a high-quality penetration test. We will look at the most efficient ways to map a network and discover target systems and services. Once it has been done, we will search for vulnerabilities and reduce false positives with manual vulnerability verification. At the end we will look at exploitation techniques, including the use of authored and commercial tools. In the attack summary we will always go through the securing techniques.
Exploits are not the only way to get to systems! We will go through the operating systems’ build in problems and explore how they can be beneficial for hackers! One of the most important things to conduct a successful attack is to understand how the targets work. To the bones! Afterwards everything is clear and the tool is just a matter of our need.
The course covers all aspects of Windows infrastructure security from the hacker’s mind perspective! Our goal is to show and teach you what kind of mechanisms are allowing to get inside the infrastructure and how to get into operating systems. After the course you will gain penetration tester’s knowledge and tools. To get more practice we offer three extra weeks of labs online!
All exercises are based on Windows Server 2016 and 2019, Windows 10 and Kali Linux. This course is based on practical knowledge from tons of successful projects, many years of real-world experience and no mercy for misconfigurations or insecure solutions!
Module 1: Hacking Windows Platform
a) Detecting unnecessary servicesb) Misusing service accountsc) Implementing rights, permissions and privileges
Module 2: Top 50 tools: the attacker's best friends
a) Practical walkthrough through toolsb) Using tools against scenariosc) Tools for Red Team / Pentestersd) Tools for Blue Team
Module 3: Modern Malware
a) Techniques used by modern malwareb) Advanced Persistent Threatsc) Fooling common protection mechanisms
Module 4: Physical Access
a) Misusing USB and other portsb) Offline Access techniquesc) BitLocker unlocking
Module 5: Intercepting Communication
a) Communicating through firewallsb) Misusing Remote Accessc) DNS based attacks
Module 6: Hacking Web Server
a) Detecting unsafe serversb) Hacking HTTPSc) Distributed Denial of Service attacks
Module 7: Data in-Security
a) Using incorrect file servers’ configurationb) Basic SQL Server attacksc) Detecting and attacking common network servers
Module 8: Identity attacks
a) Pass-the-Hash attacksb) Stealing the LSA Secretsc) Modern identity attacks techniques
Module 9: Hacking automation
a) Misusing administrative scriptsb) Script based scanningc) PowerShell for pen-testers
Module 10: Designing Secure Windows Infrastructure
a) Modern attacks and prevention techniquesb) Malware execution preventionc) Enterprise scale security challenges
Module 11: Securing Windows Platform
a) Defining and disabling unnecessary servicesb) Implementing secure service accountsc) Implementing rights, permissions and privilegesd) Code signing
Module 12: Malware Protection
a) Malware investigation techniquesb) Analyzing cases of real malwarec) Implementing protection mechanisms
Module 13: Managing Physical Security
a) Mitigating Offline Accessb) Implementing and managing BitLocker
Module 14: Public Key Infrastructure Security
a) Role and capabilities of the PKI in the infrastructureb) Designing PKI architecture overviewc) PKI security – Best practices
Module 15: Securing Network Communication
a) Deploying and managing Windows Firewall – advanced and useful featuresb) Deploying and configuring IPsecc) Deploying DNS and DNSSEC
Module 16: Securing Web Server
a) Configuring IIS features for securityb) Working with SSL Certificate Supportc) Monitoring Web Server resources and performanced) Deploying Distributed Denial of Service attack preventione) Deploying Network Load Balancing and Web FarmsModule
Module 17: Mitigating the identity attacks
a) Pass-the-Hash attack preventionb) LSA protection
c) Credential Guard [-]
This course helps you to develop a security-oriented mindset. It explores the way the web works, so you have a way to understand how various vulnerabilities arise. [+]
The web is a great software delivery platform, making your software available to users around the world with zero installation and easily deployed updates. Unfortunately, it also exposes you to an army of adversaries - some human, some bot - who have darker goals: to cause loss to your data or reputation, subvert your resources for their own gain or attack your user base.
This course helps you to develop a security-oriented mindset. It explores the way the web works, so you have a way to understand how various vulnerabilities arise. Then, with those foundations laid, it covers a range of common and less common vulnerabilities, how an attack based on them would be constructed, and how you can recognize and defend against them.
What might an attacker want?
HTTP Strict Transport Security header
Cross Site Scripting
DOM Based XSS
Content Security Policy
Headers and directives
Cross site request forgery (CSRF)
Synchronizer Token Pattern
Double Submit Cookies
File path injections
Authentication & Authorisation
Form based authentication
Securing the session
Denial-of-Service (DoS) attacks
Application level attacks
Regular Expression attacks
XML DoS attacks
Secure password storage
Salt and pepper
Source control leaks
SQL Timing attacks
Login timing attacks
Response header leakage
Search engine leakage
Logging & monitoring
Knowing when the site is under attack
Attacking our site
How can we start hacking our self
Hack your self
About the instructor: Tore Nestenius
Tore has worked as a consultant since 1997 and is a very knowledgeable system developer and has in the past worked for large companies like Ericsson and Flextronics. Early in his career, Tore Nestenius started Programmers Heaven - a portal with over 750 000 monthly users. He’s behind several other successful projects like CodePedia - a Wiki for developers, the Open Source project TNValidate, and the C# School e-book with over 100 000 downloads.
Instructor-Led Virtual - Live Online Training - 4 halve dager
15.00 - 18.30 [+]
This course is intended for people in the fields of public cloud security and cybersecurity, or for anyone who wants to learn how to secure remote networks and mobile users.
Successful completion of this two-day, instructor-led course will help enhance your understanding of how to better protect your applications, remote networks, and mobile users using a SASE implementation. You will get detailed instruction on configuring, managing, and troubleshooting Prisma Access in a production environment.
Security Engineers, Security Administrators, Security Operations Specialists, Security Analysts, and Network Engineers
1 - Prisma Access Overview
2 - Planning and Design
3 - Activate and Configure
4 - Security Processing Nodes
5 - Panorama Operations for Prisma Access
6 - Remote Networks
7 - Mobile Users
8 - Tune, Monitor, and Troubleshoot
9 - Manage Multiple Tenants
10 - Next Steps