CompTIA Security+, Part 6 of 8: Attacks and Mitigation
Interactive

CompTIA Security+, Part 6 of 8: Attacks and Mitigation

LearnNow Online
Updated Aug 21, 2018
Book a demoTry it for free

Course description

In this course, certified technical trainer Ryan Hendricks delves into the multitude of ways an attacker can compromise an organization. Hendricks will discuss how session hacking is used to compromise Web servers and e-mail servers and also examine the security concerns regarding wireless and Bluetooth devices. This course will also reveal the tools that should be in every security professional’s tool belt as well as the latest mitigation, discovery, penetration and vulnerability testing techniques.

Each LearnNowOnline training course is made up of Modules (typically an hour in length). Within each module there are Topics (typically 15-30 minutes each) and Subtopics (typically 2-5 minutes each). There is a Post Exam for each Module that must be passed with a score of 70% or higher to successfully and fully complete the course.


Prerequisites

This course assumes that the user has working knowledge of networks and networking. Ideally, the user should have their CompTIA Network+ certification, but can be replaced with networking experience.


Meet the expert

Ryan Hendricks

Ryan Hendricks is an experienced instructor who teaches networking and security courses to IT professionals throughout the nation. He currently has the CompTIA Certified Technical Trainer (CTT+ Classroom) and the Cisco Certified Academy Instructor (CCAI) credentials. He holds certifications from (ISC)2, EC-Council, CompTIA, and Cisco. When not on the podium instructing, he delves into IT books, always looking to learn more and keep up with the latest security topics.

Video Runtime

108 Minutes

Time to complete

148 Minutes

Course Outline

Wireless & Application Threats

Wireless Attacks (16:53)

  • Introduction (00:28)
  • Rogue Access Points (01:24)
  • Jamming/Interference (01:21)
  • Evil Twin (01:29)
  • War Driving (00:59)
  • War Chalking (00:57)
  • Bluejacking (00:42)
  • Bluesnarfing (00:47)
  • IV Attack (01:27)
  • Packet Sniffing (01:38)
  • Near Field Communication (00:42)
  • Replay Attacks (00:34)
  • WEP/WPA Attacks (02:31)
  • WPS Attack (01:22)
  • Summary (00:25)

Application Attacks (08:47)

  • Introduction (00:17)
  • Zero-Day Attack (01:20)
  • Cookies and Attachements (02:07)
  • Locally-Shared Objects (00:23)
  • Malicious Add-Ons (00:55)
  • Session Hijacking (01:44)
  • Header Manipulation (00:39)
  • Arbitrary Code Execution (00:51)
  • Summary (00:27)

More Application Attacks (35:19)

  • Introduction (00:29)
  • Cross-Site Scripting (00:54)
  • Cross-Site Request Forgery (01:17)
  • Demo: Cross-Site Scripting (05:55)
  • SQL Injection (01:29)
  • Demo: SQL Injection (05:44)
  • Demo: Bypass Authentication (03:28)
  • XML Injection (00:28)
  • Directory Traversal (00:57)
  • Demo: Directory Traversal (04:17)
  • Command Injection (00:52)
  • Demo: Command Injection (04:49)
  • Buffer Overflow (00:44)
  • Integer Overflow (03:22)
  • Summary (00:26)
Mitigation Techniques

Mitigation Techniques (19:12)

  • Introduction (00:17)
  • Event Logs (00:47)
  • Audit Logs (01:08)
  • Security Logs (00:40)
  • Access Logs (00:30)
  • Hardening (04:13)
  • Network Security (04:10)
  • Security Posture (03:30)
  • Reporting (01:53)
  • Detection vs. Prevention (01:35)
  • Summary (00:26)

Discovery (15:43)

  • Introduction (00:23)
  • Security Assessment Results (00:57)
  • Tools (00:32)
  • Protocol Analyzer (01:17)
  • Vulnerability Scanner (00:56)
  • Honeypots (00:54)
  • Honeynets (00:28)
  • Port Scanner (02:22)
  • Passive vs. Active Tools (01:05)
  • Banner Grabbing (00:43)
  • Assessment Techniques (00:25)
  • Baseline Reporting (00:44)
  • Code Review (01:47)
  • Determine Attack Surface (01:04)
  • Review Architecture (01:07)
  • Review Designs (00:30)
  • Summary (00:23)

Penetration Testing (12:39)

  • Introduction (00:24)
  • Penetration Testing (01:02)
  • Identify Vulnerability (00:30)
  • Verify a Threat Exists (00:34)
  • Bypass Security Controls (00:49)
  • Actively Test Security Control (00:27)
  • Exploit Vulnerabilities (00:42)
  • Vulnerability Scanning (00:42)
  • Passively Testing Security (00:42)
  • Identify Lack of Security (00:37)
  • Identify Common Misconfigs (01:10)
  • Intrusive vs. Non-Intrusive (01:19)
  • Credentialed vs. Non (00:53)
  • Black Box (01:11)
  • White Box (00:28)
  • Gray Box (00:27)
  • Summary (00:35)
Related learning
CompTIA Security+, Part 5 of 8: Security and MalwareInteractive ⋅ 166 mins
CompTIA Security+, Part 7 of 8: Data Security AuthInteractive ⋅ 206 mins
Certified Virtualization Security Expert, Part 4 of 6: PenTest Tools and DMZInteractive ⋅ 173 mins
Certified Virtualization Security Expert, Part 2 of 6: Routing and SecurityInteractive ⋅ 136 mins

Explore more technology skills

IT Software
IT Software
Web Design and Development
Web Design and Development
Data & Analytics
Data & Analytics
Design and Animation
Design and Animation
Gaming and Games Development
Gaming and Games Development
Devops, Networking and Security
Devops, Networking and Security
Programming and Web Development
Programming and Web Development
Computer Science and Engineering
Computer Science and Engineering
;