Learning to break systems, legally and responsibly
This course introduces offensive security techniques used to assess system security. Students learn penetration testing methodologies, reconnaissance, vulnerability exploitation, and reporting. Ethical and legal considerations are emphasized to ensure responsible practice.
Advanced technical learners
This module covers the basic concepts and principles of web security, including types of threats and vulnerabilities, and common technologies and tools. It introduces students to the key issues and challenges related to protecting web applications, web servers, and networks from attack and exploitation.
This module introduces digital identity along with its associated processes such as determining the validity of an identity claim (Authentication) and dictating who is authorized to access information resources (Access Control). This chapter explains security flaws associated with Identification, Authentication, and Access Control. Different attack vectors are presented, and prevention measures and techniques are outlined.
This module explains the root cause of sensitive data exposure; namely, Cryptographic Failures. Different attack vectors are presented, and prevention measures and techniques are outlined.
This module covers the types of injection attacks, including SQL injection, command injection, and script injection. The module also covers the methods that attackers use to carry out injection attacks and the countermeasures that can be taken to prevent or mitigate these attacks.
This module covers the common web application design and architecture vulnerabilities that can be exploited by attackers and the best practices for avoiding these vulnerabilities. The module also covers the importance of following secure design principles throughout the development life cycle and the role of secure design in mitigating the risks of web security threats and vulnerabilities.
This module covers the common web application security misconfigurations that can be exploited by attackers and the best practices for avoiding these misconfigurations.
This module covers the principles and practices of identifying and managing the risks of using vulnerable and outdated software components in web applications, with a focus on the common vulnerabilities that can be introduced by using vulnerable and outdated components, and the best practices for avoiding these vulnerabilities.
This module covers the principles and practices of protecting the integrity of software and data in web applications, with a focus on the common integrity failures that can be exploited by attackers, and the best practices for avoiding these failures.
The module covers the principles and practices of security logging and monitoring in web applications, with a focus on the common logging and monitoring failures that can be exploited by attackers, and the best practices for avoiding these failures. The module also covers topics such as log management, event logging, and incident response.
The module covers the principles and practices of protecting web applications and servers from Server-Side Request Forgery (SSRF) attacks. SSRF is a type of attack in which an attacker is able to send arbitrary requests to a server from a vulnerable web application, in order to access protected resources or perform unauthorized actions.
Upon successful completion, learners will demonstrate: