Explore security aspects focusing on OWASP Top 10 2017 Item A6: Security Misconfiguration, Item A5: Broken Access Control, and Item A4: XML External Entities in this 11-video course. Key concepts covered in this course include details about OWASP Top 10 2017 Item A6, and how security misconfigurations can come in many different forms and on different levels of a web application ecosystem; and learning how security misconfigurations can be mitigated. Next, learn how to lock down anonymous cloud storage access; observe how to disable SSLv3 on web browsers and web servers; and learn details about OWASP Top 10 2017 Item A5 broken access control, and how broken access control can be mitigated. Learners will then observe how to use the Microsoft Azure Cloud computing environment to create a shared access signature to limit access to sensitive files. Finally, learn the details about OWASP Top 10 2017 Item A4 covering XML external entities and how XML external entity vulnerabilities can be mitigated.

In this 11-video course, learners will discover security aspects focusing on OWASP Top 10 2017 Item A9: Using Components with Known Vulnerabilities; Item A8: Insecure Deserialization; and Item A7: Cross-Site Scripting (XSS). Key concepts covered in this course include details about OWASP Top 10 2017 Item A9, dealing with known vulnerabilities, and examining different types of common vulnerabilities; and details about OWASP Top 10 2017 Item A8, which involves insecure deserialization and transmission of objects between network hosts programmatically, or storage of an object in a file, such as storing something in a web browser cookie. Next, learn how insecure deserialization can be mitigated by treating it as user input; learn how to secure traffic by encrypting it with IPSec to protect serialized data; and learn details about OWASP Top 10 2017 Item A7 relating to XSS and how XSS can be mitigated. Finally, you will learn to perform a fuzz test by using OWASP ZAP; and how to identify insecure components, serialization, and XSS.

A number of high-level security controls such as web application firewalls and secure coding practices go a long way toward securing web applications. In this 10-video course, learners can explore vulnerability scanning and penetration testing tools and procedures. Key concepts covered in this course include learning to adhere to secure coding guidelines at all phases of the SDLC; how a web application firewall is much more of an in-depth solution for web application security than a traditional firewall; and how to configure a web application firewall for a Microsoft Azure web application. Next, learn why malicious users and ethical hackers perform network and vulnerability scans; learn the importance of conducting periodic penetration tests with the goal to exploit vulnerabilities to determine risk; how to perform a network scan by using Nmap, which identifies devices on the network. Conclude by observing how to perform a vulnerability scan using Nessus; and how to test the security of a web application with OWASP ZAP.

Without the ability to gain entry, hackers are powerless. Explore password security best practices, including establishing password strength, complexity, and age criteria.

Auditing information systems (ISs) requires a good audit plan and effective execution of that plan. Explore the practical knowledge required for performing an IS audit.

Physical security measures can help organizations protect personnel, hardware, software, and data from physical actions and events that could result in unauthorized or unwanted disclosure or theft of property. In this course, you'll learn how defense-in-depth solutions can provide multiple layers of security as well as the various types of physical security controls. Explore the importance of surge protectors, uninterrupted power supplies (UPS), and power generators, and discover how device security concerns should encompass all company-owned equipment. Discover why non-disclosure agreements (NDA) should be used in locations where proprietary information may be accessible to employees, vendors, or visitors, and explore how background checks should be an essential part of security management. Lastly, explore the importance of ensuring the correct level of security access levels. This course was originally created by Global Knowledge (GK).

A key component IS auditing professionals evaluate is an organization's logical access practices. Explore best practices for identification, authentication, authorization, and confidential information handling activities.

Public-key infrastructure (PKI) is the framework of encryption and cybersecurity used to safely distribute, verify and revoke certificates in an organization and manage public-key encryption. In this course, you will learn the fundamentals of PKI and explore considerations when implementing trust structures through technology and public key-based digital certificates. Explore PKI components including certification authorities, certificates, revocation lists, registration authorities, entities and certificate templates, and discover how certificate authorities (CA) are used to issue certificates to entities and manage trust relationships. Discover how to differentiate between root and subordinate CAs as well as internal and external PKIs, and explore public key certificates and how they can represent the digital identity of the subject. Lastly, explore common certificate acquisition methods including web, auto-enrollment, MMCs, and native consoles, and explore use cases for common access cards (CAC). This course was originally created by Global Knowledge (GK).

Information system audits examine network infrastructure management controls to determine compliancy. Explore best practices for risk and IT management, including change management, financial management, and human resources management.

Risk assessment allows you to identify and prioritize risk, while risk management allows you to analyze, mitigate, or accept risk. In this course, you'll explore risk assessment and management. You'll begin by examining the role Business Impact Analysis plays in risk management and what it accomplishes, before moving on to learn about various risk assessment and analysis approaches. Next, you'll explore the importance of risk mitigation and having a strategy for it, as well as how risk mitigation strategies fit into the risk management effort. You'll learn about the NIST SP 800-37 risk management framework and the steps involved, as well as the Risk Maturity Model and the associated five levels of risk management competency. Finally, you'll explore ongoing risk management, including what causes risk responses and acceptance to change, and the importance of patch management.