National CAE Designated Institution
  • Online, Instructor-Led
Course Description

Many businesses operate networked infrastructure without any idea of the vulnerabilities they are exposing that can be exploited to gain unauthorized access to corporate information resources. One way for businesses to protect themselves is to regularly check their networks and systems as though they were bad guys. These vulnerabilities are related to configuration problems, bad software development processes and a variety of other common issues. The process of checking your own infrastructure is called ethical hacking. Students will learn the importance of ethical hacking and practice common methodologies for performing a penetration test against systems in order to expose vulnerabilities. This will include common attacks against Web services and vulnerable systems using a variety of professional tools.

Learning Objectives

  • Describe ways to incorporate security into the design of software systems and Web server and e-commerce applications.
  • Articulate best practices and user policies related to developing software systems and installing Internet server applications.
  • Determine the security vulnerabilities of various software tools as well as various Web (and other) server applications software, and design mechanisms to mitigate those vulnerabilities.
  • Describe the process for maintaining secure software and Internet server systems.
  • Apply best information security practices for software systems to the specific needs of an organization.
  • Select the optimal tools for implementing software systems and server-based Internet applications given project constraints.
  • Document the impact and management of secure software and server systems, and the impact on the organization, for both professional peers and managers (technical and non-technical).
  • Understand and use cryptography used on the web and the mechanisms for deploying a public key system.

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Network Services
  • Cyber Defense Analysis
  • Cyber Defense Infrastructure Support
  • Incident Response
  • Vulnerability Assessment and Management

Specialty Areas have been removed from the NICE Framework. With the recent release of the new NICE Framework data, updates to courses are underway. Until this course can be updated, this historical information is provided to give better context as to how it can help you with your cybersecurity goals.

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.