Many businesses operate networked infrastructure without any idea of the vulnerabilities they are exposing that can be exploited to gain unauthorized access to corporate information resources. One way for businesses to protect themselves is to regularly check their networks and systems as though they were bad guys. These vulnerabilities are related to configuration problems, bad software development processes and a variety of other common issues. The process of checking your own infrastructure is called ethical hacking. Students will learn the importance of ethical hacking and practice common methodologies for performing a penetration test against systems in order to expose vulnerabilities. This will include common attacks against Web services and vulnerable systems using a variety of professional tools.
Learning Objectives
- Describe ways to incorporate security into the design of software systems and Web server and e-commerce applications.
- Articulate best practices and user policies related to developing software systems and installing Internet server applications.
- Determine the security vulnerabilities of various software tools as well as various Web (and other) server applications software, and design mechanisms to mitigate those vulnerabilities.
- Describe the process for maintaining secure software and Internet server systems.
- Apply best information security practices for software systems to the specific needs of an organization.
- Select the optimal tools for implementing software systems and server-based Internet applications given project constraints.
- Document the impact and management of secure software and server systems, and the impact on the organization, for both professional peers and managers (technical and non-technical).
- Understand and use cryptography used on the web and the mechanisms for deploying a public key system.
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Specialty Areas
- Network Services
- Cyber Defense Analysis
- Cyber Defense Infrastructure Support
- Incident Response
- Vulnerability Assessment and Management
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.