Security+ Certification - Threats and Vulnerabilities Domain

Pass the 'Threats and Vulnerabilities' section of the Security+ exam.

This course is for beginners and IT pros looking to get certified and land an entry level Cyber Security position paying upwards of six figures! There are currently over a million Cyber Security job openings global and demand is greatly outpacing supply which means more opportunity, job security and higher pay for you!

The Security+ exam covers six domains and this course focuses on the third domain which is 'Threats and Vulnerabilities'' domain.

Malware
Cyber attacks
DNS Security
Social engineering
Wireless attacks
Advanced wireless attacks
XSS - Cross-Site Scripting attacks
Buffer overflows
Security testing tools
SIEM - security information and events management
Platform hardening and baselining
Honeypots and honey nets
Vulnerability scanning and pen testing
Threat modeling
In Malware section we will define Malware categories and characteristics and talk through protective countermeasures to keep networks, systems and data safe from compromise.

There are so many different types of attacks sometimes it can be challenging to address them all within the context of our various lessons. So in the Cyber Attacks lesson I’ve pulled together some attack types that haven’t necessarily been covered in the other sections. When the internet was originally architected services such as DNS weren’t necessarily designed with security in mind. You will learn about DNS vulnerabilities, attacks and DNS Security protocols as part of the DNS Security lesson

Understand social engineering in the context of information security, which refers to psychological manipulation of people into performing actions or divulging confidential information.You will learn the basics of modern wireless security protocols, vulnerabilities, attacks and defense mechanisms in the wireless attacks lesson.Wireless networks represent the softest and most common entry point for hackers. We will talk about advanced wireless attacks and how to prevent them.

XSS and Injection are some of the top techniques used by attackers to compromise websites and user data. Learn how to test for XSS vulnerabilities, identify exploits and protect against them. Attack applications using buffer overflow techniques in order to execute arbitrary malicious code and we will also identify ways to mitigate these attacks.

There are practically an infinite number of security testing tools available both free and paid. In the security testing tools lesson we will begin to scratch the surface of some of these common tools and identify how we categorize them and their uses. Management of logs are a key component of operational security. These days the velocity, variety and volume of data collected via logs has catapulted log management into the realm of Big Data. You will learn how to effectively manage these logs and derive useful security information from them in the lesson on SIEM.

Minimizing the attack surface area of operating systems, databases and applications is a key tenet of operational security. I will show you techniques for OS/DB and App hardening. Luring attackers away from critical data and studying their behavior can help us to protect the data that matters most. You will learn how to use honeypots to tie up attackers and find out what they are up to.

Vulnerability Assessment and Pen Testing are often terms that are used interchangeably. In this section we will walk through some of the differences and commonalities between the two.