Topic 1: Overview of Cybersecurity
a. Definition and importance of cybersecurity.
b. Common threats: phishing, malware, and data breaches.
c. Key concepts: Confidentiality, Integrity, and Availability (CIA).
d. Introduction to the course structure and references.
Lab Session on Topic 1
a) Set up a lab environment with VirtualBox/VMware and Kali Linux.
b) Tool familiarization: brief overview of Kali tools (e.g., terminal, browser).
Topic 2: Basics of Web Communication
a) Overview of HTTP requests/responses, cookies, and sessions.
b) Basic web application architecture and data flow.
Lab Session on Topic 2
Use browser developer tools to observe HTTP requests and cookies.
Topic 3: Threat Modeling Basics
a) Introduction to identifying assets, threats, and vulnerabilities.
b) Techniques for creating basic threat models.
c) Overview of popular threat modeling frameworks (e.g., STRIDE, PASTA)
Lab Session on Topic 3
Create a threat model for a sample login page.
Topic 4: OWASP Top 10 Overview
a) High-level overview of each vulnerability category:
b) Broken Access Control
c) Cryptographic Failures
d) Injection
e) Insecure Design
f) Security Misconfiguration
g) Vulnerable and Outdated Components
h) Identification and Authentication Failures
i) Software and Data Integrity Failures
j) Security Logging and Monitoring Failures
k) Server-Side Request Forgery (SSRF)
Lab Session on Topic 4
Complete the “OWASP Top 10” room to gain familiarity with common vulnerabilities.
Topic 5: Broken Access Control
a) Authentication vs. authorization.
b) Common issues: forced browsing, privilege escalation.
Lab Session on Topic 5
Complete exercises in the “Broken Access Control”.
Topic 6: Cryptographic Failures
a) Importance of encryption for data in transit and at rest.
b) Best practices: using TLS/HTTPS and salting passwords.
Lab Session on Topic 6
Use SSL Labs to check SSL/TLS configurations.
Topic 7: Injection Attacks
a) SQL and command injection examples.
b) Prevention: parameterized queries and input validation.
Lab Session on Topic 7
Explore the “SQL Injection” machine and perform SQL injection tasks.
Topic 8: Security Misconfiguration
a) Common issues: default credentials and open ports.
b) Hardening systems with secure configurations.
Lab Session on Topic 8
Scan local VM using Nmap and fix identified issues.
Topic 9: Vulnerable and Outdated Components
a) Risks of unpatched dependencies.
b) Tools for tracking vulnerabilities, such as OWASP Dependency-Check.
Lab Session on Topic 9
Analyze dependencies of a small demo project.
Topic 10: Identification and Authentication Failures
a) Issues with weak login forms and poor session management.
b) Enhancements: multi-factor authentication and lockout mechanisms.
Lab Session on Topic 10
Explore the “Authentication Bypass” virtual machine and implement fixes.
Topic 11: Software and Data Integrity Failures
Supply chain attacks and secure deployment practices.
Lab Session on Topic 11
Compare file checksums to verify integrity.
Topic 12: Server-Side Request Forgery (SSRF)
Risks of SSRF and preventive measures.
Lab Session on Topic 12
Explore SSRF scenarios in the “SSRF Found” server.
Topic 13: Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF)
How XSS and CSRF attacks work and their mitigations.
Lab Session on Topic 13
Test XSS and CSRF scenarios in the “XSS Playground” machine and implement fixes.
Topic 14: Security Logging and Monitoring Failures
a) Importance of capturing relevant events.
b) Basic monitoring tools.
Lab Session on Topic 14
Enable and review logs in a simulated environment.
Topic 15: Security Testing Recap
Penetration testing basics: reconnaissance, scanning, exploiting, and reporting.
Lab Session on Topic 15
Perform a security test using OWASP ZAP.
Topic 16: Real Project.
a) Secure a vulnerable web application.
Steps:
1. dentify key vulnerabilities using manual and automated tools (e.g., OWASP ZAP, Burp Suite).
2. Implement fixes for identified vulnerabilities, documenting the changes made.
3. Generate a detailed report with findings, fixes, and recommendations for future improvements.
b) Final submission:
1. Present the approach, key learnings, and results to the class.
2. Participate in a Q&A session for peer and instructor feedback.
Topic 17: Continuous Learning in Cybersecurity
a) Exploration of Career Paths:
b) Roles: Penetration Tester, SOC Analyst, Cybersecurity Consultant, and more.
c) Certifications: CompTIA Security+, Certified Ethical Hacker (CEH), OSCP, etc.
d) Resources for Ongoing Education:
1) Platforms: TryHackMe, HackTheBox.
2) Communities: OWASP, local security meetups, and online forums.
e) Practical Steps for Growth:
1) Set up a personal lab for continuous practice.
Stay updated with cybersecurity news and trends.
Build a portfolio by documenting solved challenges and project
Course Duration : 3 Month, Weekly 2 Days Class. Online Zoom
Course Fee : 12000 BDT
Trainer : Shamem Ahmad. Independent Cyber Security Researcher.
To reward your hard work and dedication, we will be giving away 3 TryHackMe Premium 1-Month Coupons to the top performers of the final exam!