Browser Exploits

Security Issues Remediation Cost

New Technology Deployment Concerns - Security Issues in System Decommissioning - Security of Email Communications Technologies - VoIP Traffic Encryption Obstacles - Security Best Practices for Mobile Devices - Unified Communications Technologies Definition - VoIP Deployment Concerns - Waterfall Development Methodology and Organizational Security - Application Development and Security Policy - Organizational Security Stake Holders - Security Events vs. Security Incidents - Vendor Minimum Obligations Document - Acceptable Internet Use Policy - RFC vs. ISO Standards - Security Conferences and Conventions - Security News Sources - Financial Considerations of Adding New Technologies - ESA Basics - CompTIA CASP Exam Study Guide - Risk Reduction Strategies - CVSS Metric Groups - CIA Triad Definition - Cost Benefit Analysis Basics - ROI Definition - Vulnerability Scanner Accuracy - Cracking HTTPS Traffic - Vulnerability Assessment Definition - Black Box Penetration Testing - Automate Vulnerability Testing - Circumventing JavaScript Validation Exploits - Web Application Compromise - Privilege Escalation Exploits - Buffer Overflow Exploit Prevention - Cross-Site Scripting Attack Types - Browser Exploits - Resource Exhaustion Exploits - SPML Automation - SAML Assertions for Resource Access - XACML Policies - Certificate Based Authentication - Single Sign On Authentication - Enterprise Service Bus Basics - Layer 2 Switch Security - Active Directory Service - Quality of Service Techniques - Virtual Storage Security Concerns - iSCSI Security Implications - SAN Advantages - Block-Level Storage Basics - Network Attached Storage Advantages - Virtual Desktop Infrastructure Advantages - Rogue Hypervisor Attack - Virtualization Components - Public Key Cryptography - Preventing Replay Attacks - MD5 Hash Security - Secure Hash Function - Certificate Authority Roles - Encryption Key Algorithm Security - Random Numbers and Entropy - Distinguishing Appropriate Cryptographic Tools and Techniques - Cryptographic Applications and Proper Implementation - Executing Advanced PKI Concepts - Function of Certificate Authorities - Web of Trust Scheme - Temporary Certificates & Single Sign-On - What is the Simple Public Key Infrastructure (SPKI)? - Online Certificate Status Protocol (OCSP) vs Certificate Revocation Lists (CRL) - Wildcard SSL Certificates - Issuance to End Entities in PKI - Wildcard Certificate Drawbacks - Common Use of PKI and its Three Main Categories - The Most Popular PKI Applications - Implications of Cryptographic Methods and Design on Privacy - How Privacy Should be Performed to Allow Lawful, Authorized Access - Description and Implications of Transport Encryption - Transport encryption Vs File Encryption - What are Digital Signatures? - The Algorithms of Digital Signature Guidelines - Hashing Explained - What is Code Signing and What is its Role in Security? - How Does Code Signing Provide Security? - Trusted Identification using a Certificate Authority (CA) - Alternatives to Certificate Authorities - Problems with Code Signing - Implementations of PKI - What is Non-Repudiation? - What is Entropy? - Role of Pseudo Random Number Generation in Security - What is Perfect Forward Secrecy - Confusion and Diffusion and Their Role in Cryptography - Advantages and Disadvantages of Virtualization - Types of Virtualization Technology - The Security Disadvantages of Virtualization - The Security Advantages of Virtualization - What is Storage Virtualization? - What is Distributed Computing? - What is Workspace Virtualization? - What is Server Virtualization? - Further Benefits of Virtualization - Securing a Virtualization Administrative Network - Securing virtual environments, appliances and equipment - What is a VLAN and How Does it Improve Security? - Which Virtual Networks Should Connect to the VM’s? - Best Practices to Managing the Guest OS - The First Step in Securing a Virtual Network - The Second Step in Securing Your Virtual Network – Software Firewalls - Anti-Virus Software, the Third Step in Securing a Virtual Environment - Physically Securing your Virtual Machines - A Deep Dive into VMWare Workstation - Vulnerabilities associated with a single platform hosting multiple companies’ virtual machines - The Security Burden of Scalability of Virtual Environments - Key Cloud Computing Characteristics - The Three Cloud Computing Delivery Models - The Four Cloud Deployment Models - The Primary Advantages of Cloud Comupting - Provisioning in Cloud Computing - De-provisioning in Cloud Computing - Concerns Regarding Data Remnants - Vulnerabilities with co-mingling of hosts with different security requirements - Breaking Out and Interacting with the Hypervisor – VMEscape - Improve Virtualization Security with Privilege Elevation - What is Virtual Desktop Infrastructure (VDI) - What is Terminal Services? - What is Storage Virtualization? - Two Types of Storage Virtualization - What is Network Attached Storage? - What are the Primary Benefits of Network Attached Storage (NAS)? - The Three Most Widely Used Storage Consolidation Architectures - What is a Storage Area Network (SAN)? - Storage Area Network Infrastructure – Fibre Channel Fabric Topology - The Primary Benefits of Using a Storage Area Network - The Three Levels of Threats in Storage Area Networks - Top Security Concepts of Security Area Networks - Performance Factors of Storage Area Networks - What is a Virtual Storage Area Network (VSAN)? - What is a iSCSI (Internet Small Computer System Interface) - What is Fibre Channel over Ethernet (FCoE)? - What is Logical Unit Number Masking (LUN Masking)? - What is Host Bus Adapter (HBA) Allocation? - What is Distributed File System (DFS)? - What is Secure Storage Management – Multipath? - What is Secure Storage Management – Snapshots? - What is Secure Storage Management – Data De-Duplication? - What is Remote Access? - Network Design and the Placement of Security Devices - The Role of SCADA Systems in Network Design - The Role of Voice Over IP (VOIP) in Network Design - What is IPv6 and What Role Does it Play in Network Design? - What is Stateless Address Auto-Configuration? - What is Multicast on IPv6? - The Role Internet Protocol Security (IPsec) in Network Design - Complex network security solutions for data flow - Considerations on secure data flows to meet changing business needs - What is Domain Name System (DNS)? - What are Directory Services? - Network Design Consideration, Building Layouts and Facilities Management - Network Topology – Bus, Ring, Star, Mesh and Wireless - Multi-tier networking data design considerations - Trends and considerations in network components - What are Deployment Diagrams and What is their Purpose? - Transport Layer Security and its Advantages Over SSL - What are Static Routes Router Settings and Why are they Secure? - What is the Enterprise Service Bus (ESB) Software Architecture Model? - What are the Main Functions of an Enterprise Service Bus (ESB)? - Using ESB with Atomic Services - What Service-Oriented Architecture? - What is Security Information and Event Management (SIEM)? - What is Database Access Monitor (DAM)? - What is Database Activity Monitoring and Prevention (DAMP)? - What are Service Enabled (SE) Applications? - What is Web Service Security (WS-Security)? - The Role of Security Controls for Hosts - What are Host-Based Firewalls? - What is Trusted Operating System (TOS)? - Two Techniques for End Point / Antivirus Security Software - Virus Removal as a Recovery Method - Operating System Re-installation as a Recovery Method - What is an Intrusion Prevention System (IPS)? - What is a Host-Based Intrusion Prevention System (HIPS)? - What is Host Hardening? - Group Policy Controls - Purpose, Use and Examples of Warning Banners - What is Asset Management (Inventory Control)? - What is data exfiltration? - What is a Host-Based IDS (HIDS) - What is a Network Intrusion Prevention System (NIPS)? - What is a Network Intrusion Detection System (NIDS)? - What is the Difference Between HIPS and NIPS? - What is Statistical Anomaly Detection Method? - The Route of Vulnerabilities in Applications - Web application security design considerations - Partition your application logically - Use abstraction to implement loose coupling between layers - Understand how components will communicate with each other - Consider caching to minimize server round trips in Web Apps - Implement Logging and Instrumentation - Consider authenticating users across trust boundaries - Design your Web application to run using a least-privileged account - Application Flaws – Cross Site Scripting (XSS) Vulnerabilities - What is Application Sandboxing? - The Importance of Secure Coding Standards - Privilege Escalation in Web Applications - Improper Storage of Sensitive Data in Web Applications - What is Fuzzing / Fault Injection? - Secure Cookie Storage and Transmission - Client-side processing vs. server-side processing - What is the Microsoft Ajax Library? - ASP.NET Script Controls and Extenders - What is ASP.NET State Management - Client-Based Techniques for State Management - What are Buffer Overflow Attacks? - What is Stack Overflow? - What is Format String Overflow? - What is an Integer Overflow? - What is Race Condition or Race Hazard? - What is a Memory Leak Compromise? - What is a Resource Exhaustion Attack? - What is Port Scanning? - Common Port Scanning Techniques - What is Vulnerability Assessment? - The Five Steps of Vulnerability Assessment - Risk Management – The Security Risk Implications of Business Decisions - The Impact of De-Perimiterization - Implementing a Risk Mitigation Strategy - Classify information types into levels of CIA based on organization / industry - Aggregate CIA Scores and Security Controls - Conducting System Specific Risk Analysis and Steps Required - What is Risk Determination? - Magnitude of Impact Model for Risk Analysis - Vulnerability Plausibility Rating, Factors and Levels - Decision Process for Security Control Application - The Four Methods of Handling Risk - How to Effectively Implement Security / Risk Controls - What is Enterprise Security Architecture (ESA) Framework? - Continuous Monitoring and Why it is Important - The Importance of Preparing for and Supporting Incident Response - What is E-Discovery? - What is Electronic Inventory and Asset Control - Data Retention Policies - What is Data Recovery? - Mitigation of Vulnerability or Breach Risk - What is a Data Breach? - The Role of Incident Reponse and its Relation to Incident Handling and Management - The Importance of a Privacy Policy in Data Protection - The Difference Between Security Policy and Privacy Policy - Factors that Determine the Need for Policy Development - Process Simulation - Legal Compliance Solution - Business Documents to Support Security, ISA and MOU - What is Personally Identifiable Information (PII)? - What is Separation of Duties (SoD)? - Job Rotation - Mandatory Vaction - Least Privilege / Minimal Privilege - How to Use Trend Analysis to Mitigate Risk and Improve Security - Technology Evolution, Internet Standards, ISO and RFC’s - What is Situational Awareness? - What are Client-Side Attacks? - What are Threats? - What is Global Information Architecture? - What is a Request for Proposal (RFP)? - What is a Request for Quote (RFQ)? - What is a Request for Information (RFI)? - What is an Agreement? - What is Benchmarking? - Why to Use Prototypes and Testing - Cost Benefit Analysis and How to Perform One - What is Return on Investment? - What is Total Cost of Ownership (TCO)? - What is Proactive Cyber Defense? - Review the Effectiveness of Your Existing Security - What is Reverse Engineering? - Performing a Security Solutions Analysis - What is Mean Time to Repair (MTTR)? - What is Mean Time Between Failures (MTBF)? - What is Emergency Management? - Conduct a Lessons Learned / After Action Review (AAR) - What is Guidance of Expert Judgement? - Integrating Security Across Disciplines - Understand the Disciplines and Functional Areas in Your Organization - Explain the security impact of inter-organizational change - Security Design Considerations During Mergers, Acquisitions and Demergers - Assuring third party products – only introduce acceptable risk - Commercial Off-The-Shelf Products and Their Security Challenges - Network Segmentation and Its Advantages - Delegation at the Authentication / Identity Level - Delegation at Authorization / Access Control Level - Catgorizing Security Controls by Time of Response to the Incident - Understand Unified Communications (UC) - What is Web Conferencing? - What is Video Conferencing? - What is Instant Messaging? - What is Desktop Sharing? - What is Remote Assistance? - What is the Concept of Presence in Telephony? - What is Telephony? - What is Voice over Internet Protocol (VoIP)? - What is Phreaking? - VoIP Vulnerabilities and Security Best Practices - Protocols that Employ VoIP - Enterprise Configuration Management of Mobile - External Communications Security - S/MIME (Secure/Multipurpose Internet Mail Extensions) - What is Secure Socket Layer (SSL)? - What is the Web Service Security (WS-Security)? - What is a Collaboration Platform? - Prioritizing Traffic and Data Flow with Quality of Service (QoS) - What is eXtensible Access Control Markup Language (XACML)? - What is Security Assertion Markup Language (SAML)? - What is Simple Object Access Protocol (SOAP)? - What is Single Sign-On (SSO) and its Benefits? - What is Service Provisioning Markup Language (SPML)? - What is Certificate-Based Authentication? - What is Attestation and What Makes it a Good Security Practice? - Carry out security activities across the technology life cycle - What is an End-to-End Solution (E2ES)? - The Importance of Understanding Results of Security Solutions in Advance - What is Decommissioning? - What is Change Management? - What is the System Development Life Cycle? - The Five Phases of Systems Development Life Cycle - What is the Security Development Lifecycle? - What is the Security Requirements Traceability Matrix (SRTM)? - What is Validation of Systems Design? -