2 hours 5 minutes
Hello, everyone and welcome to the course. Identifying Web attacks through logs.
The course was architected by Igor Vieira, with voiceover work from Jacob Feldman current.
Before we start, let me introduce Igor Vieira. Igor Vieira has a bachelor's degree in electrical engineering and a graduate study in cybersecurity.
He also has some I T certifications. He's been working with it for around 15 years.
He's passionate about technology and especially things related to networks and security.
And he also believes that education and knowledge have the power to change people's lives.
To have an idea about what we're gonna talk about in this course. First, let's check these two lines of Apache Web server logs.
Can you identify which one is suspicious?
Don't worry. If you don't have experience in log analysis.
First, let's analyze this lock.
Here we have the source access Request
the remote I. P.
Also, we have the http method
and the last is the Web server result.
Both have the same I P address and http method.
The difference is the Web server result.
During this course, you're going to see that the 200 means okay and four or four means not found
although there is another difference in the log line.
The requested file.
The first file is an image. The second is a well known Lennox file that contains all the passage from the users.
This looks suspicious.
Why would someone asked for the passwords
after the previous slide? Maybe you're thinking, Well, who should take this course?
You should take this course if you are a Web developer or server administrator that wants to understand Web application attacks. If you're a stock analyst interested in understanding Web application logs, if you're a seam administrator who wants to build better correlation rules, and if you're any I t professional. Who wants to understand more about Web attacks
to be successful with this course? Some of the prerequisites are basic operational system administration skills,
a basic understanding of TCP I, P http and Web applications,
a basic understanding of Web application attacks
and basic Web server administration skills and Linux and Windows.
This course will use presentations and quizzes
during this course. You're going to use a lab, and we perform some attacks in this lab.
Theater tax will generate logs, and we will analyze them
so each attack will have its own logs.
The course structure will be to review Web applications and infrastructure
review. The Web server logs,
simulates, UM, attacks like SQL injection and cross site scripting to generate logs
and use those logs to identify the attacks.
To make things more clear,
let's talk about course objectives and goals.
This course was built to give you a good understanding of Web server logs and to teach you how to use those logs to identify Web application attacks.
The summary is
understanding a Web server log and its information,
identifying suspicious activities and identifying Web application attacks.
The goal is that you can get some logs and say, if there is a suspicious behavior after log analysis
in this first video, we introduced the course, gave a description of the course and its structure,
and we ran through course objectives and goals.
In the next video, we will start the review.
We'll start with Web application architecture ER, followed by W W W and Web service and after http and html