Course Introduction

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
2 hours 5 minutes
Difficulty
Beginner
CEU/CPE
3
Video Transcription
00:00
Hello, everyone and welcome to the course. Identifying Web attacks through logs.
00:05
The course was architected by Igor Vieira, with voiceover work from Jacob Feldman current.
00:11
Before we start, let me introduce Igor Vieira. Igor Vieira has a bachelor's degree in electrical engineering and a graduate study in cybersecurity.
00:19
He also has some I T certifications. He's been working with it for around 15 years.
00:25
He's passionate about technology and especially things related to networks and security.
00:29
And he also believes that education and knowledge have the power to change people's lives.
00:34
To have an idea about what we're gonna talk about in this course. First, let's check these two lines of Apache Web server logs.
00:41
Can you identify which one is suspicious?
00:44
Don't worry. If you don't have experience in log analysis.
00:48
First, let's analyze this lock.
00:50
Here we have the source access Request
00:54
the remote I. P.
00:56
Also, we have the http method
00:59
and the last is the Web server result.
01:03
Both have the same I P address and http method.
01:07
The difference is the Web server result.
01:11
During this course, you're going to see that the 200 means okay and four or four means not found
01:15
although there is another difference in the log line.
01:19
The requested file.
01:21
The first file is an image. The second is a well known Lennox file that contains all the passage from the users.
01:27
This looks suspicious.
01:30
Why would someone asked for the passwords
01:33
after the previous slide? Maybe you're thinking, Well, who should take this course?
01:38
You should take this course if you are a Web developer or server administrator that wants to understand Web application attacks. If you're a stock analyst interested in understanding Web application logs, if you're a seam administrator who wants to build better correlation rules, and if you're any I t professional. Who wants to understand more about Web attacks
01:59
to be successful with this course? Some of the prerequisites are basic operational system administration skills,
02:06
a basic understanding of TCP I, P http and Web applications,
02:09
a basic understanding of Web application attacks
02:13
and basic Web server administration skills and Linux and Windows.
02:17
This course will use presentations and quizzes
02:21
during this course. You're going to use a lab, and we perform some attacks in this lab.
02:25
Theater tax will generate logs, and we will analyze them
02:29
so each attack will have its own logs.
02:31
The course structure will be to review Web applications and infrastructure
02:36
review. The Web server logs,
02:38
simulates, UM, attacks like SQL injection and cross site scripting to generate logs
02:43
and use those logs to identify the attacks.
02:47
To make things more clear,
02:49
let's talk about course objectives and goals.
02:52
This course was built to give you a good understanding of Web server logs and to teach you how to use those logs to identify Web application attacks.
03:00
The summary is
03:01
understanding a Web server log and its information,
03:05
identifying suspicious activities and identifying Web application attacks.
03:09
The goal is that you can get some logs and say, if there is a suspicious behavior after log analysis
03:17
in this first video, we introduced the course, gave a description of the course and its structure,
03:23
and we ran through course objectives and goals.
03:25
In the next video, we will start the review.
03:28
We'll start with Web application architecture ER, followed by W W W and Web service and after http and html
Up Next