Course Introduction

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
2 hours 5 minutes
Difficulty
Beginner
CEU/CPE
3
Video Transcription
00:00
Hello, everyone and welcome to the course. Identifying Web attacks through logs.
00:05
The course was architected by Igor Vieira, with voiceover work from Jacob Feldman current.
00:11
Before we start, let me introduce Igor Vieira. Igor Vieira has a bachelor's degree in electrical engineering and a graduate study in cybersecurity.
00:19
He also has some I T certifications. He's been working with it for around 15 years.
00:25
He's passionate about technology and especially things related to networks and security.
00:29
And he also believes that education and knowledge have the power to change people's lives.
00:34
To have an idea about what we're gonna talk about in this course. First, let's check these two lines of Apache Web server logs.
00:41
Can you identify which one is suspicious?
00:44
Don't worry. If you don't have experience in log analysis.
00:48
First, let's analyze this lock.
00:50
Here we have the source access Request
00:54
the remote I. P.
00:56
Also, we have the http method
00:59
and the last is the Web server result.
01:03
Both have the same I P address and http method.
01:07
The difference is the Web server result.
01:11
During this course, you're going to see that the 200 means okay and four or four means not found
01:15
although there is another difference in the log line.
01:19
The requested file.
01:21
The first file is an image. The second is a well known Lennox file that contains all the passage from the users.
01:27
This looks suspicious.
01:30
Why would someone asked for the passwords
01:33
after the previous slide? Maybe you're thinking, Well, who should take this course?
01:38
You should take this course if you are a Web developer or server administrator that wants to understand Web application attacks. If you're a stock analyst interested in understanding Web application logs, if you're a seam administrator who wants to build better correlation rules, and if you're any I t professional. Who wants to understand more about Web attacks
01:59
to be successful with this course? Some of the prerequisites are basic operational system administration skills,
02:06
a basic understanding of TCP I, P http and Web applications,
02:09
a basic understanding of Web application attacks
02:13
and basic Web server administration skills and Linux and Windows.
02:17
This course will use presentations and quizzes
02:21
during this course. You're going to use a lab, and we perform some attacks in this lab.
02:25
Theater tax will generate logs, and we will analyze them
02:29
so each attack will have its own logs.
02:31
The course structure will be to review Web applications and infrastructure
02:36
review. The Web server logs,
02:38
simulates, UM, attacks like SQL injection and cross site scripting to generate logs
02:43
and use those logs to identify the attacks.
02:47
To make things more clear,
02:49
let's talk about course objectives and goals.
02:52
This course was built to give you a good understanding of Web server logs and to teach you how to use those logs to identify Web application attacks.
03:00
The summary is
03:01
understanding a Web server log and its information,
03:05
identifying suspicious activities and identifying Web application attacks.
03:09
The goal is that you can get some logs and say, if there is a suspicious behavior after log analysis
03:17
in this first video, we introduced the course, gave a description of the course and its structure,
03:23
and we ran through course objectives and goals.
03:25
In the next video, we will start the review.
03:28
We'll start with Web application architecture ER, followed by W W W and Web service and after http and html
Up Next
Identifying Web Attacks Through Logs

This course will review web application infrastructure, web servers, and the logs associated with them. We will also simulate 10 attack scenarios and identify the attack through logs that are generated by the web server.

Instructed By