Course Introduction

00:00

Hello, everyone and welcome to the course. Identifying Web attacks through logs.

00:05

The course was architected by Igor Vieira, with voiceover work from Jacob Feldman current.

00:11

Before we start, let me introduce Igor Vieira. Igor Vieira has a bachelor's degree in electrical engineering and a graduate study in cybersecurity.

00:19

He also has some I T certifications. He's been working with it for around 15 years.

00:25

He's passionate about technology and especially things related to networks and security.

00:29

And he also believes that education and knowledge have the power to change people's lives.

00:34

To have an idea about what we're gonna talk about in this course. First, let's check these two lines of Apache Web server logs.

00:41

Can you identify which one is suspicious?

00:44

Don't worry. If you don't have experience in log analysis.

00:48

First, let's analyze this lock.

00:50

Here we have the source access Request

00:54

the remote I. P.

00:56

Also, we have the http method

00:59

and the last is the Web server result.

01:03

Both have the same I P address and http method.

01:07

The difference is the Web server result.

01:11

During this course, you're going to see that the 200 means okay and four or four means not found

01:15

although there is another difference in the log line.

01:19

The requested file.

01:21

The first file is an image. The second is a well known Lennox file that contains all the passage from the users.

01:27

This looks suspicious.

01:30

Why would someone asked for the passwords

01:33

after the previous slide? Maybe you're thinking, Well, who should take this course?

01:38

You should take this course if you are a Web developer or server administrator that wants to understand Web application attacks. If you're a stock analyst interested in understanding Web application logs, if you're a seam administrator who wants to build better correlation rules, and if you're any I t professional. Who wants to understand more about Web attacks

01:59

to be successful with this course? Some of the prerequisites are basic operational system administration skills,

02:06

a basic understanding of TCP I, P http and Web applications,

02:09

a basic understanding of Web application attacks

02:13

and basic Web server administration skills and Linux and Windows.

02:17

This course will use presentations and quizzes

02:21

during this course. You're going to use a lab, and we perform some attacks in this lab.

02:25

Theater tax will generate logs, and we will analyze them

02:29

so each attack will have its own logs.

02:31

The course structure will be to review Web applications and infrastructure

02:36

review. The Web server logs,

02:38

simulates, UM, attacks like SQL injection and cross site scripting to generate logs

02:43

and use those logs to identify the attacks.

02:47

To make things more clear,

02:49

let's talk about course objectives and goals.

02:52

This course was built to give you a good understanding of Web server logs and to teach you how to use those logs to identify Web application attacks.

03:00

The summary is

03:01

understanding a Web server log and its information,

03:05

identifying suspicious activities and identifying Web application attacks.

03:09

The goal is that you can get some logs and say, if there is a suspicious behavior after log analysis

03:17

in this first video, we introduced the course, gave a description of the course and its structure,

03:23

and we ran through course objectives and goals.

03:25

In the next video, we will start the review.