CompTIA Security+ (SY0-401) Threats and Vulnerabilities
CompTIA Security+ (2014 Objectives): Domain 3 - Threats and Vulnerabilities
What you'll learn
This course covers the material that comprises Domain 3.0 of the CompTIA Security+ SY0-401 certification exam. Topics include types of malware, adware, viruses, spyware and backdoors, along with various types of attacks, including man-in-the-middle attacks, DDoS, Smurf attacks, phishing, xmas attacks, bluesnarfing, bluejacking, dumpster diving, etc. Also covered are various types of application attacks including XSS, XSRF, LDAP injection, SQL injection attacks and the privacy concerns created by cookies, evercookies, LSO, and Flash cookies. Penetration testing and vulnerability scanning is also covered, along with ways to calculate risk when doing security assessments, code, design, and architecture reviews.
Table of contents
- Overview 2m
- Man-in-the-Middle 3m
- DDoS 5m
- Spoofing 1m
- Spam 1m
- Phishing 2m
- Spim 1m
- Vishing 2m
- Spear Phishing 1m
- Xmas Attack 3m
- Pharming 3m
- Privilege Escalation 2m
- Malicious Insider Threat 1m
- Transitive Access 1m
- Client-Side Attacks 2m
- Password Attacks 7m
- Typo Squatting/URL Hijacking 1m
- Watering Hole Attack 2m
- Module Review 1m
- Module Overview 2m
- What Is Social Engineering? 1m
- Shoulder Surfing 3m
- Dumpster Diving 2m
- Tailgating 3m
- Impersonation 2m
- Hoaxes 3m
- Whaling 1m
- Vishing 1m
- Principles (Reasons for Effectiveness)/Authority 2m
- Intimidation 1m
- Consensus/Social Proof 1m
- Familiarity/Liking 1m
- Trust 1m
- Scarcity/Urgency 1m
- Module Review 1m
- Module Overview 2m
- Cross-Site Scripting 3m
- Cross-Site Request Forgery 3m
- SQL and XML injection Attacks 6m
- Directory Traversal/Command Injection 2m
- Buffer Overflow Attacks 1m
- Integer Overflow Attacks 2m
- Zero-Day Attacks 2m
- Cookies and Attachments 2m
- Locally Shared Objects (LSO) 2m
- Flash Cookies 1m
- Malicious Add-ons 1m
- Session Hijacking 2m
- Header Manipulation 1m
- Arbitrary/Remote Code Execution 2m
- Module Overview and Interpreting Assessment Tools Results 4m
- Protocol Analyzers and Vulnerability Scanners 3m
- Honeypots and Honeynets 2m
- Port Scanners 2m
- Banner Grabbing 1m
- Passive vs. Active Tools 2m
- Risk Calculations 4m
- Assessment Types 1m
- Assessment Techniques and Baseline Reporting 1m
- Code Review 1m
- Determine Attack Surface 2m
- Review Architecture 1m
- Review Designs 1m
- Module Review 1m
- Module Overview 2m
- Verifying Threats and Bypassing Security Controls 3m
- Actively Testing Security Controls 1m
- Exploiting Vulnerabilities 1m
- Vulnerability Scanning 1m
- Testing Security Controls and Identifying Vulnerabilities 2m
- Identify Common Misconfigurations 2m
- Intrusive vs. Non-intrusive and Credentialed vs. Non-credentialed 3m
- False Positive 1m
- Black, White, and Gray Box Testing 2m
- Things to Remember 3m
- Module Review 1m