Security Event Triage: Revealing Attacker Methodology in Web Application Events
In this course on revealing web application attack methodology, you will explore the use of web application filters, app service logs, and web vulnerability scanners to reveal various advanced attacker techniques and detecting live web exploitations.
What you'll learn
Developing the skills necessary for a security analyst to accurately detect and triage adversary tactics and techniques applied to web applications requires experience with web application's baseline behavior and the use of advanced detection capabilities. Neither of which are easy to obtain. In this course, Security Event Triage: Revealing Attacker Methodology in Web Application Events, you will gain the foundation knowledge and experience with web application technologies and attacker methodologies required to protect your vital business functions. First, you will monitor the front door of applications for common attacks with web application firewalls on-premises and on major cloud platforms. Next, you will learn the logic behind hunting for behavioral anomalies generated by more advanced attacker activity and how to create machine learning jobs to identify this behavior in an automated way. Finally, you will discover how to leverage the same tools the attackers use to actively spot holes in your applications that pop up as new builds are released and mitigate the associated risk. When you finish this course, you will have the skills and knowledge of web application attack detection needed to implement continuous monitoring capabilities that protect the enterprise applications on which your organization depends.
Table of contents
- Introducing Web Application Firewalls 3m
- Understanding the Web Application Layer 2m
- Envisioning the On-premises Architecture 2m
- Visualizing Command Injection 1m
- Detecting Command Injection 16m
- Visualizing SQL Injection 2m
- Hunting for SQLi 4m
- Understanding Cross Site Scripting 2m
- Identifying Cross Site Scripting with Azure WAF 6m
- Defining Local and Remote File Inclusion Attacks 2m
- Blocking Local File Inclusion Vulnerabilities with AWS Firewall 6m
- Integrating Web Application Firewall Security with Security Operations 3m
- Introducing Behavioral Analysis for Web Applications 2m
- Visualizing Web Application Enumeration 2m
- Revealing Attacker Enumeration in Web Access Logs 11m
- Deciphering Automated Attacker Activity 2m
- Describing Denial of Service Behavior 1m
- Identifying Advanced DOS Attacks with Machine Learning 7m
- Generalizing Denial of Service Behavioral Detections 1m
- Understanding Timing Based SQL Injections 2m
- Identifying Timing Based SQL Injections 4m
- Summarizing Adversary Detections 2m
- Introducing Defensive Use of Web Application Scanning 2m
- Integrating Detections into Software Deployment Life Cycle 4m
- Understanding Threat of Third Party Software Threat 2m
- Using Web Application Attack Tools to Monitor Threat Surface 7m
- Specializing in Web Application Vulnerability Analysis 2m
- Leveraging Zed Attack Proxy to Test Custom Application 5m
About the author
Aaron M. Rosenmund is a cyber security operations subject matter expert, with a background in federal and business defensive and offensive cyber operations and system automation. Leveraging his administration and automation experience, Aaron actively contributes to multiple open and closed source security operation platform projects and continues to create tools and content to benefit the community. As an educator & cyber security researcher at Pluralsight, he is focused on advancing cyber secur... more