Description
You will learn the fundamental skills required to become a successful Security Engineer. This programme will teach you how to safeguard a company's computer systems, networks, applications, and infrastructure against security threats or attacks.
Syllabus:
Course 1: Security Engineering Fundamentals
What is Security Engineering?
- Understand common strategies used by offensive and defensive security teams
- Identify and explain the discrete functions of security roles
- Use resources in order to be up-to-date on security issues
- Explain the difference between governance, compliance and privacy fields and how they relate to information security
Security Principles
- Define each element in the CIA triad and understand why they’re important to information security
- Define each element in Authentication, Authorization and Non-Repudiation and understand why they’re important to information security
- Explain OWASP and application of secure principles
- Explain the role of a security engineer when it comes to defining security requirements
- Explain the different pieces of security strategy, specifically policies and enforcement
Practical Cryptography
- Understand how encryption in transit works and when to apply it
- Understand conceptual and practical application of several common cryptographic techniques:
- Encryption
- Hashing
- Signing
- Authentication
- Certificates and Public Key Infrastructure
Risk Evaluation
- Explain vulnerabilities, asset valuation and mitigation and how they relate to one another
- Define and understand the process for threat modeling
- Understand strategies for evaluating risk and assigning priority
Security Review and Audit
- Explain the role of audit and how it relates to information security
- Understand infrastructure and control audits
- Understand design, code and architecture security reviews and when to utilize them
- Know how to find and implement best practices and industry requirements
- Create reports based on findings from security reviews
Project : TimeSheets
To log timesheets, your company uses a custom application called TimeSheets. This custom application was created entirely in-house.
Until recently, this application could only be accessed through the corporate network. Shortly after exposing TimeSheets to the outside world, the IT and security operations teams began to notice unusual TimeSheet behaviour.IT has observed a high number of users reporting incorrect data in the system. The security operations centre has detected logins from unusual locations and at unusual times.
After filing an incident, it was discovered that unauthorised logins were taking place.After the incident was resolved, your team was asked to come in and evaluate the application and make recommendations. The initial threat model for the incident was completed by a senior security engineer on your team.During the threat model, your colleague discovered the incident's root cause as well as several other vulnerabilities, all of which are related to encryption. Your colleague has asked you to finish their work because they have other obligations.
Course 2: System Security
Identifying Vulnerabilities
- Explore operating system’s security model
- Understand CVEs and third party advisory reports
- Detect vulnerabilities in software and third-party libraries
- Patch identified vulnerabilities
Authentication
- Explore Unix password storage management and its security features
- Defend remote service authentication mechanisms & server hardening principles
- Implement encryption for data at rest and in motion
Authorization
- Understand access controls and their implementation as a means for securing data
- Explore ways to detect unauthorized services and processes and how to remediate them
- Use networking features to prevent unauthorized access to the system or server Need Help? Speak with an Advisor: www.udacity.com/advisor Security Engineer | 6 LEARNING OUTCOMES
Isolation
- Learn how to implement a chroot jail enhance system security
- Understand mandatory access control and how it differs from discretionary access control
- Understand advanced attacks like buffer overflows
Auditing
- Implement auditing controls on critical files and services
- Implement host-based intrusion detection
- Implement file integrity monitoring through osquery
- Detect the presence of malware through system scans
- Write YARA rules for advanced threat hunting
Project: Responding to a Nation-State Cyber Attack
South Udan is a peaceful and technologically advanced small island nation. North Udan, its neighbour, conducts a cyber attack on their nuclear reactor plant in order to disrupt their advanced research on generating clean energy using Tridanium.Your task will be to apply what you've learned in class to investigate a Linux virtual image taken from a compromised server during North Udan's cyber espionage campaign.By developing scanning, monitoring, and auditing tools, you will work to identify the infection chain as well as assess and improve the system's resilience against malicious attacks.
Course 3: Infrastructure Security
Infrastructure Security Assessment
- Identify the importance of asset management
- Recognize shadow IT and BYOD risks
- Identify the importance of system & third-party updates
- Perform software inventory
- Define a golden image
- Identify industry security frameworks
- Apply security framework to hardware and software assets
Access Management
- Identify the importance of firewalls & access control lists
- Apply firewall, ACL-applicable best practices
- Implement VLANs & network segmentation
- Identify web application vulnerabilities
- Use WAF to protect web applications
- Apply Microsoft networks domain isolation & IPSec policies
- Implement remote access management
- Identify IPv6 risks & vulnerabilities
- Protect access to the perimeter Need Help? Speak with an Advisor: www.udacity.com/advisor Security Engineer | 8 LEARNING OUTCOMES
Monitoring & Detection
- Identify the importance of network monitoring
- Use Wireshark and tcpdump for packet analysis
- Implement best practices for Windows event logs
- Monitor activity with Windows Sysmon, Syslog and Linux auditing
- Understand the importance of endpoint security and monitoring
- Identify and implement centralized logging best practices
- Assess the need for a SIEM
- Apply adversarial simulation
Identity Access Management
- Apply principle of least privilege
- Apply segregation of duties
- Identify suitable Access Control Models (RBAC, MAC)
- Audit access and permissions
- Identify and apply best practices to service-to-service communication and encryption
- Implement enterprise key and certificate management
- Implement best practices in credential managers
- Audit password policy
- Implement multi-factor authentication
- Mitigate third-party risk
Top Security Failures
- Utilize Nmap for discovery of network hosts
- Implement Nmap best practices for vulnerability discovery
- Implement vulnerability management
- Utilize backup best practices
- Recommend and implement a disaster recovery plan
- Identify and recommend mitigations for:
- Exposed services, unnecessary accounts, excessive permissions
- Denial-of-services protocols
- Unpatched services
- Weaknesses in ciphers
Project: Adversarial Resilience: Assessing Infrastructure Security
NuttyUtility recently acquired the StaticSpeeds company. We must decide whether or not StaticSpeeds systems should be integrated into NuttyUtility's larger network and infrastructure. Your task will be to compare CIS Benchmarks at StaticSpeeds to Windows and Linux operating systems.You will also need to perform a vulnerability scan with Nmap and generate a comprehensive report that includes all of the required CIS Benchmark checks and vulnerabilities discovered in these systems. Finally, based on your findings, you will make a recommendation and determine whether StaticSpeeds systems are ready to be integrated into the NuttyUtility extended network.
Course 4: Application Security
Common Web Application Vulnerabilities
- Learn about OWASP organization
- The history behind OWASP Top 10 list
- Overview of each of the OWASP Top 10 items
- Best Practice to mitigate each item in the OWASP Top 10
Web Penetration Testing
- You will learn how to do basic reconnaissance
- How to simulate different attack vectors
- How to Brute Force login a web application
- Go over hashes and how to use them
- Look at how to perform hash lookup Need Help? Speak with an Advisor: www.udacity.com/advisor Security Engineer | 10 LEARNING OUTCOMES
Discovery Methodologies
- Learn about Static Application Security Test (SAST)
- Perform SAST on test code
- Learn to read a SAST report
- Prioritization of Vulnerabilities using Risk Factor Calculation
- Best Practice for Vulnerabilities
Vulnerability Response
- Learn how to write a Vulnerability Report
- Go through how to write a Walk Through for Vulnerabilities
- Set Severity for the Vulnerabilities using Common Vulnerability Scoring System (CVSS) v3.1
Mitigation and Verification
- Learn about Software Development Life Cycle (SDLC)
- How to modify the SDLC to incorporate Security testing
- Work with both Development and QA to improve security posture
Project: Vulnerable Web Application
You've been hired by USociety, a startup company that has received reports from the well-known hacker group fcity that their customer data has been compromised. They require you to determine how the attackers gained access to their system, extracted all of their customers' data, and any other security flaws in their application. This security audit is the company's top priority, and they need your assistance.
You will need to review some static code to assist in identifying and prioritising all vulnerabilities, as well as making recommendations on how to best mitigate these vulnerabilities. You will also need to manually test the vulnerable web application to identify all vulnerabilities and create documentation to assist the development team in patching the code.The documentation clearly outlines the steps required to reproduce the security issue as well as best practises to assist the development team in better understanding the issue.