LTI-link eAcademy.opencourses.be This course is one of the materials used as part of the security awareness course. The content is intended to describe actions that anyone can take to improve information security.

Discover why the ISO 27001-2022 standard is one of the most popular frameworks for building effective cybersecurity programs and learn what it takes to comply with and get certified as compliant with this standard. In this course, cybersecurity director Marc Menninger provides an overview of how to build an ISO 27001-2022-compliant cybersecurity program. Learn what this standard is and discover why it is used around the world as the guidebook for constructing information security programs that work. Dive into how the standard is organized and get a description of the certification process. Explore a step-by-step plan that you can follow if you want to build a cybersecurity program that complies with the ISO 2700-2022 standard. Additionally, go over gaps and criticisms of the standard and examine ways to fill those gaps. With the information in this course, you can begin to build a cybersecurity program that is both effective and compliant with ISO 27001-2022.Topics include:Deze cursus is enkel beschikbaar in het Engels. Als dit voor u geen probleem vormt, dien dan gerust uw aanvraag in.This course is in French only. If this is not a problem for you, by all means go ahead and apply.Apply for this course

Hackers target PHP web applications more often than other sites because most PHP code is written by developers with little security experience. Protecting web applications from these attacks has become an essential skill for all PHP developers. PHP: Creating Secure Websites shows you how to meet the most important security challenges when developing websites with PHP. Instructor Kevin Skoglund covers the techniques and PHP code needed to develop sites that are more secure, and to avoid common mistakes. Learn how to configure PHP properly and filter input and escape output. Then check out step-by-step defenses against the most common forms of attack, including cross-site scripting and SQL injection. Deze cursus is enkel beschikbaar in het Engels. Als dit voor u geen probleem vormt, dien dan gerust uw aanvraag in. This course is in French only. If this is not a problem for you, by all means go ahead and apply. Apply for this course

System hacking is the way hackers get access to individual computers on a network. Ethical hackers learn system hacking to detect, prevent, and counter these types of attacks. This course explains the main methods of system hacking—password cracking, privilege escalation, spyware installation, and keylogging—and the countermeasures IT security professionals can take to fight these attacks. Security expert Lisa Bock also covers steganography, spyware on a cell phone, and tactics for hiding files and tools. These tutorials, along with the other courses featured in the Ethical Hacking series, will prepare students to pass the Certified Ethical Hacker exam and start a career in this in-demand field. Find out more about the exam at https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/. Learning Objectives: Acquiring passwords Generating rainbow tables Understanding where passwords are stored Defending against privilege escalation Understanding spyware Protecting against keylogging Detecting steganography How hackers cover their tracks Apply for this course

The number of IoT (internet of things) devices being deployed is growing exponentially and securing those devices is a huge challenge. In this course, Luciano Ferrari discusses how IoT devices work, including the architectures and protocols used. He covers the main attack surfaces used by hackers and security professionals against IoT devices, how to assess IoT security threats and vulnerabilities, and how to properly secure the devices by following industry best practices and implementing countermeasures.Learning Objectives: How IoT devices work IoT technologies and protocols IoT communication models Common OWASP vulnerabilities Overcoming inherent IoT challenges Attacks occurring on IoT devices Methodologies used for hacking Securing IoT devices Apply for this course

Social engineering is a technique hackers use to manipulate end users and obtain information about an organization or computer systems. In order to protect their networks, IT security professionals need to understand social engineering, who is targeted, and how social engineering attacks are orchestrated.In this course, cybersecurity expert Lisa Bock discusses the methods a hacker might use, including embedding malicious links and attachments in emails and using mobile devices and social media to deploy an attack. She discusses the concept of "misuse of trust"—how hackers use charm, power, and influence to penetrate an organization—and why you need to be extra cautious with the disgruntled employee. Finally, Lisa discusses countermeasures security professionals can take to address these attacks.Note: This course maps to the Social Engineering competency of the Certified Ethical Hacking exam. Review the exam objectives at https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/. Learning Objectives: Visualizing the victim Recognizing an attack Using charm, power, and influence Manipulating with social media Preventing insider attacks Stealing identities Pen testing with social engineering Taking countermeasures Apply for this course

APIs are a crucial business driver for delivering data to your applications. In this course, learn about various options for securing your RESTful API that can help you keep your application data—and your users—safe. Instructor Emmanuel Henri begins the course with an overview of top security threats and an introduction to the Open Web Application Security Project (OWASP), an important resource on security. He then steps through how to set up and secure a Node and Express API, including how to add handlers for registration and login, finalize secured endpoints, and test your finalized API. To wrap up, he shares a few alternatives for securing APIs. Topics include: Open Web Application Security Project (OWASP) Reasons for using a JSON Web Token (JWT) Adding bcrypt password hashing Adding handlers for registration and login Finalizing secured endpoints Testing APIs with Postman Apply for this course

Network security is an important component of the Microsoft Technology Associate (MTA), Security Fundamentals exam (98-367). In this course, Lisa Bock covers one of the main topics of the exam: securing an organization's network, to keep interconnected systems and data safe. The course introduces security devices such as firewalls and honeypots. In addition, she reviews the importance of isolating networks with VLANS and NAT addressing, along with a review of common security protocols. She also provides overviews of how to protect clients with antivirus software, encrypt folders and files, and implement software restriction policies. Finally, she looks at the often-overlooked topic of physical security, which includes securing a building's perimeter and the hardware within. Note: Learn more about the Microsoft Technology Associate (MTA) Security Fundamentals exam (98-367) at https://www.microsoft.com/learning/en-us/exam-98-367.aspx. Apply for this course

Though technology changes rapidly, the need to assure the confidentiality, integrity, authenticity, and accountability of information does not. Understanding the basics of cryptography is fundamental to keeping your networks, systems, and data secure. In this course, Lisa Bock reviews the historical and present-day uses of encryption, including techniques such as symmetric and asymmetric encryption, algorithms, and hashing. She also reviews message digest and passwords and discusses practical ways to apply cryptography to ensure data security and integrity. By the end of this course, you'll have a solid understanding of what it takes to move and store data securely. Apply for this course

Cybersecurity isn't solely within your IT department's purview. If you own a smartphone, work on a computer, or use the internet, then you're exposed to a variety of security risks on a daily basis. In this course, instructor Caroline Wong details what these threats are and what you can do about them—both to protect yourself and your organization. In a series of engaging scenarios, Caroline shines a spotlight on some of the most common security risks you'll encounter in your personal and work life, as well as how to mitigate them. Learn how to identify and avoid phishing, malware, and social engineering attacks. Plus, get best practices for protecting your accounts, company intellectual property, and online activity. Learning objectives: Protecting sensitive information in your physical office Avoiding malware attacks Social engineering attacks, such as voice phishing Avoiding security attacks on smartphones Identifying different types of email scams Best practices for working with both public and home Wi-Fi The benefits of using VPN Creating strong passwords Protecting company and employee information Apply for this course

En tant que responsable de la sécurité ou DSI, vous devez mettre en place une politique de cybersécurité pour répondre aux menaces qui pèsent sur votre informatique. Pour cela, Pierre Cabantous vous propose de faire un tour de la cybersécurité en entreprise. Dans ce cours, vous étudierez la démarche d'un pirate, avant et après l'intrusion dans un système, à la suite de l'exploitation d'une vulnérabilité. Vous verrez comment gérer ces vulnérabilités par rapport à un niveau de risque que vous apprendrez à calculer. Vous aborderez aussi une des principales menaces encourues aujourd'hui par tout service accessible en ligne : les attaques par déni de service. Puis vous découvrirez comment protéger votre organisation aux niveaux technique et organisationnel, en suivant des bonnes pratiques, des process ainsi que des normes européennes comme le RGPD. This course is in French only. If this is not a problem for you, by all means go ahead and apply. Apply for this course //

Most people have heard of RESTful APIs, but the underlying concept—representational state transfer (REST)—still causes confusion. REST is all about modeling resources that change. RESTful APIs use REST architecture along with HTTP requests to transfer data and changes in application state between clients and servers. This course breaks down the principles of RESTful design and show how to build secure RESTful APIs on top of ASP.NET Core. Nate Barbettini answers questions such as: What is RESTful design? How do you perform RESTful routing? How can you build reusable classes to represent resources? What role does caching play? And how do you secure RESTful APIs? He also covers topics such as data modeling, hypermedia relationships, and authentication and authorization. By the end of the course, you should know the basics—how to properly request and return data in ASP.NET Core—and the best practices for building secure and scalable APIs to serve web clients, mobile clients, and beyond. Topics include: What is RESTful design? Building a new API with ASP.NET Core Using HTTP methods Returning JSON Creating RESTful routing with templates Versioning Securing RESTful APIs with HTTPS Representing resources Representing links Representing collections Sorting and searching collections Building forms Adding caching to an ASP.NET Core API Configuring user authentication and authorization Apply for this course

This course follows a proven methodology for conducting thorough and effective technical security audits and assessments based on guidelines from NIST. Learn how to develop the testing methodology essential for technical security reviews. Discover how to identify and analyze targets, use key technical testing tools, identify and mitigate findings, and more. Performing technical information security audits and assessments is essential to protecting information assets. By the end of this course, you'll know how to determine if your network is secure. Topics include: Developing technical security assessments Conducting technical security reviews Identifying and analyzing targets Validating target vulnerabilities Planning a technical assessment Conducting a technical assessment Implementing remediation and mitigation Apply for this course

Cybersecurity can be daunting because of its technical complexity and the ever-changing threats that professionals must grapple with. And more than ever, cybersecurity is not just an IT issue, but a core business issue for organizations of all kinds. Just like other business issues—such as finance, legal, or human resources—cybersecurity has its own set of external policies, laws, rules, established practices, and resources for getting help. Getting to know these policies and resources better across your organization—and not just within your IT department—can be hugely beneficial to your company. This course seeks to make key cybersecurity policies and resources clear and understandable—whether you work in IT, in business, or are just interested in how information security fits in with our public policies and laws. Apply for this course

What is ethical hacking? When it comes to cybersecurity, hacking comes in many colors: white, grey, black, and shades in between. White hat hackers use their skills for good. They practice ethical hacking: involved testing to see if an organization's network is vulnerable to outside attacks. Ethical hacking is key to strengthening network security, and it's one of the most desired skills for any IT security professional. If you're interested in becoming an ethical hacker, or getting started securing your own network, this introduction is for you. Security expert Lisa Bock explores today's threat landscape, dissecting the top attack vectors and motives for attacks. Lisa identifies a variety of ways to secure an organization, explores policies that help enforce security objectives, and more.Note: The Ethical Hacking series maps to the 20 parts of the EC-Council Certified Ethical Hacker (CEH) exam (312_50) version 10.Learning Objectives:Today's threat landscapeManaging incidentsCreating security policiesProtecting dataThe COBIT frameworkConducting penetration testing Apply for this course

Security is a major concern in the DevOps world. There is a constant push for companies to move more quickly, and security teams struggle to keep up with testing. This has led to the rise of a new field: DevSecOps. This course introduces the concept of DevSecOps and explains how an organization can build out a DevSecOps program that helps teams integrate security into the application development pipeline. Learn about the role of APIs, containers, and automation, and how a continuous integration and delivery framework can help your organization run security tests as often as developers want. Instructor Tim Chase also introduces some free tools and resources for starting your DevSecOps journey. Apply for this course

Learn about the most important security concerns when developing websites, and what you can do to keep your servers, software, and data safe from harm. Instructor Kevin Skoglund explains what motivates hackers and their most common methods of attacks, and then details the techniques and mindset needed to craft solutions for these web security challenges. Learn the eight fundamental principles that underlie all security efforts, the importance of filtering input and controlling output, and smart strategies for encryption and user authentication. Kevin also covers special considerations when it comes to credit cards, regular expressions, source code managers, and databases. This course is great for developers who want to secure their client's websites, and for anyone else who wants to learn more about web security. Topics include: Why security matters What is a hacker? How to write a security policy Cross-site scripting (XSS) Cross-site request forgery (CSRF) SQL injection Session hijacking and fixation Passwords and encryption Secure credit card payments Apply for this course

What is ethical hacking? When it comes to cybersecurity, hacking comes in many colors: white, grey, black, and shades in between. White hat hackers use their skills for good. They practice ethical hacking: involved testing to see if an organization's network is vulnerable to outside attacks. Ethical hacking is key to strengthening network security, and it's one of the most desired skills for any IT security professional. If you're interested in becoming an ethical hacker, or getting started securing your own network, this introduction is for you. Security expert Lisa Bock explores today's threat landscape, dissecting the top attack vectors and motives for attacks. Lisa identifies a variety of ways to secure an organization, explores policies that help enforce security objectives, and more.Note: The Ethical Hacking series maps to the 20 parts of the EC-Council Certified Ethical Hacker (CEH) exam (312_50) version 10.Learning Objectives:Today's threat landscapeManaging incidentsCreating security policiesProtecting dataThe COBIT frameworkConducting penetration testing Apply for this course

Wireless networks are convenient and popular, but poor configuration and encryption leave them open to attack. Hackers can use Wi-Fi vulnerabilities to infiltrate your entire network. Security professionals need to know how to detect, prevent, and counter these kinds of attacks using the latest tools and techniques—the subject of this course with cybersecurity expert Malcolm Shore. Malcolm covers everything from configuring basic security to understanding how hackers extract passwords, harvest connections at rogue access point, and attack networks via Bluetooth. He also explains how to select the right antennae for testing and introduces some sophisticated Windows and Linux tools to scan for vulnerabilities, including Acrylic, Ekahau, and Wireshark. By the end of the course, you should be able to shore up your wireless connections and gain confidence that your local network is safe to use.Note: This course is part of our test prep series for the Certified Ethical Hacker exam. Review the complete exam objectives at https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/.Learning Objectives:Selecting an antennaConfiguring securityExtracting WEP and network passwordsTesting passwordsHarvesting connections from rogue access pointsAttacking networks via BluetoothCapturing wireless packets with Acrylic Wi-FiHeat mapping with EkahauWi-Fi sniffing with WiresharkTesting the Internet of Things Apply for this course

The Cisco Certified Network Associate (CCNA) Security certification indicates to potential employers that you have the required skills to secure a network. Join security ambassador Lisa Bock, as she prepares you for the Cisco Firewall Technologies section of the CCNA Security exam 210-260: Implementing Cisco Network Security. Lisa covers firewall technologies, diving into the concept of a firewall, firewall security contexts, and how to do a basic firewall configuration. She also compares different types of firewalls including stateless, stateful, and application firewalls. She also reviews implementing NAT on Cisco ASA along with zone-based firewalls. To wrap up, she takes a closer look at some firewall features on the Cisco ASA such as Access Management, Modular Policy Framework, and high availability. Topics include: Firewall services and security contexts Basic firewall configuration Stateless versus stateful firewalls Implementing NAT on Cisco ASA Zone-based firewalls Access Management Implementing high availability Cisco Modular Policy Framework Apply for this course

Learn how to configure a Cisco switch to connect and control resources on your network. Join Denise Allen-Hoyt in this course, as she explores the Cisco command-line interface using an out-of-band connection with a cable and terminal program. She'll show how to access the switch's three modes—user EXEC, privileged EXEC, and global configuration—and use commands to configure essential settings. After addressing the switch and configuring a default gateway, Denise shows how to modify individual port modes, secure those ports, and create and manage virtual LANs (VLANs). In the final chapter, she'll show how to verify your settings and reset the switch if necessary. Topics include: Accessing a switch Configuring the terminal program Configuring a switch hostname Saving and viewing configurations Securing access Encrypting passwords Assign an IP address to a switch Exploring port modes and security Creating VLANs Resetting a switch Apply for this course