Attacker Techniques Exposed: Threats, Exploits and Vulnerabilities
 |
Download our Security Education Curriculum Guide |
COURSE OUTLINE
I.
The True Threat: Insiders & Outsiders
The course begins by walking students through several examples of security breaches. The case studies will illustrate the broad range of threats that organizations face from both external attackers as well as insiders. For each attack scenario, we will go through the underlying flaws, exploits, vulnerabilities and consequences.
II. Examine some trends in software vulnerabilities.
Over the years, the industry has seen some distinct trends emerge in vulnerabilities. One of the most interesting is the fact that attackers have moved their assaults to the application layer instead of the network layer. This section examines those trends in detail.
II. Live vulnerability and exploit tour!
This is the core of the course. In this section, attendees will go through a wide range of software vulnerabilities and the instructor will show sample exploits for these vulnerabilities live. This “tour” will span today’s most pervasive vulnerabilities including cross-site scripting, SQL injection, buffer overflows, format string vulnerabilities, and many others. Attendees will gain awareness and key insights into these vulnerability types as well as the ease with which the attacker community can exploit them.
IV. Tools and Threats.
The threat is growing and so is the number of tools that lower the bar for attackers. This section takes the audience inside the underground world of the attacker and illustrates the range of tools available to adversaries.
V. Thinking Like the Attacker: Threat Modeling.
A critical step in securing an application or system is to methodically think through threats. In this section we present several techniques for threat modeling and also walk the audience through the process of modeling threats against several systems.
VI. Incorporating Threats Into Software/System Design, Development,
Testing & Deployment.
By thinking about threats at each stage of the development lifecycle, we can make software and systems that are more resilient to attack. Attendees will walk away with an introduction to tools and techniques to build security in.
