Overview
-
Prepare for the Systems Security Certified Practitioner certification (SSCP). Review the objectives from the Systems and Application Security domain of the SSCP exam.
Syllabus
-
Introduction
- Securing systems and applications
- What you need to know
- Study resources
- Comparing viruses, worms, and trojans
- Malware payloads
- Understanding backdoors and logic bombs
- Looking at advanced malware
- Understanding botnets
- Code signing
- Cybersecurity adversaries
- Preventing insider threats
- Attack vectors
- Zero-days and the Advanced Persistent Threat
- Social engineering
- Impersonation attacks
- Identity fraud and pretexting
- Watering hole attacks
- Physical social engineering
- OWASP Top Ten
- Application security
- Preventing SQL injection
- Understanding cross-site scripting
- Request forgery
- Defending against directory traversal
- Overflow attacks
- Explaining cookies and attachments
- Session hijacking
- Code execution attacks
- Operating system security
- Malware prevention
- Application management
- Host-based network security controls
- File integrity monitoring
- Data loss prevention
- Endpoint monitoring
- Data encryption
- Hardware and firmware security
- Peripheral security
- Mobile connection methods
- Mobile device security
- Mobile device management
- Mobile device tracking
- Mobile application management
- Mobile security enforcement
- Bring Your Own Device (BYOD)
- Mobile deployment models
- Industrial control systems
- Internet of Things
- Securing smart devices
- Secure networking for smart devices
- What is the cloud?
- Cloud activities and the Cloud Reference Architecture
- Cloud deployment models
- Cloud service categories
- Virtualization
- Cloud compute resources
- Cloud storage
- Containers
- Security and privacy concerns in the cloud
- Data sovereignty
- Operational concerns in the cloud
- Continuing your studies
