Autoplay
Autocomplete
Previous Lesson
Complete and Continue
CompTIA CASP+ Certification Training
Chapter 1: IT GOVERNANCE AND RISK MANAGEMENT
Overview (2:41)
So You Want To Setup a Lab (12:57)
Begin At The Beginning - Confidentiality (19:31)
Begin At The Beginning - Availability (22:30)
Governance And Risk Management; Overview (22:30)
Governance And Risk Management; Risk Vocabulary (24:59)
Governance and Risk Management; Risk Management (16:12)
Governance and Risk Management; Risk Analysis (19:13)
Assess Risks; What is a Security Framework (20:50)
Assess Risks; System Specific Risk Analysis (21:05)
Assess Risks; Risk Determination (25:15)
Assess Risks; System Specific Risk Analysis (12:33)
Risk Mitigation; What Is A Aggregate CIA Score (26:51)
Risk Mitigation; What Are The CVSS And CVE (20:16)
Risk Mitigation; Risk Responses (15:51)
Risk Management Documentation; Best Practices (19:54)
Risk Management Documentation; BCP (27:01)
Risk Management Documentation; What is A BIA (18:07)
Risk Management Documentation; Downtime (24:09)
Risk Management Documentation; Documents (23:57)
I.T. Governance And Risk Management - Key Points (12:13)
Chapter 2: RESPONDING & RECOVERING FROM INCIDENTS
Assess Risks ESA Framework Assessment Process (24:37)
Incident Response Facilitators Part 1 (21:54)
Incident Response Facilitators Part 2 (21:24)
E-Discovery (21:23)
Incident Response Review Questions (15:18)
What is COOP (21:21)
CSIRTs and Common Tools (23:46)
Evidence Collection and Handling (22:55)
Types of Evidence (26:11)
Five Rules Of Evidence 5 B's (10:59)
Principles of Criminalistics (16:37)
Investigation Process (13:28)
Forensic Analysis of Compromised Systems (17:21)
What is the Order of Volatility (19:27)
Conducting Forensic Analysis with Autopsy (27:48)
Responding To Incidents - Key Points (21:44)
Chapter 3: LEVERAGING COLLABORATION TO SUPPORT SECURITY
Collaboration; GRC And Controls (22:39)
Collaboration; What Is An SCA (22:23)
Collaboration; Solutions (17:13)
Leveraging Collaboration - Key Points (6:34)
Chapter 4: IMPLEMENTING SECURITY IN THE SYSTEMS
What about Clickjacking and Cookie Hijacking (20:22)
Development Methodologies (12:54)
What are the SDLC Phases (19:52)
Security Requirements Traceability Matrix SRTM (7:37)
Common Software Development Approaches (11:04)
Common Software Development Methods (12:29)
What about Validation and Acceptance Testing (19:23)
SDLC Review Questions (13:36)
Secure vs Insecure Direct Object References (10:42)
Error Exception Handling Try...Catch Statements (15:31)
What is Privilege Escalation (9:48)
Overflows and Canaries (14:46)
Races and Exhaustion (9:50)
What is SQL Injection (23:32)
What is a Cross-Site Scripting XSS Attack (11:57)
Cross-Site Request Forgery XSRF CSRF Attack (13:34)
What is security by (10:13)
Input Validation Fuzzing Application Sandboxing (20:10)
WS-Security DAM and Software Assurance Tech (17:34)
Implementing Security In The SDLC - Key Points (21:42)
Chapter 5: RESEARCH AND ANALYSIS TO SECURITY
Research And Analysis; Industry Trends (18:09)
Research And Analysis; Artificial Intelligence (13:43)
Research and Analysis Requirements for Contracts (17:55)
Analyze Scenarios to Secure the Enterprise (23:22)
Using Research And Analysis - Key Points (13:07)
Chapter 6: ADVANCED AUTHENTICATION AND AUTHORIZATION TECHNIQUES
Authentication and Access Control (23:31)
Authentication Factors and Controls (23:22)
Authentication Types (16:01)
Centralized Remote Authentication Services (11:10)
Deep Dive; RADIUS (21:51)
What Is Authorization OAuth2.0 (17:48)
Deep Dive; 802.1X (10:35)
What is XACML (14:09)
Trusts Models and Kerberos Part 1 (23:40)
Trusts Models and Kerberos Part 2 (20:24)
Directory Services and LDAP (10:26)
Hands On; Establishing Peer Trusts (25:55)
Authentication And Authorization Review Questions (20:18)
Advanced Identity Concepts and Vocabulary (23:17)
Identity Federation Methods (18:03)
Advanced Identity Review Questions (12:25)
Authentication And Authorization; Key Points (24:21)
Chapter 7: CRYPTOGRAPHIC TECHNIQUES
Encryption (20:36)
Hashing (28:32)
Digital Signatures (23:17)
Blockchain and Bitcoin (15:53)
Hands On; Configuring A Blockchain (24:32)
Public Key Infrastructure PKI - Design (19:50)
Public Key Infrastructure PKI - Concepts (22:20)
Cryptography Concepts (22:35)
Stream Vs. Block Ciphers (21:14)
Implement Cryptography (18:53)
Implementing Cryptographic Techniques - Key Points (19:07)
Chapter 8: SECURITY CONTROLS FOR HOSTS
Host Concepts and Vocabulary (27:48)
Product Evaluation Models - TCSEC (12:17)
Product Evaluation Models - ITSEC (9:42)
Product Evaluation Models - Common Criteria (10:40)
What is a Trusted OS (19:52)
Types of Security Models (25:50)
Bell-LaPadula (24:11)
Biba (24:01)
Clark-Wilson and Others (13:50)
Access Control Concepts (22:06)
Role-Based Access Control (RBAC) (20:59)
Other Access Control Models (21:14)
Endpoint Security (20:37)
Host Review Questions (11:55)
Hardening Hosts Concepts and Vocabulary (18:48)
Peripherals (15:44)
Full Disk Encryption (27:02)
Hands-On; Hardening Windows Hosts, AppLocker (24:05)
Virtualization Concepts and Vocabulary (27:08)
Common VM Vulnerabilities (20:39)
Boot Loader Concepts and Vocabulary (18:34)
Hands-On; Creating Securing VM Using Virtualbox (15:10)
Hands-On; Protecting Boot Loaders (10:20)
Implementing Security Controls Hosts Key Points (19:23)
Chapter 9: SECURITY CONTROLS FOR MOBILE DEVICES
Mobile Deployment Models (23:23)
MDM Concepts and Vocabulary Part 1 (22:31)
MDM Concepts and Vocabulary Part 2 (15:52)
Storage (18:01)
Concepts and Vocabulary Part 1 (26:41)
Concepts and Vocabulary Part 2 (29:23)
Security Controls For Mobile Devices - Key Points (18:33)
Concepts And Vocabulary (22:38)
Chapter 10: IMPLEMENTING NETWORK SECURITY
What is a SIEM system (11:54)
Network Security Concepts and Vocabulary (21:16)
Hands-On Deploy Network Security Platform OPNsense (22:11)
SoC, BASs, ICS and SCADA (21:27)
Network-Enabled Devices Review Questions (12:05)
Remote Access and IPv6 (25:29)
Network Authentication (23:06)
Network Topologies and SDN (21:32)
Optimizing Resource Placement (15:21)
Advanced Network Design Review Questions (15:28)
Network Security Controls Concepts Vocabulary (20:09)
VLANS and Network Data Flow (22:49)
DPI and HTTPS Inspection (14:08)
Network Device Configurations (21:15)
NAC and Alerting (17:54)
Hands On; Implementing Network Monitoring Ntopng (18:05)
Implementing Network Security - Key Points (28:51)
Chapter 11: SECURING ENTERPRISE ARCHITECTURE ASSETS
Integrate Best Practices in Enterprise Security (25:16)
Technical Deployment Models; What Is A Model (12:52)
Technical Deployment Models; What Is Cloud (27:14)
Cloud Security Services in the Enterprise (20:58)
Secure Design; Vocabulary And Concepts Part 1 (21:50)
Secure Design; Vocabulary And Concepts Part 2 (22:14)
Secure Design; Review Questions (23:42)
Data Security; Owners, Processors And Sovereignty (23:14)
Data Security; Data Flow Security (15:22)
Data Security; Data Remanence (22:00)
Data Security; Provisioning And Deprovisioning (15:49)
Data Security; Review Questions (23:03)
Enterprise Applications; What are They (20:55)
Enterprise Applications; Directory Svcs, DNS Part 1 (22:35)
Enterprise Applications; Directory Svcs, DNS Part 2 (23:20)
Enterprise Applications; Hands On With DNS RRs (27:36)
DNSSEC, Zone Transfers And TSIGs Part 1 (20:25)
DNSSEC, Zone Transfers And TSIG Part 2 (23:17)
DNSSEC, Zone Transfers And TSIG Part 3 (24:11)
Integrating Assets - Key Points (24:07)
Hands on With DNSSEC (27:31)
Enterprise Applications; Configuration Management (23:15)
Chapter 12: CONDUCTING SECURITY ASSESSMENTS
Security Assessments; Types (24:28)
Security Assessments; Application Code Review (29:41)
Going Deeper; Vulnerability Scanning (24:32)
Going Deeper; Testing Software (22:23)
Software Testing Types Part 1 (15:20)
Software Testing Types Part 2 (24:48)
Logs, Memory And Debugging (20:44)
Social Engineering (23:05)
OSINT, Self-Assessments And Teaming (16:55)
Security Assessments - Review Questions (26:10)
Vulnerability Scanner (Nikto) (26:41)
Port Scanner (Zenmap) (23:12)
Protocol Analyzer (Wireshark) (27:09)
Network Enumerator (Zenmap) (17:54)
Password Cracker (John The Ripper) (27:00)
Using a Fuzzer in Kali Linux (23:58)
HTTP Interceptor (Burp Suite) (26:54)
Exploitation Framework (Social-Engineer Toolkit) (29:14)
Log Analysis In Kali (Grep And Cut) (29:00)
OpenSCAP (17:04)
Reverse Engineering (Strace) (21:47)
Conducting Security Assessments - Key Points (17:35)
Additional Files
comptia-caspplus
WS-Security DAM and Software Assurance Tech
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock