fbpx

Training with Iverson classes

Training is not a commodity – all training centres are not the same. Iverson Associates Sdn Bhd is the most established, the most reputable, and the top professional IT training provider in Malaysia. With a large pool of experienced and certified trainers, state-of-the-art facilities, and well-designed courseware, Iverson offers superior training, a more impactful learning experience and highly effective results.

At Iverson, our focus is on providing high-quality IT training to corporate customers, meeting their learning needs and helping them to achieve their training objectives. Iverson has the flexibility to provide training solutions whether for a single individual or the largest corporation in a well-paced or accelerated training programme.

Our courses continue to evolve along with the fast-changing technological advances. Our instructor-led training services are available on a public and a private (in-company) basis. Some of our courses are also available as online, on demand, and hybrid training.

A Certified Ethical Hacker is a specialist typically working in a red team environment, focused on attacking computer systems and gaining access to networks, applications, databases, and other critical data on secured systems. A C|EH® understands attack strategies, the use of creative attack vectors, and mimics the skills and creativity of malicious hackers. Unlike malicious hackers and actors, Certified Ethical Hackers operate with permission from the system owners and take all precautions to ensure the outcomes remain confidential. Bug bounty researchers are expert ethical hackers who use their attack skills to uncover vulnerabilities in the systems.

 

The Certified Ethical Hacker has been battle-hardened over the last 20 years, creating hundreds of thousands of Certified Ethical Hackers employed by top companies, militaries, and governments worldwide.

 

In its 12th version, the Certified Ethical Hacker provides comprehensive training, hands on learning labs, practice cyber ranges for engagement, certification assessments, cyber competitions, and opportunities for continuous learning into one comprehensive program curated through our new learning framework: 1. Learn 2. Certify 3. Engage 4. Compete.

 

The C|EH v12 also equips aspiring cybersecurity professionals with the tactics, techniques, and procedures (TTPs) to build ethical hackers who can uncover weaknesses in nearly any type of target system before cybercriminals do.

 

The C|EH® v12 is a specialized and one-of-a-kind training program to teach you everything you need to know about ethical hacking with hands-on training, labs, assessment, a mock engagement (practice), and global hacking competition. Stay on top of the game with the most in-demand skills required to succeed in the field of cybersecurity.

 

  1. LEARN
  • 5 days of training
  • 20 modules
  • 3000+ pages of student manual
  • 1900+ pages of lab manual
  • Over 200 hands-on labs with competition flags
  • Over 3,500 hacking tools - Learn how to hack multiple operating systems (Windows 11, Windows servers, Linux, Ubuntu, Android)
  • MITRE Attack Framework
  • Diamond model of intrusion analysis
  • Techniques for establishing persistence
  • Evading NAC and endpoint security
  • Understand Fog, Edge, and Grid Computing Model

 

  1. CERTIFY

C|EH® ANSI

  • 125 Multiple-Choice Questions
  • 4 hours

C|EH® Practical

  • 6-hour Practical Exam
  • 20 Scenario-Based Questions

 

  1. ENGAGE
  • Conduct a real-world ethical hacking assignment
  • Apply the 5 phases
    • Reconnaissance
    • Scanning
    • Gaining Access
    • Maintaining Access
    • Covering Your Tracks

 

  1. COMPETE
  • New challenges every month
  • 4-hour competition
  • Compete with your peers all over the world
  • Hack your way to the top of the leaderboard
  • Gain recognition
  • Challenges include:
    • OWASP Top 10 Web Application Threat Vectors
    • Ransomware/ Malware Analysis
    • Outdated/Unpatched Software
    • System Hacking and Privilege Escalation
    • Web Application Hacking and Pen Testing
    • Cloud Attack/Hacking
    • and many more...

 

Content Included

  • eCourseware
  • Exam Voucher*
  • Next version of eCourseware
  • 6 months of official labs
  • C|EH Engage
  • Global C|EH Challenges
  • Exam Preparation
  • C|EH Practical Exam
  • 10 Ethical Hacking Video Library
  • 4 Exam Retakes**

*Exam retakes are included with every courseware package. Candidates may activate this benefit through the EC-Council student portal (ASPEN)

** Proctor administration fees will be applicable for each attempt of the retake examination

 

Additional Info

  • Certification Course & Certificate
  • Course Code CEH
  • Price 7800
  • Exam Price Include
  • Exam Code C|EH® ANSI & C|EH® Practical
  • Duration 5.5
  • Principals EC-Council
  • Audience
    • Mid-Level Information Security Auditor
    • Cybersecurity Auditor
    • Security Administrator
    • IT Security Administrator
    • Cyber Defense Analyst
    • Vulnerability Assessment Analyst
    • Warning Analyst
    • Information Security Analyst 1
    • Security Analyst L1
    • Infosec Security Administrator
    • Cybersecurity Analyst level 1, level 2, & level 3
    • Network Security Engineer
    • SOC Security Analyst
    • Security Analyst
    • Network Engineer
    • Senior Security Consultant
    • Information Security Manager
    • Senior SOC Analyst
    • Solution Architect
    • Cybersecurity Consultant
  • Prerequisities

    There are no specific prerequisites for the C|EH program, however we strongly recommend candidates possess a minimum of 2 years’ experience in IT security before joining a C|EH training program. C|EH training is about testing systems and using them for purposes not originally intended, candidates should understand the basic functions of those IT systems before attempting to hack them. (Example: C|EH will teach the process of host evaluation leading to enumeration, in this process trainees will scan downrange targets using common scanning techniques such as Nmap which will respond with a list of ports, enumerating those ports and the services running on them can be used to expose common vulnerabilities and weaknesses in systems. The C|EH program will not teach you what a port is, that is essential knowledge you must have to be successful in the class.) If you do not possess the foundational skills in IT and Networking, we recommend starting with our free cybersecurity Essentials Series found here: https://www.eccouncil.org/academia/essentials

  • At Course Completion

    C|EH is divided into 20 modules and delivered through a carefully curated training plan that typically spans across 5 days. As you progress through your training, each module offers extensive hands-on lab components that allow you to practice the techniques and procedures taught in the program in real-time on live machines.

     

    Ethical Hacking Labs

    With over 220 hands-on labs, conducted in our cyber range environment, you will have the opportunity to practice every learning objective in the course on live machines and vulnerable targets. Pre-loaded with over 3,500 hacking tools and a variety of operating systems, you will gain unprecedented exposure to and hands-on experience with the most common security tools, latest vulnerabilities, and widely used operating systems on the market. Our range is web accessible, allowing you to study and practice from anywhere with a connection.

  • Module 1 Title Introduction to Ethical Hacking
  • Module 2 Title Foot Printing and Reconnaissance
  • Module 3 Title Scanning Networks
  • Module 4 Title Enumeration
  • Module 5 Title Vulnerability Analysis
  • Module 6 Title System Hacking
  • Module 7 Title Malware Threats
  • Module 8 Title Sniffing
  • Module 9 Title Social Engineering
  • Module 10 Title Denial-of-Service
  • Module 11 Title Session Hijacking
  • Module 12 Title Evading IDS, Firewalls, and Honeypots
  • Module 13 Title Hacking Web Servers
  • Module 14 Title Hacking Web Applications
  • Module 15 Title SQL Injection
  • Module 16 Title Hacking Wireless Networks
  • Module 17 Title Hacking Mobile Platforms
  • Module 18 Title IoT and OT Hacking
  • Module 19 Title Cloud Computing
  • Module 20 Title Cryptography
RM7,800.00(+RM468.00 Tax)
* Training Dates:

Certified Ethical Hacker is a specialist typically working in a red team environment, focused on attacking computer systems and gaining access to networks, applications, databases, and other critical data on secured systems. A C|EH® understands attack strategies, the use of creative attack vectors, and mimics the skills and creativity of malicious hackers. Unlike malicious hackers and actors, Certified Ethical Hackers operate with permission from the system owners and take all precautions to ensure the outcomes remain confidential. Bug bounty researchers are expert ethical hackers who use their attack skills to uncover vulnerabilities in the systems.

 

The Certified Ethical Hacker has been battle-hardened over the last 20 years, creating hundreds of thousands of Certified Ethical Hackers employed by top companies, militaries, and governments worldwide. It is the most trusted ethical hacking certification that employers worldwide value, and for good reasons. The comprehensive curriculum covers the fundamentals of ethical hacking, foot printing and reconnaissance, scanning, enumeration, vulnerability threats, social engineering, SQL injection, and much more.

 

When you successfully achieve the C|EH certification, you will be equipped with every skill you need to uncover vulnerabilities and secure the systems, networks, applications, databases, and critical data from malicious hackers.

 

LEARN

  • 5 days of training
  • 20 modules
  • 3000+ pages of student manual
  • 1900+ pages of lab manual
  • Over 200 hands-on labs with competition flags
  • Over 3,500 hacking tools - Learn how to hack multiple operating systems (Windows 11, Windows servers, Linux, Ubuntu, Android)
  • MITRE Attack Framework
  • Diamond model of intrusion analysis
  • Techniques for establishing persistence
  • Evading NAC and endpoint security
  • Understand Fog, Edge, and Grid Computing Model

Additional Info

  • Certification Course & Certificate
  • Course Code CEH
  • Price RM6200
  • Exam Price Include
  • Exam Code C|EH® ANSI
  • Duration 5 Days
  • Principals EC-Council
  • Schedule

    17-21 Oct 2022

    5-9 Dec 2022 (Penang)

    19-23 Dec 2022

  • Audience
    • Mid-Level Information Security Auditor
    • Cybersecurity Auditor
    • Security Administrator
    • IT Security Administrator
    • Cyber Defense Analyst
    • Vulnerability Assessment Analyst
    • Warning Analyst
    • Information Security Analyst 1
    • Security Analyst L1
    • Infosec Security Administrator
    • Cybersecurity Analyst level 1, level 2, & level 3
    • Network Security Engineer
    • SOC Security Analyst
    • Security Analyst
    • Network Engineer
    • Senior Security Consultant
    • Information Security Manager
    • Senior SOC Analyst
    • Solution Architect
    • Cybersecurity Consultant
  • Prerequisities

    There are no specific prerequisites for the C|EH program, however we strongly recommend candidates possess a minimum of 2 years’ experience in IT security before joining a C|EH training program. C|EH training is about testing systems and using them for purposes not originally intended, candidates should understand the basic functions of those IT systems before attempting to hack them. (Example: C|EH will teach the process of host evaluation leading to enumeration, in this process trainees will scan downrange targets using common scanning techniques such as Nmap which will respond with a list of ports, enumerating those ports and the services running on them can be used to expose common vulnerabilities and weaknesses in systems. The C|EH program will not teach you what a port is, that is essential knowledge you must have to be successful in the class.) If you do not possess the foundational skills in IT and Networking, we recommend starting with our free cybersecurity Essentials Series found here: https://www.eccouncil.org/academia/essentials

  • At Course Completion

    C|EH is divided into 20 modules and delivered through a carefully curated training plan that typically spans across 5 days. As you progress through your training, each module offers extensive hands-on lab components that allow you to practice the techniques and procedures taught in the program in real-time on live machines.

     

    Ethical Hacking Labs

    With over 220 hands-on labs, conducted in our cyber range environment, you will have the opportunity to practice every learning objective in the course on live machines and vulnerable targets. Pre-loaded with over 3,500 hacking tools and a variety of operating systems, you will gain unprecedented exposure to and hands-on experience with the most common security tools, latest vulnerabilities, and widely used operating systems on the market. Our range is web accessible, allowing you to study and practice from anywhere with a connection.

  • Module 1 Title Introduction to Ethical Hacking
  • Module 2 Title Foot Printing and Reconnaissance
  • Module 3 Title Scanning Networks
  • Module 4 Title Enumeration
  • Module 5 Title Vulnerability Analysis
  • Module 6 Title System Hacking
  • Module 7 Title Malware Threats
  • Module 8 Title Sniffing
  • Module 9 Title Social Engineering
  • Module 10 Title Denial-of-Service
  • Module 11 Title Session Hijacking
  • Module 12 Title Evading IDS, Firewalls, and Honeypots
  • Module 13 Title Hacking Web Servers
  • Module 14 Title Hacking Web Applications
  • Module 15 Title SQL Injection
  • Module 16 Title Hacking Wireless Networks
  • Module 17 Title Hacking Mobile Platforms
  • Module 18 Title IoT and OT Hacking
  • Module 19 Title Cloud Computing
  • Module 20 Title Cryptography
RM6,200.00(+RM372.00 Tax)
* Training Dates:

Candidates who do not yet have 5 years of information security experience in at least 3 of the 5 CCISO Domains can still pursue a management certification to help propel their careers and put them on fast track toward obtaining the CCISO. EISM students must attend training – the same CCISO training that upper level executives attend – before attempting the EISM exam. There are no experience requirements for this exam. The courseware and training programs are exactly the same as those of the CCISO program. Imagine being able to push your new information security career forward using the same resources as seasoned professionals. That’s what the EISM program does. The EISM exam is a light version of the CCISO exam and tests the fundamentals of information security management.

 

Additional Info

  • Certification Course & Certificate
  • Course Code EISM
  • Price 12000
  • Exam Price Include
  • Exam Code 512-50
  • Duration 4 days
  • Principals EC-Council
  • Schedule

    17-20 Feb 2022

    24-27 Mar 2022

    5-8 May 2022

    23-26 Jun 2022

    4-7 Aug 2022

    15-18 Sep 2022

    10-13 Nov 2022

    15-18 Dec 2022

  • Audience

    The EISM program is right for you if you:

    • You do not meet the minimum experience requirements for the CCISO program
    • You are more interested in a management career path than in a technical one
    • You have strong management skills and have worked in the information security industry for at least three years.
    • You are interested in one day obtaining a position as a CISO
  • Prerequisities

    All EISM students must take EC-Council official training before sitting for the EISM exam.

  • Module 1 Title Domain 1 Governance (Policy, Legal & Compliance)
  • Module 1 Content

    Domain 1 covers Policy, Legal, and Compliance issues involved in the executive management of an Information Security Program.

  • Module 2 Title Domain 2 IS Management Controls and Auditing Management
  • Module 2 Content

    Domain 2 is concerned with Audit and Risk Management, including understanding your organization’s risk tolerance and managing accordingly.

  • Module 3 Title Domain 3 Management – Projects and Operations (Projects, Technology & Operations)
  • Module 3 Content

    Domain 3 covers many of the day-today aspects of the CISO job including project, technology, and operations management.

  • Module 4 Title Domain 4 Information Security Core Competencies
  • Module 4 Content

    Domain 4 delves into the technology of the CISO’s role, but from an executive perspective.

  • Module 5 Title Domain 5 Strategic Planning & Finance.
  • Module 5 Content

    Domain 5 covers Finance and Strategic management, some of the key skills that help CISOs rise to the level of their peer C-Level executives.

  • Module 6 Title The Exam
  • Module 6 Content

    The C|CISO Exam was developed by practicing CISOs and based on the real-world scenarios professionals from across industries have faced while securing some of the most prestigious organizations in the world. Applicant’s knowledge in all five of the C|CISO Domains will be tested on the exam that focuses on scenario-based questions and requires applicants to apply their real-world experience in order to answer successfully. To that end, in order to qualify to sit for the C|CISO Exam after taking the C|CISO class, applicants have at least 5 years of information security experience in 3 or more of the C|CISO Domains. Any student lacking this experience may take the ECCouncil Information Security Management exam and earn the EISM certification. In order to sit for the C|CISO exam and earn the certification, candidates must meet the basic C|CISO requirements. Candidates who do not yet meet the C|CISO requirements but are interested in information security management can pursue the EC-Council Information Security Management (EISM) certification.

    EXAM TITLE : EC-Council Certified CISO

    EXAM CODE : 712-50

    # OF QUESTIONS : 150

    DURATION :2.5 Hours

    AVAILABILITY : ECC Exam Portal

    TEST FORMAT : Scenario-based multiple choice

    PASSING SCORE : 72%

RM12,000.00(+RM720.00 Tax)

EC-Council has developed the Certified Cybersecurity Technician certification:

  • To validate hands-on technician level IT and cybersecurity skills.
  • It’s an entry-level cybersecurity program engineered by the creators of the Certified Ethical Hacker program to address the global demand for cybersecurity technicians.
  • To prepare individuals with core security skills to pursue and develop their cybersecurity careers as cybersecurity specialists, consultants, network engineers, or IT administrators

Additional Info

  • Certification Course & Certificate
  • Course Code CCT
  • Price RM5000
  • Exam Price Include
  • Exam Code 212-82
  • Duration 5 Days
  • CertificationInfo EC-Council Certified Cybersecurity Technician
  • Principals EC-Council
  • Schedule

    8-12 Aug 2022

    21-25 Nov 2022

  • Audience

    The C|CT course can be taken by students, IT professionals, IT managers, career changers, and any individual seeking a career in cybersecurity, or aspiring to advance their existing role. This course is ideal for those entering the cybersecurity workforce, providing foundational technician level, hands-on skills to solve the most common security issues organizations face today.

  • Prerequisities

    There are no specific prerequisites to take the C|CT course and attempt the C|CT certification exam. Although this is an entry-level course, a working knowledge of IT networking and basic cybersecurity concepts will be an advantage to anyone taking this course.

  • At Course Completion
    1. Key issues plaguing the cybersecurity industry (information security and network security)
    2. Information security threats, vulnerabilities, and attacks
    3. Different types of malware
    4. Network security fundamentals
    5. Identification, authentication, and authorization concepts
    6. Network security controls
    • Administrative controls (frameworks, laws, acts, governance and compliance program, and security policies)
    • Physical controls (physical security controls, workplace security, and environmental controls)
    • Technical controls (network security protocols, network segmentation, firewall, IDS/IPS, honeypot, proxy server, VPN, UBA, NAC, UTM, SIEM, SOAR, load balancer, and anti-malware tools)
    1. Network security assessment techniques and tools (threat hunting, threat intelligence, vulnerability assessment, ethical hacking, penetration testing, and configuration and asset management)
    2. Application security design and testing techniques
    3. Fundamentals of virtualization, cloud computing, and cloud security
    4. Wireless network fundamentals, wireless encryption, and security measures
    5. Fundamentals of mobile, IoT, and OT devices and their security measures
    6. Cryptography and public key infrastructure concepts
    7. Data security controls, data backup and retention methods, and data loss prevention techniques
    8. Network troubleshooting, traffic monitoring, log monitoring, and analysis for suspicious traffic
    9. Incident handling and response process
    10. Computer forensics fundaments, digital evidence, and forensic investigation phases
  • Module 1 Title Information Security Threats and Vulnerabilities
  • Module 2 Title Information Security Attacks
  • Module 3 Title Network Security Fundamentals
  • Module 3 Content

     

     

     

     

     


     

  • Module 4 Title Identification, Authentication, and Authorization
  • Module 5 Title Network Security Controls – Administrative Controls
  • Module 6 Title Network Security Controls – Physical Controls
  • Module 7 Title Network Security Controls – Technical Controls
  • Module 8 Title Network Security Assessment Techniques and Tools
  • Module 8 Content

     

     

  • Module 9 Title Application Security
  • Module 10 Title Virtualization and Cloud Computing
  • Module 11 Title Wireless Network Security
  • Module 12 Title Mobile Device Security
  • Module 13 Title IoT and OT Security
  • Module 14 Title Cryptography
  • Module 15 Title Data Security
  • Module 16 Title Network Troubleshooting
  • Module 17 Title Network Traffic Monitoring
  • Module 18 Title Network Logs Monitoring and Analysis
  • Module 19 Title Incident Response
  • Module 20 Title Computer Forensics
  • Module 21 Title Business Continuity and Disaster Recovery
  • Module 22 Title Risk Management
RM5,000.00(+RM300.00 Tax)
* Training Dates:

This course is the most comprehensive review of cloud security concepts and industry best practices covering the six domains of the (ISC)2 Common Body of Knowledge (CBK®). You will gain knowledge in identifying the types of controls necessary to administer various levels of confidentiality, integrity, and availability, with regard to securing data in the cloud. You will identify the virtual and physical components of the cloud infrastructure with regard to risk management analysis, including tools and techniques necessary for maintaining a secure cloud infrastructure. You will gain an understanding in cloud software assurance and validation, utilizing secure software, and the controls necessary for developing secure cloud environments. You will identify privacy issues and audit processes utilized within a cloud environment, including auditing controls, assurance issues, and specific reporting attributes.

CCSP Domains

  • Cloud Concepts, Architecture and Design
  • Cloud Data Security
  • Cloud Platform and Infrastructure Security
  • Cloud Application Security
  • Cloud Security Operations
  • Legal, Risk and Compliance

Additional Info

  • Certification Course & Certificate
  • Course Code CCSP
  • Price RM7900
  • Exam Price Include
  • Duration 4 Days
  • CertificationInfo Certified Cloud Security Professional
  • Principals EC-Council
  • Schedule

    17,19-21 Jan 2022

    28-31 Mar 2022

    13-16 Jun 2022

    18-21 Jul 2022

    8-11 Aug 2022

    5-8 Sep 2022

    11-14 Oct 2022

    14-17 Nov 2022

    5-8 Dec 2022

  • Audience

    This training is intended for professionals who have at least five years of full-time IT experience, including three years in information security and at least one year in cloud security, and are pursuing CCSP certification to enhance credibility and career mobility. The seminar is ideal for those working in positions such as, but not limited to:

    • Security Manager   
    • Systems Architect  
    • Systems Engineer   
    • Security Architect   
    • Security Consultant
    • Security Engineer
    • Enterprise Architect
    • Security Administrator
  • Prerequisities

    Experienced information security professionals with at least five years of IT experience, including three years of information security and at least one year of cloud security experience.

    · CISSP Certification Prep Course

  • At Course Completion

    After completing this course, you will be able to:

    1.  Understand legal frameworks and guidelines that affect cloud services.
    2.  Recognize the fundamentals of data privacy regulatory/legislative mandates.
    3.  Assess risks, vulnerability, threats, and attacks in the cloud environment.
    4.  Evaluate the design and plan for cloud infrastructure security controls.
    5.  Evaluate what is necessary to manage security operations.
    6.  Understand what operational controls and standards to implement.
    7.  Describe the types of cloud deployment models in the types of “as a service” cloud models currently available today.
    8.  Identify key terminology, and associated definitions related to cloud technology.
    9.  Establish a common terminology for use within your team or workgroup.
    10. Build a business case for cloud adoption and determine business units that benefit from cloud migration strategies.

  • Module 1 Title Architecture Concepts and Design Requirement
  • Module 1 Content
    • Cloud Computing Concepts
    • Cloud Reference Architecture
    • Security Concepts Relevant to Cloud Computing
    • Design Principles of Secure Cloud Computing
    • Trusted Cloud Services
  • Module 2 Title Cloud Data Security
  • Module 2 Content
    • Cloud Data Lifecycle
    • Design and Implement Cloud Data Storage Architectures
    • Design and Apply Data Security Strategies
    • Implement Data Discovery and Classification Technologies
    • Design and Implement Data Rights Management
    • Design and Implement Relevant Jurisdictional Data Protections for Personally Identifiable Information (PIN)
    • Plan and Implement Data Retention, Deletion, and Archiving Policies
    • Design and Implement Auditability, Traceability, and Accountability of Data Events
  • Module 3 Title Cloud Platform and Infrastructure Security
  • Module 3 Content
    • Cloud Infrastructure Components
    • Risks Associated to Cloud Infrastructure
    • Design and Plan Security Controls
    • Plan Disaster Recovery and Business Continuity Management
  • Module 4 Title Cloud Application Security
  • Module 4 Content
    • Need for Training and Awareness in Application Security
    • Cloud Software Assurance and Validation
    • Use Verified Secure Software
    • Software Development Life-Cycle (SDLC) Process
    • Apply the Software Development Life-Cycle
    • Specifics of Cloud Application Architecture
    • Design Appropriate Identity and Access Management (IAM) Solution
  • Module 5 Title Operations
  • Module 5 Content
    • Support the Planning Process for the Data Center Design
    • Implement and Build Physical Infrastructure for Cloud Environment
    • Run Physical Infrastructure for Cloud Environment
    • Manage Physical Infrastructure for Cloud Environment
    • Build Logical Infrastructure for Cloud Environment
    • Run Logical Infrastructure for Cloud Environment
    • Manage Logical Infrastructure for Cloud Environment
    • Ensure Compliance with Regulations and Controls (ITIL, ISO/IEC 20000-I)
    • Conduct Risk Assessment to Logical and Physical Infrastructure
    • Collection, Acquisition, and Preservation of Digital Evidence
    • Manage Communication with Relevant Parties
  • Module 6 Title Legal and Compliance
  • Module 6 Content
    • Legal Requirements and Unique Risks within the Cloud Environment
    • Privacy Issues, Including Jurisdictional Variation
    • Audit Process, Methodologies, and Required Adaptions for a Cloud Environment
    • Implications of Cloud to Enterprise Risk Management
    • Outsourcing and Cloud Contract Design
    • Execute Vendor Management
RM7,900.00(+RM474.00 Tax)
* Training Dates:

Certified Threat Intelligence Analyst (C|TIA) is designed and developed in collaboration with cybersecurity and threat intelligence experts across the globe to help organizations identify and mitigate business risks by converting unknown internal and external threats into known threats. It is a comprehensive, specialist-level program that teaches a structured approach for building effective threat intelligence.

 

In the ever-changing threat landscape, C|TIA is an essential program for those who deal with cyber threats on a daily basis. Organizations today demand a professional-level cybersecurity threat intelligence analyst who can extract the intelligence from data by implementing various advanced strategies. Such professional-level programs can only be achieved when the core of the curricula maps with and is compliant to government and industry published threat intelligence frameworks.

 

C|TIA is a method-driven program that uses a holistic approach, covering concepts from planning the threat intelligence project to building a report to disseminating threat intelligence. These concepts are highly essential while building effective threat intelligence and, when used properly, can secure organizations from future threats or attacks. This program addresses all the stages involved in the Threat Intelligence Life Cycle. This attention to a realistic and futuristic approach makes C|TIA one of the most comprehensive threat intelligence certifications on the market today. This program provides the solid, professional knowledge that is required for a career in threat intelligence, and enhances your skills as a Threat Intelligence Analyst, increasing your employability. It is desired by most cybersecurity engineers, analysts, and professions from around the world and is respected by hiring authorities.

The Purpose of C|TIA is: 

  • To enable individuals and organizations with the ability to prepare and run a threat intelligence program that allows ‘evidence-based knowledge’ and provides ‘actionable advice’ about ‘existing and unknown threats’.
  • To ensure that organizations have predictive capabilities rather than just proactive measures beyond active defense mechanism.
  • To empower information security professionals with the skills to develop a professional, systematic, and repeatable real-life threat intelligence program.
  • To differentiate threat intelligence professionals from other information security professionals

For individuals: To provide an invaluable ability of structured threat intelligence to enhance skills and boost their employability.

Additional Info

  • Certification Course & Certificate
  • Course Code CTIA
  • Price 4982
  • Exam Price Include
  • Exam Code 312-85
  • Duration 3 Days
  • Principals EC-Council
  • Schedule

    Available Upon Request

  • Audience
    • Ethical Hackers
    • Security Practitioners, Engineers, Analysts, Specialist, Architects, and Managers
    • Threat Intelligence Analysts, Associates, Researchers, Consultants
    • Threat Hunters
    • SOC Professionals
    • Digital Forensic and Malware Analysts
    • Incident Response Team Members
    • Any mid-level to high-level cybersecurity professionals with a minimum of 2 years of experience.
    • Individuals from the information security profession and who want to enrich their skills and knowledge in the field of cyber threat intelligence.
    • Individuals interested in preventing cyber threats.
  • Module 1 Title Introduction to Threat Intelligence
  • Module 1 Content
    • Understanding Intelligence
    • Understanding Cyber Threat Intelligence
    • Overview of Threat Intelligence Lifecycle and Frameworks
  • Module 2 Title Cyber Threats and Kill Chain Methodology
  • Module 2 Content
    • Understanding Cyber Threats
    • Understanding Advanced Persistent Threats (APTs)
    • Understanding Cyber Kill Chain
    • Understanding Indicators of Compromise (IoCs)
  • Module 3 Title Requirements, Planning, Direction, and Review
  • Module 3 Content
    • Understanding Organization’s Current Threat Landscape
    • Understanding Requirements Analysis
    • Planning Threat Intelligence Program
    • Establishing Management Support
    • Building a Threat Intelligence Team
    • Overview of Threat Intelligence Sharing
    • Reviewing Threat Intelligence Program
  • Module 4 Title Data Collection and Processing
  • Module 4 Content
    • Overview of Threat Intelligence Data Collection Overview of Threat Intelligence Collection Management
    • Overview of Threat Intelligence Feeds and Sources
    • Understanding Threat Intelligence Data Collection and Acquisition
    • Understanding Bulk Data Collection
    • Understanding Data Processing and Exploitation
  • Module 5 Title Data Analysis
  • Module 5 Content
    • Overview of Data Analysis
    • Understanding Data Analysis Techniques
    • Overview of Threat Analysis
    • Understanding Threat Analysis Process
    • Overview of Fine-Tuning Threat Analysis
    • Understanding Threat Intelligence Evaluation
    • Creating Runbooks and Knowledge Base
    • Overview of Threat Intelligence Tools
  • Module 6 Title Intelligence Reporting and Dissemination
  • Module 6 Content
    • Overview of Threat Intelligence Reports
    • Introduction to Dissemination
    • Participating in Sharing Relationships
    • Overview of Sharing Threat Intelligence
    • Overview of Delivery Mechanisms
    • Understanding Threat Intelligence Sharing Platforms
    • Overview of Intelligence Sharing Acts and Regulations
    • Overview of Threat Intelligence Integration
RM4,700.00(+RM282.00 Tax)

The EC-Council Certified Encryption Specialist (ECES) program introduces professionals and students to the field of cryptography. The participants will learn the foundations of modern symmetric and key cryptography including the details of algorithms such as Feistel Networks, DES, and AES. Other topics introduced:

  • Overview of other algorithms such as Blowfish, Twofish, and Skipjack
  • Hashing algorithms include MD5, MD6, SHA, Gost, RIPMD 256 and others.
  • Asymmetric cryptography includes thorough descriptions of RSA, Elgamal, Elliptic Curve, and DSA.
  • Significant concepts such as diffusion, confusion, and Kerkchoff’s principle.

Participants will also be provided a practical application of the following:

  • How to set up a VPN
  • Encrypt a drive
  • Hands-on experience with steganography
  • Hands on experience in cryptographic algorithms ranging from classic ciphers like Caesar cipher to modern day algorithms such as AES and RSA.

Additional Info

  • Certification Course & Certificate
  • Course Code ECES
  • Price 4700
  • Exam Price Include
  • Exam Code 212-81
  • Duration 3 days
  • Principals EC-Council
  • Schedule

    7-9 Feb 2022

    14-16 Jun 2022

    7-9 Sep 2022

    13-15 Dec 2022

  • Audience

    Anyone involved in the selection and implementation of VPN’s or digital certificates should attend this course. Without understanding the cryptography at some depth, people are limited to following marketing hype. Understanding the actual cryptography allows you to know which one to select. A person successfully completing this course will be able to select the encryption standard that is most beneficial to their organization and understand how to effectively deploy that technology.

     

    This course is excellent for ethical hackers and penetration testing professionals as most penetration testing courses skip cryptanalysis completely. Many penetration testing professionals testing usually don’t attempt to crack cryptography.

  • Prerequisities

    A basic knowledge of cryptanalysis is very beneficial to any penetration testing.

  • At Course Completion
    • Types of Encryption Standards and their differences
    • How to select the best standard for your organization
    • How to enhance your pen-testing knowledge in encryption
    • Correct and incorrect deployment of encryption technologies
    • Common mistakes made in implementing encryption technologies
    • Best practices when implementing encryption technologies
  • Module 1 Title Introduction and History of Cryptography
  • Module 1 Content
    • What is Cryptography?
    • History of Cryptography
    • Mono-Alphabet Substitution
      • Caesar Cipher
      • Atbash Cipher
      • Affine Cipher
      • ROT13 Cipher
      • Scytale
      • Single Substitution Weaknesses
    • Multi-Alphabet Substitution
      • Cipher Disk
      • Vigenère Cipher
        • Vigenère Cipher: Example
        • Breaking the Vigenère Cipher
      • Playfair Cipher
      • ADFGVX Cipher
    • Homophonic Substitution
    • Null Ciphers
    • Book Ciphers
    • Rail Fence Ciphers
    • The Enigma Machine
    • CrypTool
  • Module 2 Title Symmetric Cryptography & Hashes
  • Module 2 Content
    • Symmetric Cryptography
    • Information Theory
      • Information Theory Cryptography Concepts
    • Kerckhoffs’s Principle
    • Substitution
    • Transposition
    • Binary Math
      • Binary AND
      • Binary OR
      • Binary XOR
    • Block Cipher vs. Stream Cipher
    • Symmetric Block Cipher Algorithms
      • Basic Facts of the Feistel Function
        • The Feistel Function
        • Unbalanced Feistel Cipher
      • Data Encryption Standard (DES)
      • 3DES
        • DESx
        • Whitening
      • Advanced Encryption Standard (AES)
        • AES General Overview
        • AES Specifics
      • Blowfish
      • Serpent
      • Twofish
      • Skipjack
      • International Data Encryption Algorithm (IDEA)
      • CAST
      • Tiny Encryption Algorithm (TEA)
      • SHARK
      • Symmetric Algorithm Methods
        • Electronic Codebook (ECB)
        • Cipher-Block Chaining (CBC)
        • Propagating Cipher-Block Chaining (PCBC)
        • Cipher Feedback (CFB)
        • Output Feedback (OFB)
        • Counter (CTR)
        • Initialization Vector (IV)
      • Symmetric Stream Ciphers
        • Example of Symmetric Stream Ciphers: RC4
        • Example of Symmetric Stream Ciphers: FISH
        • Example of Symmetric Stream Ciphers: PIKE
      • Hash Function
        • Hash – Salt
        • MD5
          • The MD5 Algorithm
        • MD6
        • Secure Hash Algorithm (SHA)
        • FORK-256
        • RIPEMD-160
        • GOST
        • Tiger
        • MAC and HMAC
      • CryptoBench
  • Module 3 Title Number Theory and Asymmetric Cryptography
  • Module 3 Content
    • Asymmetric Encryption
    • Basic Number Facts
      • Prime Numbers
      • Co-Prime Numbers
      • Euler’s Totient
      • Modulus Operator
      • Fibonacci Numbers
    • Birthday Theorem
      • Birthday Paradox
        • Birthday Paradox: Probability
      • Birthday Attack
    • Random Number Generator
      • Classification of Random Number Generator
      • Traits of a Good PRNG
      • Naor-Reingold and Mersenne Twister Pseudorandom Function
      • Linear Congruential Generator
      • Lehmer Random Number Generator
      • Lagged Fibonacci Generator (LFG)
      • Blum Blum Shub
      • Yarrow
      • Fortuna
    • Diffie-Hellman
    • Rivest Shamir Adleman (RSA)
      • RSA – How it Works
      • RSA Example
    • Menezes–Qu–Vanstone
    • Digital Signature Algorithm
      • Signing with DSA
    • Elliptic Curve
      • Elliptic Curve Variations
    • Elgamal
    • CrypTool
  • Module 4 Title Applications of Cryptography
  • Module 4 Content
    • FIPS Standards
    • Digital Signatures
    • What is a Digital Certificate?
      • Digital Certificates
        • X.509
        • X.509 Certificates
        • X.509 Certificate Content
        • X.509 Certificate File Extensions
    • Certificate Authority (CA)
      • Certificate Authority – Verisign
      • Registration Authority (RA)
      • Public Key Infrastructure (PKI)
      • Digital Certificate Terminology
      • Server-based Certificate Validation Protocol
      • Digital Certificate Management
      • Trust Models
      • Certificates and Web Servers
      • Microsoft Certificate Services
      • Windows Certificates: certmgr.msc
      • Authentication
        • Password Authentication Protocol (PAP)
        • Shiva Password Authentication Protocol (S-PAP)
        • Challenge-Handshake Authentication Protocol (CHAP)
        • Kerberos
          • Components of Kerberos System
          • Kerberos Authentication Process
    • Pretty Good Privacy (PGP)
      • PGP Certificates
    • Wi-Fi Encryption
      • Wired Equivalent Privacy (WEP)
      • WPA – Wi-Fi Protected Access
      • WPA2
    • SSL
    • TLS
    • Virtual Private Network (VPN)
      • Point-to-Point Tunneling Protocol (PPTP)
        • PPTP VPN
      • Layer 2 Tunneling Protocol VPN
      • Internet Protocol Security VPN
      • SSL/TLS VPN
    • Encrypting Files
      • Backing up the EFS key
      • Restoring the EFS Key
    • BitLocker
      • BitLocker: Screenshot
    • Disk Encryption Software: VeraCrypt
    • Common Cryptography Mistakes
    • Steganography
      • Steganography Terms
      • Historical Steganography
      • Steganography Details
      • Other Forms of Steganography
      • How to Embed?
      • Steganographic File Systems
      • Steganography Implementations
      • Demonstration
    • Steganalysis
      • Steganalysis – Raw Quick Pair
      • Steganalysis – Chi-Square Analysis
      • Steganalysis – Audio Steganalysis
    • Steganography Detection Tools
    • National Security Agency and Cryptography
      • NSA Suite A Encryption Algorithms
      • NSA Suite B Encryption Algorithms
      • National Security Agency: Type 1 Algorithms
      • National Security Agency: Type 2 Algorithms
      • National Security Agency: Type 3 Algorithms
      • National Security Agency: Type 4 Algorithms
    • Unbreakable Encryption
  • Module 5 Title Cryptanalysis
  • Module 5 Content
    • Breaking Ciphers
    • Cryptanalysis
    • Frequency Analysis
    • Kasiski
    • Cracking Modern Cryptography
      • Cracking Modern Cryptography: Chosen Plaintext Attack
      • Cracking Modern Cryptography: Ciphertext-only and Related-key Attack
    • Linear Cryptanalysis
    • Differential Cryptanalysis
    • Integral Cryptanalysis
    • Cryptanalysis Resources
    • Cryptanalysis Success
    • Rainbow Tables
    • Password Cracking
    • Tools
RM4,700.00(+RM282.00 Tax)

EC-Council’s Certified Cloud Security Engineer (C|CSE) course is curated by cloud security professionals in association with renowned subject matter experts to deliver a mix of vendor-neutral and vendor-specific cloud security concepts. The vendor-neutral concepts focus on cloud security practices, technologies, frameworks, and principles. In contrast, the vendor-specific materials deliver the practical skills that are needed to configure specific platforms, such as Amazon Web Services (AWS), Azure, and Google Cloud Platform (GCP). This offers candidates a well-balanced mix of theoretical and practical skills. In addition, advanced topics also cover modules on securing the cloud infrastructure by implementing regulations and standards to maintain security. EC-Council’s cloud security course is mapped to the real-time job roles and responsibilities of cloud security professionals and is ideal for beginners as well as experienced cybersecurity professionals.

Additional Info

  • Certification Course & Certificate
  • Course Code CCSE
  • Price 5000
  • Exam Price Include
  • Exam Code 312-40
  • Duration 5 days
  • Principals EC-Council
  • Schedule

    Available Upon Request

  • Audience
    • Network security engineers
    • Cybersecurity analysts
    • Network security analysts
    • Cloud administrators and engineers
    • Network security administrators
    • Cloud analysts
    • Cybersecurity engineers
    • Those working in network and cloud management and operations
  • Prerequisities
    • Have working knowledge in network security management
    • Basic understanding of cloud computing concepts
    • You will need an account (preferably, a new free tier account) on AWS, Azure, and GCP cloud services to perform labs
  • At Course Completion

    Organizations need cloud security engineers to help them build a secure cloud infrastructure, monitor vulnerabilities and implement incidence response plans to mitigate cloud-based threats. C|CSE, with its unique blend of vendor-neutral and vendor-specific concepts, trains candidates in the fundamentals while equipping them with job-ready practical skills. With C|CSE, candidates learn:

    • The fundamentals of cloud security in a vendor-neutral environment
    • How to use tools and techniques to configure public cloud providers such as AWS, Azure, and GCP
    • How to design and maintain a secure cloud environment
    • The knowledge and skills to protect, detect and respond to cloud network infrastructure threats
    • How to design and implement business continuity and disaster recovery plans
    • How to perform a cloud security audit and penetration testing
  • Module 1 Title Introduction to Cloud Security
  • Module 1 Content

    In this module, you will be presented with the core concepts of cloud computing, cloud service models, and cloud-based threats and vulnerabilities. The module highlights service provider components, such as evaluation and the shared security responsibility model, that are essential to confi­guring a secure cloud environment and protecting organizational resources.

  • Module 2 Title Platform and Infrastructure Security in the Cloud
  • Module 2 Content

    This module explores the key components and technologies that form a cloud architecture and how to secure multi-tenant, virtualized, physical, and logical cloud components. This module demonstrates confi­gurations and best practices for securing physical data centers and cloud infrastructures using the tools and techniques provided by Azure, AWS, and GCP.

  • Module 3 Title Application Security in the Cloud
  • Module 3 Content

    The focus of this module is securing cloud applications and explaining secure software development lifecycle changes. It explains the multiple services and tools for application security in Azure, AWS, and GCP.

  • Module 4 Title Data Security in the Cloud
  • Module 4 Content

    This module covers the basics of cloud data storage, its lifecycle, and various controls for protecting data at rest and data in transit in the cloud. It also addresses data storage features and the multiple services and tools used for securing data stored in Azure, AWS, and GCP.

  • Module 5 Title Operation Security in the Cloud
  • Module 5 Content

    This module encompasses the security controls essential to building, implementing, operating, managing, and maintaining physical and logical infrastructures for cloud environments and the required services, features, and tools for operational security provided by AWS, Azure, and GCP.

  • Module 6 Title Penetration Testing in the Cloud
  • Module 6 Content

    This module demonstrates how to implement comprehensive penetration testing to assess the security of an organization's cloud infrastructure and reviews the required services and tools used to perform penetration testing in AWS, Azure, and GCP.

  • Module 7 Title Incident Detection and Response in the Cloud
  • Module 7 Content

    This module focuses on incident response (IR). It covers the IR lifecycle and the tools and techniques used to identify and respond to incidents; provides training on using SOAR technologies; and explores the IR capabilities provided by AWS, Azure, and GCP.

  • Module 8 Title Forensics Investigation in the Cloud
  • Module 8 Content

    This module covers the forensic investigation process in cloud computing, including various cloud forensic challenges and data collection methods. It also explains how to investigate security incidents using AWS, Azure, and GCP tools.

  • Module 9 Title Business Continuity and Disaster Recovery in the Cloud
  • Module 9 Content

    This module highlights the importance of business continuity and disaster recovery planning in IR. It covers the backup and recovery tools, services, and features provided by AWS, Azure, and GCP to monitor business continuity issues.

  • Module 10 Title Governance, Risk Management, and Compliance in the Cloud
  • Module 10 Content

    This module focuses on the various governance frameworks, models, and regulations (ISO/IEC 27017, HIPAA, and PCI DSS) and the design and implementation of governance frameworks in the cloud. It also addresses cloud compliance frameworks and elaborates on the AWS, Azure, and GCP governance modules.

  • Module 11 Title Standards, Policies, and Legal Issues in the Cloud
  • Module 11 Content

    This module discusses standards, policies, and legal issues associated with the cloud. It also covers the features, services, and tools needed for compliance and auditing in AWS, Azure, and GCP.

  • Module 12 Title Appendix (Self-Study): Private, Hybrid, and Multi-Tenant Cloud Security
  • Module 12 Content

    The appendix covers the security of private, hybrid, and multi-tenant cloud models. It lists some of the best practices for securing VMWare Cloud, AWS, GCP, Azure hybrid cloud setups, and multi-tenant clouds.

RM5,000.00(+RM300.00 Tax)

The CND certification aims to equip you with hands-on training to function in real-life situations involving network defense. You will gain the technical skills required to proactively design a secure network with future threats in mind. This program will be akin to learning math instead of just using a calculator.

This program will be akin to learning math instead of just using a calculator. This program teaches a fundamental understanding of the true construct of data transfer, network technologies, and software technologies so that you understand how networks operate, the processes software is automating, and how to analyze the subject material.

You will learn how to mitigate, harden, and defend from the attacks. You will learn network defense fundamentals, the application of network security controls, protocols, perimeter appliances, secure IDS, VPN, and firewall configuration. You will then learn the intricacies of network traffic signature, analysis and vulnerability scanning which will help you when you design greater network security policies and successful incident response plans. These skills will help you foster resiliency and continuity of operations during attacks.

 

What typical students would benefit most from this class?

  • System Administrators
  • System Engineers
  • Firewall Administrators
  • Network Managers
  • IT Managers
  • IT Professionals
  • Anyone interested in network security technologies
  • Managers who want to understand cyber security core principles and practices
  • Operations personnel, who although do not have security as their primary job function, need an understanding of cyber security core principles and practices

Additional Info

  • Certification Course & Certificate
  • Course Code CND
  • Price 5000
  • Exam Price Include
  • Exam Code 312-38
  • Duration 5 Days
  • Schedule

    24-28 Jan 2022

    14-18 Mar 2022

    11-15 Apr 2022 (Penang)

    30 May-3 Jun 2022

    25-29 Jul 2022

    19-23 Sep 2022

    7-11 Nov 2022

    21-25 Nov 2022 (Penang)

  • Audience

    This program will take a typical Network/SysAdmin and immerse them in the world of Hackers and Cyber Defense.

  • Module 1 Title Computer Network Defense Fundamentals
  • Module 2 Title Network Security Threats, Vulnerabilities, and Attacks
  • Module 3 Title Network Security Controls, Protocols, and Devices
  • Module 4 Title Network Security Policy Design and Implementation
  • Module 5 Title Physical Security
  • Module 6 Title Host Security
  • Module 7 Title Secure Firewall Configuration and Management
  • Module 8 Title Secure IDS Configuration and Management
  • Module 9 Title Secure VPN Configuration and Management
  • Module 10 Title Wireless Network Defense
  • Module 11 Title Network Traffic Monitoring and Analysis
  • Module 12 Title Network Risk and Vulnerability Management
  • Module 13 Title Data Backup and Recovery
  • Module 14 Title Network Incident Response and Management
RM5,000.00(+RM300.00 Tax)
* Training Dates:

Decoding Web Application Hacking and Security
Web Application Hacking and Security has challenges derived from the engaging iLab environments of EC Council – from Certified Ethical Hacker (CEH) to the Certified Penetration Testing Professional (CPENT); from Certified Application Security Engineer (CASE) .Net to Java. But Web Application Hacking and Security goes beyond this to more difficult scenarios as you advance through each problem.

Web Application Hacking and Security is like a Capture-The-Flag (CTF) competitions meant to test your hacking skills. But you can keep on trying until you achieve the goal. Test your skills and work alone to solve complex problems or follow the instructor as they do a walkthroughs to help you learn Web Application Hacking and Security.

Watch your name rise on the leader board, a place where you’ll see who’s cracking the most challenges, who’s making the most progress, who’s cranking out the [email protected]$!

What is included
Video tutorials – 1 year access
Break the Code labs (24 challenges) – 3 months access
Exam – Exam Dashboard validity period of 30 days from the day user activates exam dashboard

 

Exam and Certification
The Web Application Hacking and Security exam assesses candidates’ skills and proficiency on a broad spectrum of OWASP Top-10 web application vulnerabilities and attack vectors. Web Application Hacking and Security Exam is a fully online, remotely proctored practical exam that challenges candidates through a grueling 6-hour performance based, hands-on exam.

The exam focuses on candidates’ proficiency in performing a web application security assessment in real life stressful scenario. Candidates who score more than 60% will earn the Certified Web Application Security Associate certification, candidates who score more than 75% will be awarded the Certified Web Application Security Professional certification and candidates who score more than 90% attain the prestigious Certified Web Application Security Expert certification!

Additional Info

  • Certification Course only
  • Course Code WAHS
  • Exam Price Include
  • Duration 1 Year Access
  • Audience

    If you are tasked with implementing, managing, or protecting web applications, then this course is for you. If you are a cyber or tech professional who is interested in learning or recommending mitigation methods to a myriad of web security issues and want a pure hands-on program, then this is the course you have been waiting for.

    • Penetration Tester

    • Ethical Hacker

    • Web Application Penetration

    • Tester/Security Engineer

    • Auditor

    • Red Team Engineer

    • Information Security Engineer

    • Risk/Vulnerability Analyst

    • Vulnerability Manager

    • Incident responder

  • Prerequisities

    Pre-requisite

    It is recommended to have:

    • Good understanding of web application working

    • Basic working knowledge of the Linux command line

    • Basic knowledge of OSes and file systems

    • Basic knowledge of Bash and/or Python scripting

     

    Host System Requirement

    Minimum Hardware Requirements for the Host OS:

    • CPU: Intel i3(3.6 GHz per core) 64-bit/AMD Ryzen 3(3.6 GHz per core)

    • RAM: 8 GB

    • HDD: 60 GB available space

    • Peripherals: External or Integrated Webcam

     

    Software Requirements for the Host OS:

    • Operating system: Windows 8.1 x64 or later/ MAC OSX

    • Virtualization Software: Any latest solution such as VMware Player/VMware Workstation 8.0/VMware Fusion 7.0 or later, Hyper-V, VirtualBox

    • Browser: Any modern browser such as Chrome, Firefox, Internet Explorer

    • Internet: A stable Internet connection with a minimum of 5mbps Download and 1mbps Upload speeds. It is recommended to use hard-wired connection instead of wireless.

     

    Virtual Machine Resource Requirement

    Your virtual machine should be able to run penetration testing Linux distribution such as Parrot Security/Kali Linux or your own penetration testing toolkit.

     

    VPN Software: The virtual machine should be installed with OpenVPN Connect client software. You can download it at https://openvpn.net/download-open-vpn/. The Parrot Security/Kali Linux distros come pre-installed with the OpenVPN client.

  • At Course Completion

    Unlike many Capture-the-Flag challenges and Vulnerable Virtual Machines, Web Application Hacking and Security provides the challenger with the ability to follow an instructor as they make their way through the challenges. The instructor will present alternatives, do scans, upload malicious payloads, and crack passwords from their home computer just like you.

    – But don’t rely on the walkthrough; challenge yourself and see how far you can get. Play some of the walkthroughs, then pause and try some more.

    In the process, you will learn about application vulnerabilities and web application hacking. Even though this will prove useful for other CTF contests, and in cracking VVMs, it will be even more useful to your career as you learn to defend your applications and progress to Web Application Hacking and Security.

     

    Course Outline

    • Advanced Web Application Penetration Testing

    • Advanced SQL Injection (SQLi)

    • Reflected, Stored and DOM-based Cross Site Scripting (XSS)

    • Cross Site Request Forgery (CSRF) – GET and POST Methods

    • Server-Side Request Forgery (SSRF)

    • Security Misconfigurations

    • Directory Browsing/Bruteforcing

    • CMS Vulnerability Scanning

    • Network Scanning

    • Auth Bypass

    • Web App Enumeration

    • Dictionary Attack

    • Insecure Direct Object Reference Prevention (IDOR)

    • Broken Access Control

    • Local File Inclusion (LFI)

    • Remote File Inclusion (RFI)

    • Arbitrary File Download

    • Arbitrary File Upload

    • Using Components with Known Vulnerabilities

    • Command Injection

    • Remote Code Execution

    • File Tampering

    • Privilege Escalation

    • Log Poisoning

    • Weak SSL Ciphers

    • Cookie Modification

    • Source Code Analysis

    • HTTP Header modification

    • Session Fixation

    • Clickjacking

  • Module 1 Content

    • Advanced Web Application Penetration Testing

    • Advanced SQL Injection (SQLi)

    • Reflected, Stored and DOM-based Cross Site Scripting (XSS)

    • Cross Site Request Forgery (CSRF) – GET and POST Methods

    • Server-Side Request Forgery (SSRF)

    • Security Misconfigurations

    • Directory Browsing/Bruteforcing

    • CMS Vulnerability Scanning

    • Network Scanning

    • Auth Bypass

    • Web App Enumeration

    • Dictionary Attack

    • Insecure Direct Object Reference Prevention (IDOR)

    • Broken Access Control

    • Local File Inclusion (LFI)

    • Remote File Inclusion (RFI)

    • Arbitrary File Download

    • Arbitrary File Upload

    • Using Components with Known Vulnerabilities

    • Command Injection

    • Remote Code Execution

    • File Tampering

    • Privilege Escalation

    • Log Poisoning

    • Weak SSL Ciphers

    • Cookie Modification

    • Source Code Analysis

    • HTTP Header modification

    • Session Fixation

    • Clickjacking

RM2,950.00(+RM177.00 Tax)
Page 1 of 2

PMP, Project Management Professional (PMP), CAPM, Certified Associate in Project Management (CAPM) are registered marks of the Project Management Institute, Inc.

We are using cookies to give you the best experience on our site. By continuing to use our website without changing the settings, you are agreeing to use of cookies.
Ok Decline