layout	title	categories
default	Lynda.com - CompTIA Security+ (SY0-501) Cert Prep: 1 Threats, Attacks, and Vulnerabilities	drafts

Course: Lynda.com - CompTIA Security+ (SY0-501) Cert Prep: 1 Threats, Attacks, and Vulnerabilities
Author: Mike Chapple
Released: 11/22/2017
Duration: 3h 20m
Skill Level: Beginner
Course Description

The CompTIA Security+ exam is an excellent entry point for a career in information security. The latest version, SY0-501, expands coverage of cloud security, virtualization, and mobile security. This course prepares exam candidates for the critical Threats, Attacks, and Vulnerabilities domain of the exam. By learning about malware, networking and application security exploitations, and social engineering, you'll be prepared to answer questions from the exam—and strengthen your own organization's systems and defenses. Author Mike Chapple, an IT leader with over 15 years of experience, also covers the processes for discovering and mitigating threats and attacks, and conducting penetration testing and scanning for vulnerabilities. Visit certmike.com to join one of his free study groups.

Topics include:

Comparing viruses, worms, and Trojans

Backdoors and logic bombs

Understanding the attacker

Attack types: from denial of service to brute force attacks

Preventing insider threats

Wireless attacks

Understanding cross-site scripting

Preventing SQL injection

Social engineering

Scanning for vulnerabilities

Penetration testing

Assessing the impact of vulnerabilities

Table of Content

{:.no_toc}

A markdown unordered list which will be replaced with the ToC, excluding the "Contents header" from above {:toc}

Introduction

Welcome

What you need to know

1. Malware

Comparing viruses, worms, and Trojans

Comparing adware, spyware, and ransomware

Understanding backdoors and logic bombs

Looking at advanced malware

Understanding botnets

Advanced persistent threats

2. Understanding Attackers

Cybersecurity adversaries

Preventing insider threats

Threat intelligence

3. Understanding Attack Types

Denial of service attacks

Eavesdropping attacks

Network attacks

Network address spoofing

Password attacks

Brute force cryptographic attacks

Knowledge-based crytpographic attacks

Watering hole attacks

4. Wireless Attacks

Wireless eavesdropping

WPA and WPS attacks

Propagation attacks

Preventing rogues and evil twins

Disassociation attacks

Understanding Bluetooth and NFC attacks

RFID security

5. Application Attacks

Application security

Preventing SQL injection

Understanding cross-site scripting

Understanding cross-site request forgery

Clickjacking

Defending against directory traversal

Overflow attacks

Explaining cookies and attachments

Session hijacking

Malicious add-ons

Code execution attacks

Driver manipulation

Error and exception handling

6. Social Engineering Attacks

Social engineering

Impersonation attacks

Physical social engineering

7. Vulnerability Scanning and Penetration Testing

Security assessment tools

Scanning for vulnerabilities

Assessing threats

Threat assessment techniques

Penetration testing

Advanced vulnerability scanning

8. Impact of Vulnerabilities

Vendor vulnerabilities

Memory vulnerabilities

Race condition vulnerabilities

Configuration vulnerabilities

Architectural vulnerabilities

Conclusion

Next steps

Files

lynda-sy0-501-prep-1.md

Latest commit

History

lynda-sy0-501-prep-1.md

File metadata and controls

Table of Content

Introduction

Welcome

What you need to know

1. Malware

Comparing viruses, worms, and Trojans

Comparing adware, spyware, and ransomware

Understanding backdoors and logic bombs

Looking at advanced malware

Understanding botnets

Advanced persistent threats

2. Understanding Attackers

Cybersecurity adversaries

Preventing insider threats

Threat intelligence

3. Understanding Attack Types

Denial of service attacks

Eavesdropping attacks

Network attacks

Network address spoofing

Password attacks

Brute force cryptographic attacks

Knowledge-based crytpographic attacks

Watering hole attacks

4. Wireless Attacks

Wireless eavesdropping

WPA and WPS attacks

Propagation attacks

Preventing rogues and evil twins

Disassociation attacks

Understanding Bluetooth and NFC attacks

RFID security

5. Application Attacks

Application security

Preventing SQL injection

Understanding cross-site scripting

Understanding cross-site request forgery

Clickjacking

Defending against directory traversal

Overflow attacks

Explaining cookies and attachments

Session hijacking

Malicious add-ons

Code execution attacks

Driver manipulation

Error and exception handling

6. Social Engineering Attacks

Social engineering

Impersonation attacks

Physical social engineering

7. Vulnerability Scanning and Penetration Testing

Security assessment tools

Scanning for vulnerabilities

Assessing threats

Threat assessment techniques

Penetration testing

Advanced vulnerability scanning

8. Impact of Vulnerabilities

Vendor vulnerabilities

Memory vulnerabilities

Race condition vulnerabilities

Configuration vulnerabilities

Architectural vulnerabilities

Conclusion

Next steps