Some Important Questions.
- Are you curious on how an attack pattern looks when a web application is under a malicious attack?
- Are you interested in knowing the basics of attack detection and what tools and techniques are used when we want to detect an attack on a web application or an authentication service like SSH or FTP?
- Do you want to develop a basic skillset on reading and deciphering the interesting information in logs & add value to your existing skills?
You could be an application developer, a network administrator, a security professional who would like to gain the skills to detect and pinpoint attacks by malicious actors and protect your web applications.
About the course
This course is designed with a sole purpose to educate learners about the immense value the web server and authentication logs or logs in general store and how the information in these logs can be helpful to detect any ongoing attack that your webserver or authentication service might be under. Or an attack that already have taken place.
This course explains the basics of web servers and how the logging is done on the web servers default logging locations. We also explain about the structure of logs & default logging locations for the widely used web servers – Apache, Nginx & Microsoft IIS. Authentication servers like SSH & FTP as these too often come under bruteforce attack.
Course teaching methodology
We focus on both theoretical & practical aspects of log analysis. So we work in both the ways – as an attacker who would try to attack the application / SSH / FTP services & a defender, who will analyse the logs using multiple tools and visualise how the logs of an application under attack can look like.
We setup a test environment with a victim machine and an attacker machine and generate both normal and malicious traffic and then use the generated logs to investigate the common attack pattern and learn the typicality of an attack and educate ourselves on how the attacks look in the logs and appreciate how logs store valuable information which is often overlooked.
This will ensure that learners will get hands-on experience on the concept of log analysis and utilise this basic skillset in their day-to-day security or administrative tasks & activities.
We also discuss about the best practices from multiple standard sources that can be implemented to ensure that the logging is done at an optimum level and stay vigilant.
By the end of the course, you will gain a foundational understanding on:
- Grasp the basics of logging concepts, its importance and standard log formats & log storage location for web servers like Apache, Nginx & Microsoft IIS. Authentication services like SSH & FTP.
- Identify the Malicious traffic that gets logged and ascertain if the application / service is under active attack or has been attacked and learn about the potential point of attack.
- Gain a broad insight on best logging practices as per the OWASP guidelines and develop an understanding on ways in which you can implement a robust logging for your IT assets.
- Gain an overall thought process for analysing any of the logs of system and troubleshoot and pinpoint an issue.
Who this course is for:
- Cyber Security professionals who want to learn to detect attacks from logs.
- Network administrators wanting to develop basic skills for log analysis.
- Application Developers – wanting to quickly detect security issues that might be occuring.
- Students wanting to enhance their knowledge in log analysis.
What you’ll learn
- Basics of web server, FTP, SSH logs and their common logging formats
- Read and understand the log entries
- Visualize and differentiate between normal and attack traffic
- Identify common attacks like SQLi, XSS, Command Injection, LFI/RFI, Bruteforce, file uploads, etc.
- Identify the possible source of the attack
- Pin point a possible vulnerability in web application that forms an entry point for attack.
- Common tools & techniques used for detecting attacks – Manual & automated
Free Download Links-
Note: Comment below if you find the download links dead and comment with fake or temporary Email-id is going to be ignored.