This is the fourth course in the CompTIA Security+ learning path. This is one of the shorter courses and is comprised of 5 modules:
Application Security Controls and Techniques
Begins with an explanation of Fuzzing. Then covers Secure Coding Concepts such as error and exception handing and Input validation.
It describes how to prevent Cross-site scripting and Cross-site Request Forgery attacks, and talks about application configuration baselining.
It follows on with Application hardening and Application patch management. It then discusses NoSQL vs SQL databases, and Server-side vs Client-side validation.
Some of the material is the module (such as XSS vs CSRF) will already be familiar of you have watched the Threats and Vulnerabilities course.
Mobile Security Concepts and Technologies
The three main areas covered here are Device Security, Application Security, and Bring Your Own Device (BYOD) concerns.
The Device Security coverage features full device encryption, remote wiping, lockout, screen-locks, GPS, application control, storage segmentation, asset tracking, inventory control, mobile device management, device access control, removable storage and disabling unused features.
The Application Security coverage features Key / Credential Management, Authentication, Geo-Tagging, Encryption, Application Whitelisting and Blacklisting, and Transitive trust / authentication.
The Bring Your Own Device concerns that are discussed include data ownership, support ownership, patch management, antivirus management, forensics, privacy, and adherence to various corporate policies (user acceptance/legal/on-board camera and video).
Establishing Host Security
This module also covers three main areas. These are OS & App Security, Host Based Security, and Virtualization.
OS and Application Security includes Operation system security settings, OS hardening, Anti-malware, Patch management, White listing vs black listing applications, and the trusted OS.
Host Based Security covers Host-based firewalls, the advantages of Host-based intrusion detection systems, and Hardware security: cable locks, safe and locking cabinets.
The Virtualization coverage includes snapshots, patch compatibility, host availability / elasticity, Security control testing and Sandboxing.
This module again overlaps with some of the content covered in the Threats and Vulnerabilities course.
Appropriate Controls to Ensure Data Security
This module discusses Cloud storage, SANs, Handling Big Data, Data encryption, Hardware based encryption devices, Permissions and Data policies.
Mitigate Security Risks in Static Environments
This final module discusses many kinds of environments, such as SCADA, Embedded systems (Printers/Smart TVs/HVACs), Android, iOS, Mainframes, Game consoles and In-vehicle computing systems.
It also talks about the various methods for securing these environments, including network segmentation, security layers, application firewalls, manual updates, firmware version control, wrappers, control redundancy and diversity.
This course briefly introduces Kali Linux. Before you download and start playing around with it, I highly recommend watching the course Understanding Ethical Hacking. Kali Linux contains an arsenal of potentially highly dangerous weapons, and should only be used within the correct safety procedures as explained in this course. Penalties for misuse are extremely high, and if you don’t know what you are doing you could end up accidentally breaking the law and going to jail.
Activities to complement this course:
If you are interested in Mobile Device Management, here are the links to some providers that you might be interested in reviewing:
If you are looking for a free firewall application for Windows but don’t want to use Microsoft’s firewall, a popular option is Zone Alarm. There is also a premium version available.
Recommended Speed: 1.2x