CompTIA CASP+ (CAS-003)
Theory & Hands-On Skills for infosec professionals63 H 55 M
Episodes
Episodes
- Supporting IT Governance and Risk Management
- Overview
- So You Want To Setup a Lab
- Begin at the Beginning - Confidentiality
- Begin at the Beginning - Integrity
- Begin at the Beginning - Availability
- Governance and Risk Management: Overview
- Governance and Risk Management: Risk Vocabulary
- Governance and Risk Management: Risk Management
- Governance and Risk Management: Risk Analysis
- Assess Risks: What is a Security Framework
- Assess Risks: ESA Framework Assessment Process
- Assess Risks: System Specific Risk Analysis
- Assess Risks: Risk Determination
- Assess Risks: Guidelines for Assessing Risk
- Risk Mitigation: What is a Aggregate CIA Score
- Risk Mitigation: What are the CVSS and CVE
- Risk Mitigation: Risk Responses
- Risk Management Documentation: Best Practices
- Risk Management Documentation: BCP
- Risk Management Documentation: What is a BIA
- Risk Management Documentation: Downtime
- Risk Management Documentation: Documents
- I.T. Governance and Risk Management - Key Points
- Leveraging Collaboration to Support Security
- Collaboration: GRC and Controls
- Collaboration: What is an SCA
- Collaboration: Solutions
- Leveraging Collaboration - Key Points
- Using Research and Analysis to Secure the Enterprise
- Research and Analysis: Industry Trends
- Research and Analysis: Artificial Intelligence
- Research and Analysis: Requirements for Contracts
- Analyze Scenarios to Secure the Enterprise
- Using Research and Analysis - Key Points
- Integrating Advanced Authentication and Authorization Techniques
- Authentication and Access Control
- Authentication Factors and Controls
- Authentication Types
- Centralized Remote Authentication Services
- Deep Dive: RADIUS
- Deep Dive: 802.1X
- What is Authorization/OAuth2.0
- What is XACML
- Trusts Models and Kerberos
- Trust Models and Kerberos Part 2
- Directory Services and LDAP
- Hands On: Establishing Peer Trusts
- Authentication and Authorization Review Questions
- Advanced Identity Concepts and Vocabulary
- Identity Federation Methods
- Advanced Identity Review Questions
- Authentication and Authorization: Key Points
- Implementing Cryptographic Techniques
- Encryption
- Hashing
- Digital Signatures
- Blockchain and Bitcoin
- Hands on: Configuring a Blockchain
- Public Key Infrastructure PKI - Design
- Public Key Infrastructure PKI - Concepts
- Cryptography Concepts
- Stream vs. Block Ciphers
- Implement Cryptography
- Implementing Cryptographic Techniques - Key Points
- Implementing Security Controls for Hosts
- Host Concepts and Vocabulary
- Product Evaluation Models - TCSEC
- Product Evaluation Models - ITSEC
- Product Evaluation Models - Common Criteria
- What is a Trusted OS
- Types of Security Models
- Bell-LaPadula
- Biba
- Clark-Wilson and Others
- Access Control Concepts
- Role-Based Access Control (RBAC)
- Other Access Control Models
- Endpoint Security
- Host Review Questions
- Hardening Hosts Concepts and Vocabulary
- Peripherals
- Full Disk Encryption
- Hands-on: Hardening Windows Hosts, AppLocker
- Virtualization Concepts and Vocabulary
- Common VM Vulnerabilities
- Hands-on: Creating Securing VM using Virtualbox
- Boot Loader Concepts and Vocabulary
- Hands-on: Protecting Boot Loaders
- Implementing Security Controls Hosts Key Points
- Security Controls for Mobile Devices
- Mobile Deployment Models
- MDM Concepts and Vocabulary
- MDM Concepts and Vocabulary Part 2
- Storage
- Concepts and Vocabulary
- Concepts and Vocabulary Part 2
- Security Controls for Mobile Devices - Key Points
- Implementing Network Security
- IDSs vs IPSs casp
- What is a SIEM system
- Network Security Concepts and Vocabulary
- Hands-On Deploy Network Security Platform OPNsense
- SoC, BASs, ICS and SCADA
- Network-Enabled Devices Review Questions
- Remote Access and IPv6
- Network Authentication
- Network Topologies and SDN
- Optimizing Resource Placement
- Advanced Network Design Review Questions
- Network Security Controls Concepts Vocabulary
- VLANS and Network Data Flow
- DPI and HTTPS Inspection
- Network Device Configurations
- NAC and Alerting
- Hands on: Implementing Network Monitoring ntopng
- Implementing Network Security - Key Points
- Implementing Security in the Systems and Software Development Lifecycle
- What is the Systems Development Life Cycle SDLC
- Development Methodologies
- What are the SDLC Phases
- Security Requirements Traceability Matrix SRTM
- Common Software Development Approaches
- Common Software Development Methods
- What about Validation and Acceptance Testing
- SDLC Review Questions
- Secure vs Insecure Direct Object References
- Error Exception Handling Try...Catch Statements
- What is Privilege Escalation
- Overflows and Canaries
- Memory Leaks
- Races and Exhaustion
- What is SQL Injection
- What is Session...
- What is a Cross-Site Scripting XSS Attack
- Cross-Site Request Forgery XSRF/CSRF Attack
- What about Clickjacking and Cookie Hijacking
- What is security by...
- Input Validation Fuzzing Application Sandboxing
- WS-Security DAM and Software Assurance Tech
- Implementing Security in the SDLC - Key Points
- Integrating Assets in a Secure Enterprise Architecture
- Integrate Best Practices in Enterprise Security
- Technical Deployment Models: What is a Model
- Technical Deployment Models: What is Cloud
- Cloud Security Services in the Enterprise
- Secure Design: Vocabulary and Concepts
- Secure Design: Vocabulary and Concepts Part 2
- Secure Design: Review Questions
- Data Security: Owners, Processors and Sovereignty
- Data Security: Data Flow Security
- Data Security: Data Remanence
- Data Security: Provisioning and Deprovisioning
- Data Security: Review Questions
- Enterprise Applications: What are They
- Enterprise Applications: Directory Svcs, DNS
- Enterprise Applications: Directory Svsc, DNS Pt.2
- Enterprise Applications: Hands on with DNS RRs
- DNSSEC, Zone Transfers and TSIGs
- DNSSEC, Zone Transfers and TSIG Part 2
- DNSSEC, Zone Transfers and TSIG Part 3
- Hands on With DNSSEC
- Enterprise Applications: Configuration Management
- Enterprise Applications: Review Questions
- Integrating Assets - Key Points
- Conducting Security Assessments
- Security Assessments: Types
- Security Assessments: Application Code Review
- Going Deeper: Vulnerability Scanning
- Going Deeper: Testing Software
- Software Testing Types
- Software Testing Types Part 2
- Logs, Memory and Debugging
- Social Engineering
- OSINT, Self-Assessments and Teaming
- Security Assessments - Review Questions
- Vulnerability Scanner (Nikto)
- Port Scanner (Zenmap)
- Protocol Analyzer (Wireshark)
- Network Enumerator (Zenmap)
- Password Cracker (John the Ripper)
- Using a Fuzzer in Kali Linux
- HTTP Interceptor (Burp Suite)
- Exploitation Framework (Social-Engineer Toolkit)
- Log Analysis in Kali (grep and cut)
- OpenSCAP
- Reverse Engineering (strace)
- Conducting Security Assessments - Key Points
- Responding to and Recovering from Incidents
- Concepts and Vocabulary
- Incident Response Facilitators
- Incident Response Facilitators Part 2
- e-Discovery
- Incident Response Review Questions
- What is COOP
- CSIRTs and Common Tools
- Evidence Collection and Handling
- Types of Evidence
- Five Rules of Evidence 5 B's
- Principles of Criminalistics
- Investigation Process
- Forensic Analysis of Compromised Systems
- What is the Order of Volatility
- Conducting Forensic Analysis with Autopsy
- Responding to Incidents - Key Points
Overview
2 M



- Episode Description
- Transcript
Those looking to complete the CompTIA Advanced Security Practitioner (CASP+) certification will find in this course an overview of the process in achieving the certification and a brief amount of details about the exam required to pass in order to receive the certification. The CASP+ covers the technical knowledge and skills required to conceptualize, design, and engineer secure solutions across complex enterprise environments.
Just you? Training a whole team? There's an ITProTV plan that fits.
With more than 5,800 hours of engaging video training for IT professionals, you'll find the courses you and your team need to stay current and get the latest certifications.