CompTIA CASP+ (CAS-003)
Theory & Hands-On Skills for infosec professionals63 H 55 M
Just you? Training a whole team? There's an ITProTV plan that fits.
Start Training TodayThis course has a virtual lab
This course has a practice test
Episodes
Episodes
- Supporting IT Governance and Risk Management
- Overview
- So You Want To Setup a Lab
- Begin at the Beginning - Confidentiality
- Begin at the Beginning - Integrity
- Begin at the Beginning - Availability
- Governance and Risk Management: Overview
- Governance and Risk Management: Risk Vocabulary
- Governance and Risk Management: Risk Management
- Governance and Risk Management: Risk Analysis
- Assess Risks: What is a Security Framework
- Assess Risks: ESA Framework Assessment Process
- Assess Risks: System Specific Risk Analysis
- Assess Risks: Risk Determination
- Assess Risks: Guidelines for Assessing Risk
- Risk Mitigation: What is a Aggregate CIA Score
- Risk Mitigation: What are the CVSS and CVE
- Risk Mitigation: Risk Responses
- Risk Management Documentation: Best Practices
- Risk Management Documentation: BCP
- Risk Management Documentation: What is a BIA
- Risk Management Documentation: Downtime
- Risk Management Documentation: Documents
- I.T. Governance and Risk Management - Key Points
- Leveraging Collaboration to Support Security
- Collaboration: GRC and Controls
- Collaboration: What is an SCA
- Collaboration: Solutions
- Leveraging Collaboration - Key Points
- Using Research and Analysis to Secure the Enterprise
- Research and Analysis: Industry Trends
- Research and Analysis: Artificial Intelligence
- Research and Analysis: Requirements for Contracts
- Analyze Scenarios to Secure the Enterprise
- Using Research and Analysis - Key Points
- Integrating Advanced Authentication and Authorization Techniques
- Authentication and Access Control
- Authentication Factors and Controls
- Authentication Types
- Centralized Remote Authentication Services
- Deep Dive: RADIUS
- Deep Dive: 802.1X
- What is Authorization/OAuth2.0
- What is XACML
- Trusts Models and Kerberos
- Trust Models and Kerberos Part 2
- Directory Services and LDAP
- Hands On: Establishing Peer Trusts
- Authentication and Authorization Review Questions
- Advanced Identity Concepts and Vocabulary
- Identity Federation Methods
- Advanced Identity Review Questions
- Authentication and Authorization: Key Points
- Implementing Cryptographic Techniques
- Encryption
- Hashing
- Digital Signatures
- Blockchain and Bitcoin
- Hands on: Configuring a Blockchain
- Public Key Infrastructure PKI - Design
- Public Key Infrastructure PKI - Concepts
- Cryptography Concepts
- Stream vs. Block Ciphers
- Implement Cryptography
- Implementing Cryptographic Techniques - Key Points
- Implementing Security Controls for Hosts
- Host Concepts and Vocabulary
- Product Evaluation Models - TCSEC
- Product Evaluation Models - ITSEC
- Product Evaluation Models - Common Criteria
- What is a Trusted OS
- Types of Security Models
- Bell-LaPadula
- Biba
- Clark-Wilson and Others
- Access Control Concepts
- Role-Based Access Control (RBAC)
- Other Access Control Models
- Endpoint Security
- Host Review Questions
- Hardening Hosts Concepts and Vocabulary
- Peripherals
- Full Disk Encryption
- Hands-on: Hardening Windows Hosts, AppLocker
- Virtualization Concepts and Vocabulary
- Common VM Vulnerabilities
- Hands-on: Creating Securing VM using Virtualbox
- Boot Loader Concepts and Vocabulary
- Hands-on: Protecting Boot Loaders
- Implementing Security Controls Hosts Key Points
- Security Controls for Mobile Devices
- Mobile Deployment Models
- MDM Concepts and Vocabulary
- MDM Concepts and Vocabulary Part 2
- Storage
- Concepts and Vocabulary
- Concepts and Vocabulary Part 2
- Security Controls for Mobile Devices - Key Points
- Implementing Network Security
- IDSs vs IPSs casp
- What is a SIEM system
- Network Security Concepts and Vocabulary
- Hands-On Deploy Network Security Platform OPNsense
- SoC, BASs, ICS and SCADA
- Network-Enabled Devices Review Questions
- Remote Access and IPv6
- Network Authentication
- Network Topologies and SDN
- Optimizing Resource Placement
- Advanced Network Design Review Questions
- Network Security Controls Concepts Vocabulary
- VLANS and Network Data Flow
- DPI and HTTPS Inspection
- Network Device Configurations
- NAC and Alerting
- Hands on: Implementing Network Monitoring ntopng
- Implementing Network Security - Key Points
- Implementing Security in the Systems and Software Development Lifecycle
- What is the Systems Development Life Cycle SDLC
- Development Methodologies
- What are the SDLC Phases
- Security Requirements Traceability Matrix SRTM
- Common Software Development Approaches
- Common Software Development Methods
- What about Validation and Acceptance Testing
- SDLC Review Questions
- Secure vs Insecure Direct Object References
- Error Exception Handling Try...Catch Statements
- What is Privilege Escalation
- Overflows and Canaries
- Memory Leaks
- Races and Exhaustion
- What is SQL Injection
- What is Session...
- What is a Cross-Site Scripting XSS Attack
- Cross-Site Request Forgery XSRF/CSRF Attack
- What about Clickjacking and Cookie Hijacking
- What is security by...
- Input Validation Fuzzing Application Sandboxing
- WS-Security DAM and Software Assurance Tech
- Implementing Security in the SDLC - Key Points
- Integrating Assets in a Secure Enterprise Architecture
- Integrate Best Practices in Enterprise Security
- Technical Deployment Models: What is a Model
- Technical Deployment Models: What is Cloud
- Cloud Security Services in the Enterprise
- Secure Design: Vocabulary and Concepts
- Secure Design: Vocabulary and Concepts Part 2
- Secure Design: Review Questions
- Data Security: Owners, Processors and Sovereignty
- Data Security: Data Flow Security
- Data Security: Data Remanence
- Data Security: Provisioning and Deprovisioning
- Data Security: Review Questions
- Enterprise Applications: What are They
- Enterprise Applications: Directory Svcs, DNS
- Enterprise Applications: Directory Svsc, DNS Pt.2
- Enterprise Applications: Hands on with DNS RRs
- DNSSEC, Zone Transfers and TSIGs
- DNSSEC, Zone Transfers and TSIG Part 2
- DNSSEC, Zone Transfers and TSIG Part 3
- Hands on With DNSSEC
- Enterprise Applications: Configuration Management
- Enterprise Applications: Review Questions
- Integrating Assets - Key Points
- Conducting Security Assessments
- Security Assessments: Types
- Security Assessments: Application Code Review
- Going Deeper: Vulnerability Scanning
- Going Deeper: Testing Software
- Software Testing Types
- Software Testing Types Part 2
- Logs, Memory and Debugging
- Social Engineering
- OSINT, Self-Assessments and Teaming
- Security Assessments - Review Questions
- Vulnerability Scanner (Nikto)
- Port Scanner (Zenmap)
- Protocol Analyzer (Wireshark)
- Network Enumerator (Zenmap)
- Password Cracker (John the Ripper)
- Using a Fuzzer in Kali Linux
- HTTP Interceptor (Burp Suite)
- Exploitation Framework (Social-Engineer Toolkit)
- Log Analysis in Kali (grep and cut)
- OpenSCAP
- Reverse Engineering (strace)
- Conducting Security Assessments - Key Points
- Responding to and Recovering from Incidents
- Concepts and Vocabulary
- Incident Response Facilitators
- Incident Response Facilitators Part 2
- e-Discovery
- Incident Response Review Questions
- What is COOP
- CSIRTs and Common Tools
- Evidence Collection and Handling
- Types of Evidence
- Five Rules of Evidence 5 B's
- Principles of Criminalistics
- Investigation Process
- Forensic Analysis of Compromised Systems
- What is the Order of Volatility
- Conducting Forensic Analysis with Autopsy
- Responding to Incidents - Key Points
Overview
2 M
- Episode Description
- Transcript
Those looking to complete the CompTIA Advanced Security Practitioner (CASP+) certification will find in this course an overview of the process in achieving the certification and a brief amount of details about the exam required to pass in order to receive the certification. The CASP+ covers the technical knowledge and skills required to conceptualize, design, and engineer secure solutions across complex enterprise environments.