Web Security School Lesson 2

In Lesson 2 of Web Security School, guest instructor Michael Cobb explains what to expect and look for when analyzing an attack on a Web server. He presents a guide to logging and auditing leads, and reviews essential fortification, countermeasures and other recommended security enhancements for your server.    Webcast: Web attacks and how to defeat them    Technical paper: Life at the edge: Securing the network perimeter    Quiz: Lesson 2    About the Instructor

MAIN MENU

Web Security School Home Lesson 1 Lesson 2 Lesson 3

Webcast: Web attacks and how to defeat them

Guest instructor Michael Cobb takes an in-depth look at how Web sites are attacked and what you can do to reduce the likelihood of a successful attack. He reviews the role of logging and auditing in combating attacks, and outlines the best countermeasures you can take to stay ahead of hackers and safeguard your Web site. You will also learn about tools that help show you where you stand in the fight against hackers. As with the first Web Security School webcast, you will be given several checklists to help you review your Web site's security. This webcast is available on-demand. Through our agreement with (ISC)², all CISSP and SSCP participants who attend this webcast can earn one CPE credit.

Webcast companion materials:

Now available as an MP3: Web attacks and how to defeat them

Technical paper: Life at the edge: Securing the network perimeter

In this four-part paper, learn strategies for resisting attacks on a network. Guest instructor Michael Cobb takes you through the process of securing a network perimeter by examining Web security architectures, explaining how to use encryption and testing a network perimeter for survivability.

READ THIS TECHNICAL PAPER   (Download PDF)

Quiz: Lesson 2

The final part of this lesson is the quiz to assess your knowledge of analyzing Web server attacks. In order to successfully pass the quiz, you need to attend the webcast and read the technical paper.

TAKE THE QUIZ   (Download PDF)

About the Instructor

Michael Cobb, CISSP-ISSAP, is a renowned security author with more than 10 years experience in the IT industry and another 16 years experience in finance. He is the founder and managing director of Cobweb Applications Ltd., a consultancy that offers IT training and support in data security and analysis. He co-authored the book IIS Security and has written numerous technical articles for leading IT publications. Cobb is also a Microsoft Certified Database Administrator and a Microsoft Certified Professional.

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT IIS Security Kaminsky: DNS flaw capable of attacks on many fronts Trend Micro site compromised What server considerations should be made when setting up an internal network's private applications? IT discussion: Is malware the cause of a DNS server error? Insider's guide to IIS Web server security Microsoft July updates for critical Excel, Windows and .NET flaws Finding and blocking Web application server attack vectors What's the best way to verify client authentication across unrelated Web servers? Microsoft to release DNS patch Tuesday DNS worm strikes at Microsoft flaw IIS Security Research SSL & TLS Google Chrome unlikely to attract security-minded users Plug-in opens door for self-signed SSL certs in Firefox 3 Which operating system can best secure an FTP site? If email attachments are sent via SSL will they be encrypted? Transit Safety Yahoo fixes SSL flaw in Business E-mail Quiz: Web application threats and vulnerabilities Secure data transmission methods Apple patches 13 flaws in Mac OS X Security Bytes: IE7 defenses revealed Web Application Security (Also see Web Access Control) Symantec to acquire MessageLabs for SaaS model Clickjacking details released after attack proof-of-concept emerges Billy Hoffman on AJAX security and browser attacks Data risks take shine off Google Chrome Verizon breach study identifies industry specific threats IronPort feature detects exploited websites PCI DSS 1.2 clarifies wireless, antivirus use MySpace, Facebook ignoring basic principles of security Positive changes coming to ModSecurity Kaminsky: DNS flaw capable of attacks on many fronts

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Secure Shell  (SearchSecurity.com) Secure Sockets Layer  (SearchSecurity.com) server accelerator card  (SearchSecurity.com) Transport Layer Security  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary