Videos

W3af tutorial: How to use w3af for a Web application security scan

In this screencast video, Keith Barker of CBT Nuggets offers a tutorial on how to perform a thorough Web application security scan using w3af.
Security vulnerability assessment secrets with Kevin Beaver

Webcast: The 'Hacking for Dummies' author explains how to improve vulnerability assessments with better planning, tools and respect for the process.

How to analyze malware with REMnux's reverse-engineering malware tools

Video: Keith Barker of CBT Nuggets demonstrates how to use the free reverse engineering malware tools in REMnux to analyze malware in apps and PDFs.
SIEM architecture and operational processes

Anton Chuvakin describes why the success of your SIEM deployment is determined more by operational processes than by its architecture or a specific tool.
How to use Nikto to scan for Web server vulnerabilities

Video: Keith Barker of CBT Nuggets shows how to use Nikto, a free and open source tool, to scan for outdated or vulnerable Web servers.
Security Onion tutorial: Analyze network traffic using Security Onion

Video: In this Security Onion tutorial, Keith Barker of CBT Nuggets shows how to analyze network traffic using Security Onion's many free features.
Armitage tutorial: How to use Armitage for vulnerability assessments

Video: In this Armitage tutorial, Keith Barker of CBT Nuggets shows how to use the Metasploit add-on to perform vulnerability assessments.
Data loss prevention tools: Understanding your options

Video: Kevin Beaver uses real-life experiences with data loss prevention tools to help you with your technology choices, rollout and management.
How to use ThreadFix to simplify the vulnerability management process

Video: Keith Barker of CBT Nuggets demonstrates how Denim Group's ThreadFix helps simplify the enterprise vulnerability management process.
An introduction to Web application threat modeling

Video: VerSprite's Tony UcedaVelez explains how Web application threat modeling assesses Web risk and how it differs from penetration testing.
Zed Attack Proxy tutorial: Uncover Web app vulnerabilities using ZAP

Video: Keith Barker of CBT Nuggets offers a OWASP Zed Attack Proxy tutorial. Learn how to find and nullify Web application vulnerabilities using ZAP.
PayPal CISO: Laws must foster better cybersecurity information sharing

PayPal's Michael Barrett says many firms fear misuse of shared cybersecurity data. He also discusses the evolution of PCI DSS and mobile payment security.
Use the Mandiant Redline memory analysis tool for threat assessments

Video: Keith Barker of CBT Nuggets shows how to use the Mandiant Redline memory analysis tool to conduct threat assessments, defeat rootkits.
NSA's Troy Lange details NSA mobile security strategy

Video: NSA mobility mission manager Troy Lange discusses the NSA mobile security strategy, including mistakes made and lessons learned.
How to use Microsoft's MAP toolkit security assessment application

Video: Keith Barker of CBT Nuggets details how to use Microsoft's MAP Toolkit security assessment application to find and report on vulnerable endpoints.
Tactical Success for Multiplatform Endpoint Security

In this presentation, Craig Mathias discusses the hottest trend in enterprise IT today: BYOD. This discussion focuses on bring your own device (BYOD) security challenges, security techniques and management strategies.
Splunk video tutorial demonstrates how to use Splunk for security

Video: Keith Barker of CBT Nuggets walks viewers through a tutorial of how to use Splunk and shows how the free version can be used for IT security.
Zenmap tutorial: Mapping networks using Zenmap profiles

Video: In this Zenmap tutorial screencast, Keith Barker of CBT Nuggets explains how to efficiently map networks graphically using Zenmap profiles.
How to use Wireshark to detect and prevent ARP spoofing

Video: Keith Barker of CBT Nuggets demonstrates how to use Wireshark, the popular open source packet analyzer, to prevent ARP spoofing attacks.
pfSense tutorial: Configure pfSense as an SMB-caliber firewall

Video: Keith Barker of CBT Nuggets provides a brief pfSense tutorial. Learn how to configure pfSense, a free yet surprisingly capable firewall.
Log management and analysis: How, when and why

In this presentation, John Burke discusses how to make the most of logs to augment an organization’s overall security posture.
DLP use cases: When to use network storage and endpoint DLP

In this video, our expert will explain how different types of DLP work, such as network and endpoint DLP, and how it secures data at rest.
Researcher lauds Windows 8 memory protections

Video: New memory-based protections in Windows 8 make heap-based buffer overflow attacks much more difficult.
Screencast: Employ the FOCA tool as a metadata extractor

Mike McLaughlin demos the FOCA tool as a metadata extractor to expose the 'hidden' data users often post on their own websites.
Screencast: How to use GHDB to identify security holes, Googledorks

In this screencast, Mike McLaughlin uses the Google Hacking Database (GHDB) to identify Googledorks and other security vulnerabilities.
Screencast: ShareEnum eases network enumeration, network share permissions

Mike McLaughlin displays how easy network enumeration can be with ShareEnum, including the ability to quickly secure network shares and display share permissions.
Web application threats: What you really need to know

In this special presentation, Mike Rothman details today's top Web application threats and pragmatic methods to integrate security into the Web application development process.
Black Hat 2011: Malware threats, attack vectors and data sharing

Rodrigo Branco talks about vulnerabilities, malware sophistication and whether the move to cloud-based services will change the way cybercriminals work.
IT patch management best practices: Overcoming the challenges

This presentation on vulnerability and IT patch management best practices discusses the challenges of improving testing and deployment processes.
Enterprise encryption strategy: The path to simple data encryption

This primer on enterprise encryption strategy covers use cases for various devices and data types, and offers strategies for simple data encryption.
RSA SecurID attack, social engineering threat analysis from Gartner's Neil MacDonald

In this video, Gartner Vice President Neil MacDonald discusses the SecurID attack at RSA, APT realities and the growing enterprise social engineering threat.
IE9 security, Apple security issues: Video with Gartner’s Neil MacDonald

In this video, Gartner’s Neil MacDonald discusses patch management, IE9 security, his Windows 8 security wish list and protecting Apple computers.
Using Windows 7 security features in your data protection program

Lisa Phifer discusses Windows 7 security features like AppLocker, User Access Controls, BitLocker and BitLockerToGo, Volume Shadow Copy and DirectAccess.
Identity management maturity model

Learn about identity management and its capabilities in a detailed maturity model that highlights people, process and technology.
SIEM market overview: Gartner's Mark Nicolett

Gartner VP and distinguished analyst Mark Nicolett discusses SIEM vendor consolidation, the myth that SIEM is a cost-saving effort and more.
Botnets, malware security and capturing cybercriminals: Video

Malware isn't getting more sophisticated, but cybercriminals have better tools to control their botnets and deploy more targeted attacks, says Gunter Ollmann of Damballa, Inc.
Choosing the right authentication method for your business

Learn about common authentication methods and how to choose the right multifactor and mobile device authentication solution in this video with Mark Diodati of Burton Group,
How to detect and respond to money laundering

Money laundering, by its very nature, is difficult to detect, but expert Eric Holmquist gives advice on how to spot it and how to respond.
Key elements of disaster recovery and business continuity planning

In part four of this series, Andre Gold discusses the key aspects of developing a successful business continuity and disaster recovery plan, including location, technology, crisis management and communications.
Risky Business: Understanding WiFi threats

Interested in taking your enterprise wireless, or securing the wireless network you already have? Look no further. In this first of a four-part video series, Lisa Phifer of Core Competence explains WiFi threats, including some common attacks.
PCI compliance requirement 1: Firewalls

PCI experts Diana Kelley and Ed Moyle review Requirement 1 of the Payment Card Industry Data Security Standard, which includes a mandate for stateful inspection firewalls.
PCI compliance requirement 5: Antivirus

Diana Kelley and Ed Moyle of Security Curve review PCI compliance requirement 5: "Use and regularly update antivirus software."
Balancing security and performance: Protecting layer 7 on the network

This video will explain options for securing application-layer traffic using network security technologies, architectures and processes, including Layer 7 switches, firewalls, IDS/IPS, NBAD and more.
How to perform Microsoft Baseline Security Analyzer (MBSA) scans

This month, Peter Giannoulis of TheAcademyPro.com and TheAcademyHome.com offers an overview of the free Microsoft Baseline Security Analyzer.
Security incident response 101

Even the best procedures fail to overcome the stresses in the initial throes of an incident. Security consultant Lenny Zeltser explains how to run a well coordinated response.
How to use Nmap to scan a network

Peter Giannoulis takes a look at everybody's favorite, freely available port scanner and OS identifier: Nmap.
How to defend against data-pilfering attacks

In this video from Information Security Decisions 2008, Mandiant's Kevin Mandia details data-pilfering attacks and the four ways hackers can penetrate a network.
How to manage guest user authentication when building a wireless network

Joel Snyder reviews your different access policies and how to deal with the threat of unauthenticated users.
CISSP Essentials Lesson 1: Security management practices

In this CISSP lesson, learn about security management practices.