The lecturing team consists of a team of staff that combine both academic qualifications with substantial practical experience, and this practical perspective is reflected in the delivery of the course. The diploma is broken into 4 areas: secure web, secure communications, secure systems and secure software. Some of the key subject areas are the following:
Websites are a vital part of business in today’s world. They are also a major threat factor when securing your business. As part of this topic, we will look at the various threats that exist including session hijacking, secure authentication using JSON Web Tokens (JWT), HTTPS over HTTP and SQL Injection attacks.
A company’s website and email server are not the only entry point to their systems. It is not uncommon for companies to leave open ports, either intentionally when using third party services or unintentionally when installing or configuring new software. Penetration Testing is the practice of testing a computer system, network or web application to find security vulnerabilities that an attacker could exploit. Here will examine all of steps involved in the process: Planning and reconnaissance, Scanning, Gaining, Access, Maintaining access and Analysis.
In addition, we will simulate how MAC Flooding with ARP Spoofing attack works and how to protect against it.
A company email format is rarely secret. Their domain addresses are normally listed on their website. This leads various attempts to access systems using email phishing techniques. We will look at how email phishing works and how to protect against it.
This section will also look asymmetric (public-key) cryptography and how it can be used in secure communications.
Many businesses today rely on custom built software that will be installed internally on their systems. Using third party software to scan for potential threats is one part of the process, but here we dig a little deeper to look at some common software vulnerabilities including: buffer overflow, heap overflow and stack overflow.