Course Name: Advanced Diploma on Information Security

Course Duration: 1 Year

Prerequisites: Candidate should be HSC Pass & Basic Knowledge of Computer

Courses Covered:

a. Certificate in Information Security (CISE) Level 1

b. CISE Level 2 – Network Security
c. CISE Level 2 – Web Application Security
d. CISE Level 2 – Exploit Writing
e. CISE Level 2 – Cloud Security

Features:

a. 12 Months Diploma
b. 10 Certifications
c. 6 Months Industrial Training Certificate
d. 2 Projects and their Certificates
e. International Validity of the Certifications & the Diploma
f. Lifetime Cloud Subscription Inclusive
g. 100% Job Assistance

Course Module
Certified Information Security Expert Level 1 Modules:-

 Networking & Basics

 Footprinting
 Google Hacking
 Scanning
 Windows Hacking
 Linux Hacking
 Trojans & Backdoors

 Virus & Worms

 Proxy Server & Packet Filtering

 Denial of Service
 Sniffer
  Social Engineering
 Physical Security
 Steganography
 Cryptography
 Wireless Hacking
 Firewall & Honeypots
 IDS & IPS
 Vulnerability Assessment
 Penetration Testing
 Session Hijacking
 Hacking Web Servers
 SQL Injection
 Cross Site Scripting
 Exploit Writing
 Buffer Overflow
 Reverse Engineering
 Email Hacking
 Incident Handling & Response
 Bluetooth Hacking
 Mobile Phone Hacking
 Cloud Computing and Security
 IOT Hacking
 Vulnerabilities Analysis

Certified Information Security Expert WEB APP SECURITY Modules:-

 Web Architectures
 Web Application Introduction
 PHP-Basics
 Sessions & Cookies
 XSS Attacks
 Advanced SQLI
 Cross Site Request Forgery
 Session Hijacking
 Web based DDOS Attacks
 Cookie Poisoning
 PHP Injection
 Web Based Worms
 Flash based Web Attacks
 I-Frame based Web Attacks
 Clickjacking
 Attack frameworks: AttackAPI & BeEF

 Penetration testing on DVWA

 Honeytokens
 OWASP Top 10
  Metasploit and Web Application
 PHP Curl
 Automated Bots
 Phishing 2.0
 Brute forcing Web Applications
 Compliance Methodologies and Legalities
 Capture the Flag Exercise

Certified Information Security Expert NETWORK SECURITY Modules:-

 Network Topology
 Open Systems Interconnectivity Model
 TCP/IP In-depth
 WAP, NAT, DNS and ICMP
 Internet Routing
 Advanced Port Scanning
 Sniffing Attacks
 Masquerading Attacks
 Advanced DOS and DDOS
 Session Hijacking Attacks
 Network Operations Center - Security
 Network Traffic Analysis
 Network Vulnerability Assessment
 Network Penetration Testing
 Intrusion Detection System
 Snort 101
 OSSEC 102
 Intrusion Prevention System
 Firewalls (Installation, Configuration and Usage)
 OS Hardening for Networks - Linux and Windows
 Cryptography - Introduction
 Symmetric Key Encryption
 Asymmetric Key Encryption
 Hash functions
 Trust models
 VLAN - Security
 VPN - Security
 Wireless Networks - Introduction
 Radio Frequency Essentials
 Wireless Security - Basics
 Wireless Threats

 Attacking Wireless Hotspot and Security

 WEP Security
 WPA/WPA2 Security
  Secure Wireless Infrastructure Deployment
 DNS Tunneling
 Network Forensic Methodology
 Network Evidence Acquisition
 OS Logs and Splunk

Certified Information Security Expert EXPLOIT WRITING Modules:-

 Programming & Basics

 Assembly language
 Debugging
 Stack Based Buffer Overflow
 Understanding Windows Shellcode
 Fuzzers
 Heap Based Overflow
 Exploiting /GS Canary Protected Programs
 Exploiting SafeSEH Protected Programs
 Denial of Service
 Bypassing DEP & ASLR
 Advanced Shellcoding (Win32 Egghunting, Connect-back, Staged, Alphanumeric)
 Encoders & Writing Custom Encoders
 DLL Hijacking
 Client Side Exploits
 From Vulnerability to Exploit
 Metasploit Framework
 Binary payloads & Antivirus Evasion
 Exploit to Metasploit
 Capture The Flag Exercise

Certified Information Security Expert Level 2 : Cloud Security

Introduction to Cloud Computing

Cloud Computing is the latest technology that helps us in accessing the applications as
utilities as well as computing power (RAM, CPU, Network Speeds, Storage, OS, Software)
over a network via internet rather than physically having the computing resources at the
user location. In other words, Cloud computing is delivery of IT resources on the demand
of the user via the internet. The term cloud refers to a network or the internet. The term
cloud came from a network design that was used by network engineers to represent the
location of various network devices. Cloud is a something that is available on remote
location. It allows us to create, configure, and customize the applications online. The cloud
technology includes development platforms, hard disk, computing power, software
application and the database. It is most popular because of its flexibility and mobility
support. Some example of cloud storage are AWS, Azure, Google Cloud.

Features of Cloud Computing

The main features of cloud computing are as follows:

 On-demand Self-service - The service of cloud is available all the time and it
provides computing capabilities on-demand of the user automatically.
 Distributed Storage – This service allows many users to have access to data. It
means multiple user and applications work more efficiently with less cost by
sharing common infrastructure using cloud computing.
 Rapid Elasticity – It means this service is flexible and can be scaled up or down
according to the business requirements. Computing resources and programs can be
used based on the requirement and the user have to pay only for the usage.
 Measured Service – The usage metering is also available that helps to watch how
much resources are used by the user and the user only pay what they use.
  Low Cost – By using the cloud computing, the cost will be reduced because to take
the service of cloud computing, IT companies need not to set its own infrastructure
and pay as per the usage of resources.
 Maintenance – Maintenance of cloud computing application and resources is easier,
because they do not required to be installed each user’s computer and can be
accessed from different locations.
Basic Concepts
There are certain services and models working behind the scene making the cloud
computing accessible to end users. Following are the working models for cloud
computing:

 Deployment Models
 Service Models

Cloud Deployment Models

The cloud services can be deployed in different methods. This model is based on the
service model, location, user base, organizational structure. The most commonly used
deployment models are as follows:

Public Cloud

Public Cloud infrastructure is owned by a third party cloud service provider who makes
cloud services available to the general public. In Public Cloud, customers need to pay only
for the resources they use. It is a type of cloud hosting that allows the accessibility of
systems & its services to its users easily. This gives them the flexibility to increase or
decrease the resources to meet the market demand. Some of the examples of those
companies which provide public cloud facilities are IBM, Google, Amazon, Microsoft, etc.
Private Cloud

As the name suggest, it is privately owned cloud service. The private cloud allows systems
and the services to be accessible within an organization. Private cloud is operated only
within a particular organization. This model is most popular in those organizations where
user have complete control over security aspects.

Community Cloud

In this cloud all the information is shared manually among different organizations that
belong to the same community or area. Community cloud is maintained and used by a
group of organizations with shared concern.

Hybrid Cloud

Hybrid cloud is a blend of private and public models. In this model all the critical activities
that are sensitive such as organization data handling performed by the private cloud and
non-critical activities such as development and test workloads are performed by the
public cloud.

Cloud Computing Services

Cloud computing is based on three basic service modules which are as follows –

 Infrastructure-as-a-Service (IaaS) – IaaS is one of the basic service model of cloud

computing which provides access to computing resources in a virtualized
environment on the cloud via the internet. In other words, it is a way of providing
 the cloud computing infrastructure like virtual machines, storage devices, servers,
operating systems and the networks. Some most popular examples are Amazon EC2,
Microsoft Azure, Google Compute Engine (GCE) etc.
 Platform-as-a-Service (PaaS) – In PaaS service, all the users are provided a
platform to develop as well as run their applications. PaaS provides computational
resources through a platform on which all the applications and services are
developed and hosted. Users are free to develop applications and can deliver it to
the other users through servers and internet. All the users can develop, test, run and
manage the applications on it. Some examples of PaaS are Google App Engine, Intel
Mash Maker etc.
 Software-as-a-Service (SaaS) – It is the most widely used and most popular service
of cloud computing. It is also known as “on demand software” or “pay-as-you-go
application”.It is a software distribution model in which all applications are hosted
by a cloud service provider and made available to the customers via internet. All the
associated data and software are centrally hosted on a cloud server and is accessed
by the users using a web browser.
Cloud Computing Benefits
There are lots of advantages of cloud computing in which some most important are as
follows:

 Unlimited Storage Facility –The cloud offers unlimited data storage and
processing power. It can offers you a huge amount of storage capacity or more than
that if required.
 Backup and Recovery – Cloud computing provides an easier and less resource
intensive method to protect your data because they distribute backups between
data centers in different countries to ensure reliable access all at the time.
 Enhanced Security – Cloud computing provides more security than local servers
and the user need not to worry about losing sensitive data and useful applications
due to the natural disaster or computer meltdown.
 High Speed – Cloud computing reduces the time and cost of IT resources. It helps
you to deploy the service quickly in fewer clicks. This fast deployment lets you get
the resources required for your system within fewer minutes.
 Low Cost – Cloud computing reduces the software cost because you don’t need to
purchase and install separate software packages for each computer in any
organization.
Virtualization
Virtualization refers to creation of virtual version of something such as a desktop, storage
device, an operating system, networking resources and server. It is a process of deploying
multiple machines virtually on a host. The main goal of virtualization is to manage
workloads to make it more scalable. Virtualization can be applied to a wide range such as
operating system virtualization, hardware-level virtualization and server virtualization.
Virtualization technology is hardware reducing, cost saving and energy saving technology
that is rapidly transforming the fundamental way of computing.

Benefits of Virtualization in Cloud Computing

 Enables running multiple operating system.
 Pay per use of the IT infrastructure on demand.
 High availability and disaster recovery.
 Remote access and rapid scalability.
 It lowers the cost of IT infrastructure.
 More flexible and efficient allocation of resources.
 Enhance development productivity.
Cloud Computing Threats or Risks
 Data Loss – Data loss may occur when a disk drive dies without its owner having
created a backup. It occurs when the owner of encrypted data losses the key that
unlocks it.
 Data Breach –Data breach happens when a virtual machine is able to access the
data from another virtual machine on the same physical host.
  Service Hijacking – If attacker figure out user credentials, they could easily gain
access to the corresponding cloud account or hijack it and late attacker can
manipulate data or delete data.
 Insecure APIs – Now a days various cloud services on the internet are exposed by
various programming interfaces and APIs are easily accessible from anywhere on
the internet.
Cloud Computing Attacks
 Denial of Service Attacks – Dos attacks are used to overload a system and make
services unavailable to its users. These attacks are very dangerous for cloud
computing systems because many users may suffer as the result of flooding on
server. Due to this attack, the cloud system slows down and the legitimate users lose
any availability to access their cloud services.
 Side Channel Attacks – A side channel attack is arranged by the hackers when they
place a malicious virtual machine on the same host as the target virtual machine. In
a side channel attack hackers target system implementations using cryptographic
algorithms.
 Session Hijacking using XSS Attacks –By the Cross-Site Scripting (XSS), the
attacker can steal all the cookies by injecting the malicious code into the website or
the user’s browser.
 Wrapping Attacks – A wrapping attack is a kind of man-in-the-middle attack in the
cloud environment. Cloud computing is vulnerable to wrapping attacks because
cloud users usually use the web browser to connect to the cloud computing services.
 Cloud Malware Injection Attack – In this type of attack, the attacker tries to inject
an implementation of malicious service into the cloud. If the attacker is success, then
the cloud will suffer from eavesdropping. The main purpose of this attack is data
modification, functionality change or blocking of services.
 Domain Name System (DNS) Attacks – An attacker can also perform DNS attacks
to the cloud computing. DNS attacks include DNS poisoning, Domain Hijacking etc.
An attacker can spoof the DNS server by poisoning to steal the credentials or
sensitive information of internal users. An attacker can steal cloud service domain
name by phishing scams, or redirecting them to a fake website.

Cloud Security
Cloud Security is a group of policies, technologies and controls adapted to protect data,
applications and the infrastructure of cloud computing. We can say that it is a subdomain
of computer security, network security etc. Cloud computing is increasing day by day and
it has been adapted by most of the companies. Cloud Security is a major concern now a
days. All the data that is stored on the cloud should be in encrypted form. Proxy and
Brokerage services should be adapted to restrict the client from accessing the shared data
directly. Encryption helps to protect transferred data as well as stored data in the cloud.
Encryption also restricts the unauthorized access of the data but it doesn’t prevent the
loss of the data.

Cloud Security Controls

Cloud security architecture is effective only if the correct defensive methods are in right
place. A good cloud security architecture should recognize the issues that will arise with
security management. The security management addresses these issues with security
controls. These controls are put in place to safeguard any weaknesses in the system and
reduce the effect of an attack. Some of Cloud Security controls are as follows:
 Deterrent Controls - These controls are intended to reduce attacks on a cloud
system. Much like a warning sign on a fence or a property, deterrent controls
typically reduce the threat level by informing potential attackers that there will be
adverse consequences for them if they proceed.
 Preventive Controls - Preventive controls makes the system powerful against
incidents by reducing or eliminating vulnerabilities. Strong authentication of cloud
users makes it less likely that unauthorized users can access cloud systems.
 Detective Controls - Detective controls are intended to detect and react
appropriately to any incidents that occur. In the event of an attack, a detective
control will signal the preventative controls to address the issue. System and
network security monitoring, including intrusion detection and prevention methods
that are implemented to detect attacks on cloud systems.
 Corrective Controls -Corrective controls reduce the chances of an incidentby
limiting the damage. They come into effect during or after an incident. Restoring
 system backups in order to rebuild a compromised system is an example of a
corrective control.

Responsibilities in Cloud Security

The Cloud represents a shared security responsibility model whereby that

responsibility is split between the Cloud Service Provider and the Client.

Cloud Service Provider

Responsibilities of a Cloud Service Provider are as follows:

 Cloud Service Provider’s should be able to employ the customer’s perspectives on

how to consider and mitigate risks and then implement controls.
 The service provider should implement their own internal controls on how risks can
be managed.
 Cloud Service Provider should be able to provide documentation of their security
features and form a set of responsibilities that list varieties of risks and their
solutions.
 Cloud Service Provider should also provide documentation on how customers can
use their security feature.
 Cloud Service Provider should secure the data center where they host their IT
resources for the cloud.
 Cloud Service Provider should ensure that their infrastructure and the services
comply with protection laws such as data protection laws.
Cloud Customer

Responsibilities of a Cloud Customer or User are as follows:

 Cloud Customer must define their cloud security requirements before selecting a
Cloud Service Provider.
 Cloud Customer should be able to harmonize their cloud and traditional IT
delivery resources.
 Cloud Customer establish contractual clarity on the roles and responsibilities of
each party.
 Cloud Customer should develop a responsibility matrix that defines the security
roles and responsibilities for each vendor such as Cloud Service Provider.
Cloud Security Tools
 Skyhigh Networks – Skyhigh Networks discovers, analyzes and secures your use of
cloud applications. It uses logs from your existing firewalls, proxies and gateways to
 quickly discover what discover what cloud apps your employees are using. It
provides you with a customizable risk assessment of all the cloud apps that are
currently being used.This tool helps to detect potential data leaks.
 Netskope – It is a service that discovers and monitors cloud apps on network. It
monitors users, sessions, shared and downloaded content as well as the shared
content details and provides detailed analytics based on this information.

Okta – This tool is different from all other tools. Okta’s goal is to provide secure Single
Sign-On (SSo) for all the cloud, on- premise and mobile applications used in your business.
Okta is pre-integreted with common business applications from Google, Microsoft etc.