๐๏ธ Concepts
Information security fundamentals: CIA pillars (Confidentiality, Integrity, Availability), authenticity, traceability and other essential concepts for data protection.
๐๏ธ Software
Software and security: software development, agile methodologies, architectures (mainframe, client-server, microservices), programming languages and legacy software.
๐๏ธ SDLC
Software development lifecycle: agile methodologies, security frameworks (NIST, ISO, OWASP SAMM), development phases and best practices.
๐๏ธ OWASP
OWASP (Open Worldwide Application Security Project): projects, tools and methodologies for application security. Top 10, SAMM, ZAP and other fundamental resources.
๐๏ธ SAST
Static security analysis in source code: tools, DevSecOps implementation, integration with SonarQube and Semgrep for early vulnerability detection
๐๏ธ DAST
Dynamic security testing: black-box approach to detect runtime vulnerabilities with OWASP ZAP, Invicti, Acunetix and Burp Suite
๐๏ธ SCA
Software composition analysis: dependency management, CVE vulnerabilities, open source licenses, SBOM and tools like Snyk, Trivy and OWASP Dependency-Check
๐๏ธ SOAR
Security orchestration and automation: SOAR vs SIEM, SOC operations, automated playbooks, Palo Alto XSOAR, Splunk Phantom, Tines and integrations
๐๏ธ SIEM
Security information and event management: SIEM vs SOAR, Splunk, Microsoft Sentinel, IBM QRadar, ELK Stack, Wazuh, and SOC integrations
๐๏ธ EDR
Endpoint detection and response: EDR vs XDR vs NDR vs EPP, CrowdStrike Falcon, SentinelOne, Microsoft Defender, behavioral analysis, and automated response
๐๏ธ IDS|IPS
Intrusion detection and prevention systems: HIDS/HIPS vs NIDS/NIPS, Snort, Suricata, OSSEC, Wazuh, integration with EDR and firewalls
๐๏ธ DLP
Data loss and leak prevention: DLP endpoint, network, cloud, email, machine learning, Microsoft Purview, Symantec, Forcepoint, and GDPR compliance
๐๏ธ PCI-DSS
PCI DSS standard for card data security: compliance, QSA auditing, ASV scanning, 12 requirements, ROC vs SAQ, merchants and acquirers
๐๏ธ Common Criteria
ISO/IEC 15408 Common Criteria: IT product security certification, EAL levels, Target of Evaluation, Protection Profile, accredited laboratories