Cyber Security Intermediate Training

 Fundamentals of Human-Computer Interaction: users, usability, tasks, and cognitive models
 Grading and Logistics
 What is Human Computer Interaction?
 Chunking Information
 Mental Models
 Design: design methodology, prototyping, cybersecurity case study
 Intro to Design
 Design Methodologies
 Evaluation: usability studies, A/B testing, quantitative and qualitative evaluation, cybersecurity
 Strategies for Secure Interaction Design: authority, guidelines for interface design
 Intro to Usable Security Guidelines
 Authority Guidelines
 Authorization and Communication Guidelines
 Interface Guidelines for Usable Security
 Usable Authentication: authentication mechanisms, biometrics, two-factor authentication
 Usable Authentication and Passwords
 Two-Factor Authentication
 Biometric Authentication
 Gesture-based Authentication
 Usable Privacy: privacy settings, personal data sharing, data inference

 What is software security?
 Low-level security: Attacks and exploits
 Memory Layout
 Buffer Overflow
 Code Injection
 Other Memory Exploits
 Format String Vulnerabilities

 Defenses against Low-Level Attacks: Introduction
 Memory Safety, Type Safety
 Avoiding Exploitation
 Return Oriented Programming – ROP
 Control Flow Integrity
 Secure Coding
 Web security: Attacks and defenses
 SQL Injection, Countermeasures
 Web-based State Using Hidden Fields and Cookies
 Session Hijacking

 Cross-site Scripting
 Designing and Building Secure Software
 Threat Modelling or Architectural Risk Analysis
 Security Requirements
 Avoiding Flaws with Principles
 Design Category: Favor Simplicity
 Design Category: Trust with Reluctance
 Design Category: Defence in Depth, Monitoring/Traceability
 Top Design Flaws
 Static Program Analysis
 Flow Analysis, Adding Sensitivity
 Context Sensitive Analysis
 Flow Analysis: Scaling it up to a Complete Language and Problem Set
 Challenges and Variations
 Introducing Symbolic Execution
 Symbolic Execution: A Little History
 Basic Symbolic Execution
 Symbolic Execution as Search, and the Rise of Solvers
 Symbolic Execution Systems
 Penetration Testing: Introduction
 Pen Testing

 Distinguish threat data or behavior to determine the impact of an incident
 Prepare a toolkit and use appropriate forensics tools during an investigation
 Explain the importance of communication during the incident response process
 Analyze common symptoms to select the best course of action to support incident response
 Summarize the incident recovery and post-incident response process

 Explain the relationship between frameworks, common policies, controls, and procedures
 Use data to recommend remediation of security issues related to identity and access
management

 review security architecture and make recommendations to implement compensating controls
 Use application security best practices while participating in the Software Development Life
Cycle (SDLC)
 Compare and contrast the general purpose and reasons for using various cybersecurity tools and
technologies (SDLC)