Some Important Questions.
Are you curious on how an attack pattern looks when a web application is under a malicious attack?
Are you interested in knowing the basics of attack detection and what tools and techniques are used when we want to detect an attack on a web application or an authentication service like SSH or FTP?
Do you want to develop a basic skillset on reading and deciphering the interesting information in logs & add value to your existing skills?
You could be an application developer, a network administrator, a security professional who would like to gain the skills to detect and pinpoint attacks by malicious actors and protect your web applications.
About the course
This course is designed with a sole purpose to educate learners about the immense value the web server and authentication logs or logs in general store and how the information in these logs can be helpful to detect any ongoing attack that your webserver or authentication service might be under. Or an attack that already have taken place.
This course explains the basics of web servers and how the logging is done on the web servers default logging locations. We also explain about the structure of logs & default logging locations for the widely used web servers - Apache, Nginx & Microsoft IIS. Authentication servers like SSH & FTP as these too often come under bruteforce attack.
Course teaching methodology
We focus on both theoretical & practical aspects of log analysis. So we work in both the ways - as an attacker who would try to attack the application / SSH / FTP services & a defender, who will analyse the logs using multiple tools and visualise how the logs of an application under attack can look like.
We setup a test environment with a victim machine and an attacker machine and generate both normal and malicious traffic and then use the generated logs to investigate the common attack pattern and learn the typicality of an attack and educate ourselves on how the attacks look in the logs and appreciate how logs store valuable information which is often overlooked.
This will ensure that learners will get hands-on experience on the concept of log analysis and utilise this basic skillset in their day-to-day security or administrative tasks & activities.
We also discuss about the best practices from multiple standard sources that can be implemented to ensure that the logging is done at an optimum level and stay vigilant.
By the end of the course, you will gain a foundational understanding on:
Grasp the basics of logging concepts, its importance and standard log formats & log storage location for web servers like Apache, Nginx & Microsoft IIS. Authentication services like SSH & FTP.
Identify the Malicious traffic that gets logged and ascertain if the application / service is under active attack or has been attacked and learn about the potential point of attack.
Gain a broad insight on best logging practices as per the OWASP guidelines and develop an understanding on ways in which you can implement a robust logging for your IT assets.
Gain an overall thought process for analysing any of the logs of system and troubleshoot and pinpoint an issue.