Ethical hacking allows organizations to objectively analyze their current security posture. Nowadays, the role of an ethical hacker is gaining prominence. An ethical hacker intentionally penetrates the security infrastructure to identify and fix security loopholes. It provides an insight into cyber kill chain methodology, hacking concepts, and hacker classes.

Recent trends in cyber security breaches illustrate that no system or network is immune to attacks. It is important to understand the difference between a security threat and a vulnerability. Security threats are incidents that negatively impact the organization’s IT infrastructure, whereas vulnerabilities are security gapsor flaws in a system or network that make threats possible, tempting hackers to exploit them. This module provides an insight into cyber security threats and vulnerability assessment.

Weak password selection has been the most common security weakness faced by organizations and individuals in recent times. Attackers use many sophisticated techniques and tools to crack passwords and gain access to critical systems and networks. This module provides an in-depth understanding of password cracking techniques and the corresponding defensive measures that can help individuals and organizations create strong password policies and protect personal or corporate information.

This module provides an overview of social engineering. Although it focuses on fallacies and advocates effective countermeasures, the possible methods of extracting information from another human being rely on attackers’ ingenuity. The features of these techniques make them an art, but the psychological nature of some of them makes them a science. The bottom line is that there is no ready defense against social engineering; only constant vigilance can circumvent the social engineering techniques used by attackers. This module provides an insight into human-based, computer-based, and mobile-based social engineering techniques.

Attackers use various attack strategies to compromise the security of a network, potentially causing disruption, damage, and loss to organizations and individuals. Therefore, it is important for security professionals to have an understanding of these attack strategies because such an understanding is essential for protecting the network from various attacks. It provides insight into various network-level attacks, such as sniffing, DoS attacks, session hijacking, etc. This module also familiarizes students with various network security countermeasures.

Web applications are becoming increasingly vulnerable to sophisticated threats and attack vectors. This module familiarizes students with web-server attacks and countermeasures. It discusses the web-application architecture and vulnerability stack. This module also familiarizes students with various web-application threats, attacks, and countermeasures. In addition, it discusses different types of structured query language (SQL) injection attacks and countermeasures.

Wireless networks are cheaper and easier to maintain than wired networks. An attacker can easily compromise a wireless network without proper security measures or an appropriate network configuration. Because high-security mechanisms for wireless networks may be expensive. This module describes wireless networks, wireless network standards, wireless encryption algorithms, wireless-network attack techniques, and countermeasures to protect wireless networks.

Believing that surfing the Internet on mobile devices is safe, many users fail to enable their existing security software. The popularity of smartphones and their moderately strong security mechanisms have made them attractive targets for attackers. This module explains the potential threats to mobile platforms and provides guidelines for using mobile devices securely.

The Internet of Things (IoT) has evolved from the convergence of wireless technology, microelectromechanical systems, micro-services, and the Internet. IoT has introduced a range of new technologies with associated capabilities into our daily lives. The main objective of this module is to explain the potential threats to IoT and OT platforms and to provide guidelines for securing IoT devices and OT infrastructure from evolving threats and attacks.

Cloud computing is an emerging technology that delivers computing services, such as online business applications, online data storage, and webmail over the Internet. Cloud implementation enables a distributed workforce, reduces organization expenses, provides data security, etc. This module provides insight into cloud computing concepts, container technology, cloud computing threats, and cloud computing security to meet the security requirements.

With the drastic increase in cyberattacks, it is important for organizations to conduct regular penetration tests to reveal hidden vulnerabilities and weaknesses in their IT infrastructure and to ensure the effectiveness of current cybersecurity controls. Penetration testing helps organizations in developing and implementing proactive security measures beforehand and in thwarting evolving threats. This module discusses the importance of penetration testing in an organization and explains the crucial role that a tester plays in identifying vulnerabilities.