In this course, students will learn about web application infrastructure, web servers, and the logs generated by these components. By simulating 10 attack scenarios, we will be able to identify the attacks by looking at the log files generated by the server.
The top three web attacks described in an Akamai report from 2018 are SQLi (SQL Injection), LFI (Local File Injection) and XSS (Cross-Site Scripting). (https://blogs.akamai.com/2018/06/summer-soti—web-attacks.html)
Web attacks come in many forms. As part of this Identifying Web Attacks Through Logs course, we will review these attacks and teach you how to identify them using web application logs. This will require that the student learn how to read a log and how to extract some of the key information from it.
Using these log examples, we will eventually gain a better understanding of how the attack works. In order to find the information more quickly, we will also use some scripts.
In the next step, students will analyze the log files from the web attacks to learn about DDOS (Distributed Denial of Service) and other types of flooding that can cause the web application to fail. Students should learn how to read a web application log that originated from the web server, and they should recognize some of the most common web attacks.
- Basic Computer Network knowledge
- OSI and TCP/IP Model
- Basic knowledge in common application and technology
By the end of this Identifying Web Attacks Through Logs course, students should be able to:
- Identify key information on web server logs
- Identify malicious actions by analyzing logs
- Identify web attacks after analyzing logs
During the Log Analysis Identifying Web Attacks Through Logs course, students will examine different log files related to the Windows operating system in a lab setting. The learning experience includes configuring systems to log events and analyzing system events.
What is Log Analysis?
Computers, networks, and other IT systems create a record of system activity. These activities are shown in a document known as an audit trail log or record. Analyzing log files can help organizations minimize certain risks and stay compliant with regulations by reviewing and evaluating the records of system activity.
How Does Log Analysis Work?
An operating system, network device, application, smart device, and other software usually create logs. These messages are arranged chronologically in files, a disk, or an application and then stored. It is possible to analyze log information to detect patterns and anomalies, such as network intrusions, once the data is collected. By analyzing log data, we can identify the root causes of anomalies and other unstructured data.
It is important to regularly analyze log files to reduce and avoid various risks within the enterprise. What happened, the factors that determined the cause, and the impact of what happened are all documented through the analysis. IT professionals can then develop countermeasures and minimize risks using these tools.
Why is Log Analysis Important?
There are many reasons that log analysis is important. It can serve various different purposes including:
- Maintaining compliance with internal cybersecurity policies and external regulations and audits
- To understand and mitigate data breaches and other types of security incidents
- To understand user behavior
- To conduct forensics for investigations
- To troubleshoot computers, systems, or networks
Some types of organizations are required to conduct log analyses in order to be certified as compliant with certain regulations. Nonetheless, log analysis has strong implications for all types of organizations since it is useful for diagnosing problems, resolving issues, or managing infrastructures and applications.
What is Involved in This Log Analysis Training Course?
During this log analysis training, students will acquaint themselves with the basics of log analysis. During the workshop, they will learn about the tools needed to trace network intrusions. Students will participate in lab activities that involve processing logs with the Windows operating system and applying analytical skills to configure systems to log events as well as analyze events logged by the systems.
In this Identifying Web Attacks Through Logs course, you will learn log analysis methodology, how to evaluate and analyze log files, how to extract information from log files, and how to arrange log files.
A Certificate of Completion will be awarded to students upon completion of the Identifying Web Attacks Through Logs course.
We offer a Log Analysis training Identifying Web Attacks Through Logs course including lab activities if you want to learn more about log analysis. Getting started is as simple as clicking on the Register button at the top right corner of this page.