WEBVTT

00:00.000 --> 00:01.650
>> Welcome back to the course,

00:01.650 --> 00:05.250
but now it's time
to say, we're done.

00:05.250 --> 00:06.780
After the last video,

00:06.780 --> 00:09.945
where we talked about other
sources of logs like IPS,

00:09.945 --> 00:12.630
IDS, and web
application firewall,

00:12.630 --> 00:15.509
>> in this video, we'll
do a course summary.

00:15.509 --> 00:17.805
>> This was a basic course.

00:17.805 --> 00:20.310
The main objective of this
course was to introduce

00:20.310 --> 00:22.800
you to log analysis
and since today,

00:22.800 --> 00:25.230
web applications are
present in our lives,

00:25.230 --> 00:28.110
this is a good way to
start doing log analysis.

00:28.110 --> 00:30.720
This course was built
based off of the routines

00:30.720 --> 00:33.760
of offenders and
also SOC analysts.

00:33.760 --> 00:37.675
Let's do a brief review
of the course topics.

00:37.675 --> 00:41.130
We had two modules
in our course.

00:41.130 --> 00:43.565
The first was an
introduction and review.

00:43.565 --> 00:45.365
We started with a
course introduction,

00:45.365 --> 00:47.330
followed by a web
application review,

00:47.330 --> 00:49.430
where we talked about web
application components

00:49.430 --> 00:51.445
like the web server and clients.

00:51.445 --> 00:54.440
After, we talked about a
really important component,

00:54.440 --> 00:59.690
the web server, we talked
about Apache, NGINX and IIS.

00:59.690 --> 01:01.355
Also, in this lesson,

01:01.355 --> 01:03.640
we talked about web server logs.

01:03.640 --> 01:05.450
To conclude module 1,

01:05.450 --> 01:08.330
we gave some advice on how
to perform a good analysis,

01:08.330 --> 01:09.560
and we also touched on

01:09.560 --> 01:12.290
some log analysis
mistakes or errors.

01:12.290 --> 01:15.810
Module 2 was the module
for log analysis.

01:15.810 --> 01:18.080
The first topic of Module 2 was

01:18.080 --> 01:19.879
>> web application attacks.

01:19.879 --> 01:22.070
>> We discussed
vulnerability attacks and

01:22.070 --> 01:24.290
the OWASP Top 10 project.

01:24.290 --> 01:25.910
In this course, we use

01:25.910 --> 01:29.450
the 2017 version of the
OWASP Top 10 project.

01:29.450 --> 01:31.340
An important thing here is,

01:31.340 --> 01:34.355
even if the OWASP Top 10
launched a new version,

01:34.355 --> 01:37.160
the information about these
attacks won't change.

01:37.160 --> 01:39.710
Some vulnerabilities and
attacks have become less

01:39.710 --> 01:41.630
popular and maybe the new type

01:41.630 --> 01:43.465
of attacks can be found more.

01:43.465 --> 01:44.990
But that's why it's important to

01:44.990 --> 01:47.065
understand web server logs.

01:47.065 --> 01:48.980
After this introduction, we

01:48.980 --> 01:50.989
started talking
about the attacks.

01:50.989 --> 01:53.870
Vulnerability scans,
Brute Force attacks,

01:53.870 --> 01:54.964
>> SQL injection,

01:54.964 --> 01:57.230
>> file inclusion,
cross-site scripting

01:57.230 --> 01:59.360
and cross-site request forgery.

01:59.360 --> 02:01.100
For each of these
attacks, we gave

02:01.100 --> 02:02.840
some directions on
how to identify them.

02:02.840 --> 02:05.645
For example, the user
agent can help a lot,

02:05.645 --> 02:09.830
but don't forget that HTTP
requests can be crafted.

02:09.830 --> 02:12.740
Remember to understand
what the log means,

02:12.740 --> 02:14.900
what the log wants
to say to you.

02:14.900 --> 02:18.625
Remember the questions
who, what, and when.

02:18.625 --> 02:20.880
Look for key
components of the log,

02:20.880 --> 02:23.150
like the IP address and don't

02:23.150 --> 02:25.760
worry if you don't understand
all the log fields.

02:25.760 --> 02:28.875
Log analysis skills
improve with practice.

02:28.875 --> 02:32.545
The more log analysis you
do, the better you'll be.

02:32.545 --> 02:35.315
After all of these
attacks and log analysis,

02:35.315 --> 02:38.195
we talked about TCP
and HTTP flood,

02:38.195 --> 02:40.660
and we discussed how
to identify them.

02:40.660 --> 02:42.890
To finish the course,
we talked about

02:42.890 --> 02:45.830
two really important tools
that help SOC analysts,

02:45.830 --> 02:49.405
IPS/ IDS, and WAF.

02:49.405 --> 02:52.380
To conclude, some final words.

02:52.380 --> 02:54.605
Many helped the course architect

02:54.605 --> 02:56.390
Igor Vieira during this course.

02:56.390 --> 02:57.485
But he would like to mention

02:57.485 --> 02:59.120
three teaching assistants that

02:59.120 --> 03:00.665
helped him with this class.

03:00.665 --> 03:04.150
Thank you, he really
appreciate the help.

03:04.150 --> 03:07.425
A final thanks to all
the Cybrary staff,

03:07.425 --> 03:10.320
and now, thank you for
watching this course.

03:10.320 --> 03:11.690
Igor Vieira really enjoyed

03:11.690 --> 03:13.985
the time spent
creating this course.

03:13.985 --> 03:16.160
We hope you really
enjoyed this course,

03:16.160 --> 03:17.840
and we hope it improved
your knowledge

03:17.840 --> 03:19.835
and motivated you to
continue learning.

03:19.835 --> 03:21.680
To continue learning, please

03:21.680 --> 03:23.270
check out the Cybrary catalog.

03:23.270 --> 03:25.490
There are many great courses.

03:25.490 --> 03:28.115
If you have any
questions or doubts,

03:28.115 --> 03:31.130
please contact the course
architect, Igor Vieira.

03:31.130 --> 03:35.070
Thank you, and we'll see
you in the next course.