Modern computer systems are almost universally connected, which creates wider attack surfaces well beyond code to users, hardware, and more. Securing systems is thus a fundamental skill for modern software engineers.

This course is a comprehensive introduction to cyber security best practices. You’ll start with an overview of common threats and vulnerabilities, as well as high-level concepts like privilege, integrity, logging, and mediation. With these concepts in mind, you’ll then learn common protection mechanisms and defense strategies from endpoint protection to firewalls, gateways, and proxy servers. Next, you’ll learn monitoring and detection techniques, alerts, and event management. Finally, when you detect a threat, you’ll know how to respond with support tickets, data preservation, and change management.

By the end of this course, you’ll have a better understanding of modern cyber security practices and a clear roadmap to implementing these as a developer.

Cyber Security Best Practices for Developers

## Overview

An **indicator of compromise (IOC)** is a piece of information that can be used to help identify the following threats:


- Malware 

- An attack  

- Other potentially malicious activity

IOCs (once obtained from a reputable source) can be added to a continuous monitoring solution like an SIEM. If there are any matches of IOCs against actual events observed on endpoints or the network, an alert can be generated.

## Caution when relying on IOCs

Not all IOCs are created equal. Therefore, some caution needs to be followed when using IOCs from intel feeds. For example, harmless IP addresses and domains can occasionally get swept up in the information collected from a previous security event. Suppose a security incident involved a Google IP address because the attack started when someone searched for something on Google. The search results included a link to malware because of a search engine optimization (SEO) attack. If all IOCs were automatically added to a monitoring solution without prior review, legitimate sites like Google could start triggering alerts, quickly overwhelming the security staff with false positives. Therefore, take all IOCs with a grain of salt, and subject them to a quality control check before use.




# Overview

An **indicator of compromise (IOC)** is a piece of information that can be used to help identify the following threats:


- Malware 

- An attack  

- Other potentially malicious activity

IOCs (once obtained from a reputable source) can be added to a continuous monitoring solution like an SIEM. If there are any matches of IOCs against actual events observed on endpoints or the network, an alert can be generated.

# Caution when relying on IOCs

Not all IOCs are created equal. Therefore, some caution needs to be followed when using IOCs from intel feeds. For example, harmless IP addresses and domains can occasionally get swept up in the information collected from a previous security event. Suppose a security incident involved a Google IP address because the attack started when someone searched for something on Google. The search results included a link to malware because of a search engine optimization (SEO) attack. If all IOCs were automatically added to a monitoring solution without prior review, legitimate sites like Google could start triggering alerts, quickly overwhelming the security staff with false positives. Therefore, take all IOCs with a grain of salt, and subject them to a quality control check before use.




Learn how to use the information from indicators of compromise (IOC) to identify security threats.

Introduction

Basics of Security

Detect

Protect

Respond

Conclusion

Indicators of Compromise

Overview

Caution when relying on IOCs