Overview What You Will Learn Curriculum Instructor

Course Overview

In this comprehensive course on Applied Attack Surface Analysis and Reduction, we delve into the strategic significance of performing an organization’s potential attack surfaces and how to reduce threats and vulnerabilities on it strategically. This course aims to equip professionals from risk management, threat intelligence, vulnerability management, red and blue teams, security engineers, and more with an in-depth understanding of attack surface analysis and reduction methodologies and techniques.

To start off the course, we will introduce the idea of an attack surface and delve deep into the field of attack surface analysis. An important aspect of this analysis is understanding how it provides a comprehensive and strategic perspective on an organization’s overall attack surface.

As we progress, we learn how to determine an organization’s attack surface and establish or utilize metrics to measure the extent of the attack surface, employing methodologies like the layered-defense model, crown jewel first, and PPT (People, Process, Technology). The focus will be on uncovering weaknesses and threats within both digital and physical attack surfaces through practical demonstrations.

In this course, you will gain a detailed understanding of how to effectively apply various methodologies and techniques in various business sectors such as retail, banking, and logistics as an example. With this, you will be able to confidently and accurately analyze your own business, identifying potential vulnerabilities in the attack surface.

In the later part of the course, we will explore different techniques for prioritising risks. We will also address the dynamic nature of the attack surface and learn how to adjust to its changes. Additionally, we will be introduced to strategies that help reduce the attack surface, including the implementation of strong mitigating controls, the principles of Zero Trust, and methods for simplifying and eliminating complexities.

At the end of the course, we will go through various attack surface analysis tools that are free and open-source as a part of the examples. Additionally, we offer a roadmap for those who wish to pursue further education by exploring EC-Council's Certified Chief Information Security Officer (CCISO) Program. By finishing this course, participants will possess the skills to perform comprehensive attack surface analyses and implement strong measures to reduce an organization’s attack surface. This will ultimately enhance the organization’s cybersecurity posture.

What You Will Learn

  • Get a full grasp of attack surfaces
  • including what they're made of and how to strategically analyze them in detail.
  • Learn methodologies and techniques being used in different sectors and effectively manage your organization’s attack surface.
  • Learn how to spot risks and threats in both digital and physical attack surfaces and know how to prioritize risks efficiently and strategically.
  • Familiarize with important techniques like Zero Trust
  • strong mitigating controls
  • and complexity reduction to reduce the chances of an attack on your organization.
  • Gain hands-on experience with free and open-source attack surface analysis tools
  • enabling effective assessment
  • risk management
  • and surface reduction

Program Curriculum

  • What is Attack Surface?
  • Understanding Attack Surface Analysis & Reduction
  • Necessity of Attack Surface Management
  • The Significance of Effective Attack Surface Management
  • ASM Process Workflow Illustrated
  • Differentiating ASM from Other Cybersecurity Strategies
  • Attack Surface Management Use Cases
  • $7 Million Cybersecurity Scholarship by EC-Council
  • Chapter 1 Quiz

  • Distinguishing Among Threats, Risks, Fraud, and Vulnerabilities
  • Understanding Layered Defense Model
  • Understanding People, Processes, Technology, and Physical Elements in Cybersecurity
  • Chapter 2 Quiz

  • Navigating the Various Approaches to Attack Surface Analysis Process
  • Strategy 1: Analyzing Attack Surface by People, Process, Technology, & Physical Elements
  • Strategy 2: Utilizing Threat Modelling for Attack Surface Analysis
  • Strategy 3: Using Layered Defense Model for Analyzing Attack Surface
  • Strategy 4: Attack Surface Analysis by Prioritizing Business-Critical Applications
  • Strategy 5: Utilizing Threat-Intelligence for Attack Surface Analysis
  • Strategy 6: Attack Surface Analysis Led by Vulnerability Management
  • Strategy 7: Reducing Attack Surface by Asset Types
  • Summarizing Various Techniques
  • Chapter 3 Quiz

  • External vs. Internal Attack Surface
  • Understanding External Assets for ASM
  • Attack Surface Analysis Methodology
  • Demo 2 – ASN Information
  • Demo 3 – Domain & Subdomain Information
  • Demo 4 - List of Tools – Domain & Subdomain Enumeration
  • Port Scan Methodology
  • Demo 5 – Port Scan & Web Identification Methodology
  • Demo 6 – Identifying Vulnerabilities
  • Complete ASM Methodology
  • How to Effectively Perform External Attack Surface Management?
  • Chapter 4 Quiz

  • Overview of the Attack Surface Reduction Techniques
  • Minimalistic Design and Deployment
  • Regular Software Updates and Patch Management
  • Principle of Least Privilege (PoLP)
  • Network Segmentation and Micro–segmentation
  • Remove Unnecessary User Accounts
  • Application Whitelisting
  • Access Control List & Role-Based Access Control
  • Enable MFA/2FA Everywhere
  • VPN and Tunneling
  • OS & Configuration Hardening
  • Zero-Trust Model
  • DNS Security
  • Vulnerability Assessment and Penetration Testing (VAPT)
  • Chapter 5 Quiz

  • Importance of Continuous Attack Surface Management
  • Factors Contributing to Continuous Expansion of Attack Surface
  • Need of a Commercial ASM Solution
  • Main Features of Commercial ASM Solutions
  • Chapter 6 Quiz

  • Difference Between ASM and Other Reporting
  • Attack Surface Management Reporting Checklist
  • Chapter 7 Quiz

  • Criteria for Evaluating ASM Products in the Market
  • Chapter 8 Quiz
Load more modules

Instructor

Chintan Gurjar

Chintan Gurjar is a highly experienced cybersecurity expert with over 12 years of dynamic experience. Chintan specializes in various areas, including vulnerability management, threat intelligence, penetration testing, and attack surface management. He has worked with a diverse range of clients, from agile consulting firms to large-scale retail organizations on a global level. Chintan possesses a wealth of core competencies, including Risk-Based Vulnerability Management, Penetration Testing & Red Teaming, Attack Surface Management, Threat Intelligence, and proficiency in Security Operation Center & SIEM. He has held esteemed roles such as Global Senior Vulnerability Management Analyst at TikTok, Security Engineering Manager at Tesco, and Cybersecurity Manager at KPMG. Chintan's academic credentials are equally impressive, with an MSc in Computer Security & Forensics from the University of Bedfordshire and a B. Tech in Computer Engineering from Gandhinagar Institute of Technology. He also carries numerous industry certifications, including OSCP, CEH, CTIA, CCFH, CCFA, and SANS MGT516. Apart from being an expert in his field, Chintan is also a recognized leader. He serves as a member of the Board of Advisors at the Sri Sri School of CyberPeace Foundation and has co-trained at the prestigious HackCon Norwegian cybersecurity conference. His contributions to the cybersecurity domain have earned him recognition in multiple Bug-Bounty programs and official CVE entries for identifying key vulnerabilities. Given his vast expertise and commitment to the field, Chintan is the ideal guide to navigate learners through this comprehensive course on Applied Attack Surface Analysis and Reduction.

Join over 1 Million professionals from the most renowned Companies in the world!

certificate

Empower Your Learning with Our Flexible Plans

Invest in your future with our flexible subscription plans. Whether you're just starting out or looking to enhance your expertise, there's a plan tailored to meet your needs. Gain access to in-demand skills and courses for your continuous learning needs.

Monthly Plans
Annual Plans
Save 20% with our annual plans!

Pro

Ideal for continuous learning, offering extensive resources with 600+ courses and diverse Learning Paths to enhance your skills.

$ 499.00
Billed annually or $59.00 billed monthly
Get Started Now
Start your 7-day trial for $1

What is included

  • 700+ Premium Short Courses
  • 50+ Structured Learning Paths
  • Validation of Completion with all courses and learning paths
  • New Courses added every month
Early Access Offer

Pro +

Experience immersive learning with Practice Labs, CTF Challenges, and exclusive EC-Council certifications for comprehensive skill-building.

$ 599.00
Billed annually or $69.00 billed monthly
Get Started Now
Start your 7-day trial for $1

Everything in Pro and

  • 800+ Practice Lab exercises with guided instructions
  • 150+ CTF Challenges with detailed walkthroughs
  • New Practice Labs and Challenges added every month
  • 3 Official EC-Council Essentials Certifications¹ (retails at $897!)
    Exclusive Bonus with Annual Plans

¹This plan includes Digital Forensics Essentials (DFE), Ethical Hacking Essentials (EHE), and Network Defense Essentials (NDE) certifications. No other EC-Council certifications are included.

Related Courses

  • 15 Must Have Tools for Pentesters

    15 Must Have Tools for Pentesters

    Short Course

    15 Must Have Tools for Pentesters

    Vulnerability Assessment and Pentesting

    Upgrade your penetration testing skillset by adopting the bes...

    $59.99

    Intermediate

    9 hr 15 m

  • Kali for Penetration Testers

    Kali for Penetration Testers

    Short Course

    Kali for Penetration Testers

    Vulnerability Assessment and Pentesting

    Ethical Hacking with Kali Linux

    $69.99

    Beginner

    6 hr 49 m

  • Hacking WEP/WPA/WPA2 Wi-Fi Networks Using Kali Linux 2

    Hacking WEP/WPA/WPA2 Wi-Fi Networks Using Kali Linux 2

    Short Course

    Hacking WEP/WPA/WPA2 Wi-Fi Networks Using Kali Linux 2

    Vulnerability Assessment and Pentesting

    The comprehensive course to secure & crack WEP/WPA/WPA2 k...

    $69.99

    Intermediate

    5 hr 12 m

  • Getting Started with Bug Bounty Hunting

    Getting Started with Bug Bounty Hunting

    Short Course

    Getting Started with Bug Bounty Hunting

    Vulnerability Assessment and Pentesting

    Perfect Guide for Making You a Noob to Pro Bug Hunter

    $79.99

    Beginner

    2 hr 45 m

  • Web Hacker’s Toolbox: Tools Used by Successful Hackers

    Web Hacker’s Toolbox: Tools Used by Successful Hackers

    Short Course

    Web Hacker’s Toolbox: Tools Used by Successful Hackers

    Vulnerability Assessment and Pentesting

    Discover the Tools Used by Successful Hackers and Learn How t...

    $59.99

    Intermediate

    3 hr 4 m

  • Full-Stack Attacks on Modern Web Applications

    Full-Stack Attacks on Modern Web Applications

    Short Course

    Full-Stack Attacks on Modern Web Applications

    Vulnerability Assessment and Pentesting

    Learn About HTTP Parameter Pollution, Subdomain Takeover, and...

    $59.99

    Intermediate

    0 hr 59 m

  • Learn Hacking Using Raspberry Pi from Scratch

    Learn Hacking Using Raspberry Pi from Scratch

    Short Course

    Learn Hacking Using Raspberry Pi from Scratch

    Vulnerability Assessment and Pentesting

    Improve your Ethical Hacking Skills by using your portable Ra...

    $69.99

    Beginner

    8 hr 20 m

  • Digital Forensics for Pentesters - Hands-on Learning

    Digital Forensics for Pentesters - Hands-on Learning

    Short Course

    Digital Forensics for Pentesters - Hands-on Learning

    Vulnerability Assessment and Pentesting

    Detect and backtrack cyber criminals and hackers with digital...

    $69.99

    Beginner

    5 hr 10 m

1 8