Overview What You Will Learn Curriculum Instructor

Course Overview

In this comprehensive course on Applied Attack Surface Analysis and Reduction, we delve into the strategic significance of performing an organization’s potential attack surfaces and how to reduce threats and vulnerabilities on it strategically. This course aims to equip professionals from risk management, threat intelligence, vulnerability management, red and blue teams, security engineers, and more with an in-depth understanding of attack surface analysis and reduction methodologies and techniques.

To start off the course, we will introduce the idea of an attack surface and delve deep into the field of attack surface analysis. An important aspect of this analysis is understanding how it provides a comprehensive and strategic perspective on an organization’s overall attack surface.

As we progress, we learn how to determine an organization’s attack surface and establish or utilize metrics to measure the extent of the attack surface, employing methodologies like the layered-defense model, crown jewel first, and PPT (People, Process, Technology). The focus will be on uncovering weaknesses and threats within both digital and physical attack surfaces through practical demonstrations.

In this course, you will gain a detailed understanding of how to effectively apply various methodologies and techniques in various business sectors such as retail, banking, and logistics as an example. With this, you will be able to confidently and accurately analyze your own business, identifying potential vulnerabilities in the attack surface.

In the later part of the course, we will explore different techniques for prioritising risks. We will also address the dynamic nature of the attack surface and learn how to adjust to its changes. Additionally, we will be introduced to strategies that help reduce the attack surface, including the implementation of strong mitigating controls, the principles of Zero Trust, and methods for simplifying and eliminating complexities.

At the end of the course, we will go through various attack surface analysis tools that are free and open-source as a part of the examples. Additionally, we offer a roadmap for those who wish to pursue further education by exploring EC-Council's Certified Chief Information Security Officer (CCISO) Program. By finishing this course, participants will possess the skills to perform comprehensive attack surface analyses and implement strong measures to reduce an organization’s attack surface. This will ultimately enhance the organization’s cybersecurity posture.

What You Will Learn

  • Get a full grasp of attack surfaces, including what they're made of and how to strategically analyze them in detail.
  • Learn methodologies and techniques being used in different sectors and effectively manage your organization’s attack surface.
  • Learn how to spot risks and threats in both digital and physical attack surfaces and know how to prioritize risks efficiently and strategically.
  • Familiarize with important techniques like Zero Trust, strong mitigating controls, and complexity reduction to reduce the chances of an attack on your organization.
  • Gain hands-on experience with free and open-source attack surface analysis tools, enabling effective assessment, risk management, and surface reduction

Program Curriculum

  • What is Attack Surface?
  • Understanding Attack Surface Analysis & Reduction
  • Necessity of Attack Surface Management
  • The Significance of Effective Attack Surface Management
  • ASM Process Workflow Illustrated
  • Differentiating ASM from Other Cybersecurity Strategies
  • Attack Surface Management Use Cases
  • $7 Million Cybersecurity Scholarship by EC-Council
  • Chapter 1 Quiz

  • Distinguishing Among Threats, Risks, Fraud, and Vulnerabilities
  • Understanding Layered Defense Model
  • Understanding People, Processes, Technology, and Physical Elements in Cybersecurity
  • Chapter 2 Quiz

  • Navigating the Various Approaches to Attack Surface Analysis Process
  • Strategy 1: Analyzing Attack Surface by People, Process, Technology, & Physical Elements
  • Strategy 2: Utilizing Threat Modelling for Attack Surface Analysis
  • Strategy 3: Using Layered Defense Model for Analyzing Attack Surface
  • Strategy 4: Attack Surface Analysis by Prioritizing Business-Critical Applications
  • Strategy 5: Utilizing Threat-Intelligence for Attack Surface Analysis
  • Strategy 6: Attack Surface Analysis Led by Vulnerability Management
  • Strategy 7: Reducing Attack Surface by Asset Types
  • Summarizing Various Techniques
  • Chapter 3 Quiz

  • External vs. Internal Attack Surface
  • Understanding External Assets for ASM
  • Attack Surface Analysis Methodology
  • Demo 2 – ASN Information
  • Demo 3 – Domain & Subdomain Information
  • Demo 4 - List of Tools – Domain & Subdomain Enumeration
  • Port Scan Methodology
  • Demo 5 – Port Scan & Web Identification Methodology
  • Demo 6 – Identifying Vulnerabilities
  • Complete ASM Methodology
  • How to Effectively Perform External Attack Surface Management?
  • Chapter 4 Quiz

  • Overview of the Attack Surface Reduction Techniques
  • Minimalistic Design and Deployment
  • Regular Software Updates and Patch Management
  • Principle of Least Privilege (PoLP)
  • Network Segmentation and Micro–segmentation
  • Remove Unnecessary User Accounts
  • Application Whitelisting
  • Access Control List & Role-Based Access Control
  • Enable MFA/2FA Everywhere
  • VPN and Tunneling
  • OS & Configuration Hardening
  • Zero-Trust Model
  • DNS Security
  • Vulnerability Assessment and Penetration Testing (VAPT)
  • Chapter 5 Quiz

  • Importance of Continuous Attack Surface Management
  • Factors Contributing to Continuous Expansion of Attack Surface
  • Need of a Commercial ASM Solution
  • Main Features of Commercial ASM Solutions
  • Chapter 6 Quiz

  • Difference Between ASM and Other Reporting
  • Attack Surface Management Reporting Checklist
  • Chapter 7 Quiz

  • Criteria for Evaluating ASM Products in the Market
  • Chapter 8 Quiz
Load more modules

Instructor

Chintan Gurjar

Chintan Gurjar is a highly experienced cybersecurity expert with over 12 years of dynamic experience. Chintan specializes in various areas, including vulnerability management, threat intelligence, penetration testing, and attack surface management. He has worked with a diverse range of clients, from agile consulting firms to large-scale retail organizations on a global level. Chintan possesses a wealth of core competencies, including Risk-Based Vulnerability Management, Penetration Testing & Red Teaming, Attack Surface Management, Threat Intelligence, and proficiency in Security Operation Center & SIEM. He has held esteemed roles such as Global Senior Vulnerability Management Analyst at TikTok, Security Engineering Manager at Tesco, and Cybersecurity Manager at KPMG. Chintan's academic credentials are equally impressive, with an MSc in Computer Security & Forensics from the University of Bedfordshire and a B. Tech in Computer Engineering from Gandhinagar Institute of Technology. He also carries numerous industry certifications, including OSCP, CEH, CTIA, CCFH, CCFA, and SANS MGT516. Apart from being an expert in his field, Chintan is also a recognized leader. He serves as a member of the Board of Advisors at the Sri Sri School of CyberPeace Foundation and has co-trained at the prestigious HackCon Norwegian cybersecurity conference. His contributions to the cybersecurity domain have earned him recognition in multiple Bug-Bounty programs and official CVE entries for identifying key vulnerabilities. Given his vast expertise and commitment to the field, Chintan is the ideal guide to navigate learners through this comprehensive course on Applied Attack Surface Analysis and Reduction.

Join over 1 Million professionals from the most renowned Companies in the world!

certificate

Fastest Way to Level Up Your Cybersecurity Skills

Invest in your future with flexible subscription plans that give you access to the world’s largest online cybersecurity course library. Whether you're exploring cybersecurity courses for beginners or advancing your expertise,
access in-demand courses, practical labs, and CTF challenges designed to support continuous learning.

Monthly Plans
Annual Plans
Save 20% with our annual plans!

Pro

Build your cybersecurity skills with 900+ bite-sized courses and curated learning paths designed for continuous learning.

$ 69.00
Billed monthly or $599.00 billed annually
Get Started Now
Start your 7-day trial for $1

What is included

  • 880+ Premium Short Courses
  • 70+ Structured Learning Paths
  • Validation of Completion with all courses and learning paths
  • New Courses added every month
Early Access Offer

Pro +

Develop real-world cybersecurity skills through hands-on labs and CTF challenges designed for practical learning.

$ 79.00
Billed monthly or $699.00 billed annually
Get Started Now
Start your 7-day trial for $1

Everything in Pro, Plus:

  • 1600+ Hands-on lab exercises with guided instructions
  • 150+ CTF Challenges with detailed walkthroughs
  • New Hands-on Labs and Challenges added every month

Related Courses

  • Bootstrap 4 Quick Website Bootstrap Components Course
    Short Course

    Bootstrap 4 Quick Website Bootstrap Components Course

    Software Development

    Explore the basics of Bootstrap and learn to create a website...

    $49.99

    Beginner

    1 hr 30 m

  • CCNA - Understanding Routers and Switches
    Short Course

    CCNA - Understanding Routers and Switches

    Security Architecture and Operations

    A comprehensive guide to understanding the in-depth functioni...

    $49.99

    Intermediate

    2 hr 0 m

  • The Complete Full-Stack JavaScript Course
    Short Course

    The Complete Full-Stack JavaScript Course

    Software Development

    Learn full-stack web development using JavaScript (ReactJS, N...

    $79.99

    Beginner

    24 hr 17 m

  • React.JS for Ecommerce: Building a Store with React.JS
    Short Course

    React.JS for Ecommerce: Building a Store with React.JS

    DevSecOps

    From React.js Fundamentals to Crafting an Online Storefront

    $49.99

    Advanced

    3 hr 30 m

  • CISSP Certification Domains 5, 6, 7, and 8 Video Training
    Short Course

    CISSP Certification Domains 5, 6, 7, and 8 Video Training

    Cybersecurity

    This course is ideal for individuals who desire to pass the I...

    $69.99

    Intermediate

    6 hr 30 m

  • Helm 3 - Package Manager for Kubernetes
    Short Course

    Helm 3 - Package Manager for Kubernetes

    Software Development

    A must tool for every DevOps engineer

    $49.99

    Intermediate

    1 hr 27 m

  • Learn Ethical Hacking by Hacking Real Websites Legally
    Short Course

    Learn Ethical Hacking by Hacking Real Websites Legally

    Vulnerability Assessment and Pentesting

    Fun way to learn ethical hacking by playing online hacking ga...

    $69.99

    Beginner

    4 hr 18 m

  • Mastering Ansible Playbooks: Debugging and Security
    Short Course

    Mastering Ansible Playbooks: Debugging and Security

    Software Development

    Securing and Automating Linux and Windows Systems with Advanc...

    $99.99

    Advanced

    5 hr 34 m

1 50
View all