Good one. I would point 022.2 Web Encryption to OWASP. Web vulnerabilities apply to websites and services that use web technologies, including web servers and cloud services.
• https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project • https://www.owasp.org/index.php/Projects/OWASP_Mobile_Security_Project_-_Top_Ten_Mobile_Risks • https://www.owasp.org/images/1/1c/OWASP-IoT-Top-10-2018-final.pdf -mad <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=icon> Virus-free. www.avast.com <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=link> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> On Fri, Jun 21, 2019 at 4:53 PM DB Clinton <[email protected]> wrote: > This looks like an excellent certification. I've got a couple of thoughts > that might be useful: > > - Should "022.2 Web Encryption" be "022.2 Website Encryption" (to > differentiate it from the "024 Network and Service Security" domain)? > - Should we include a discussion of payment processing? I know this > cert isn't focused primarily on professional admins who might be running > e-commerce sites, but all of us *make* payments. Perhaps it could be > incorporated into "025.1 Identity" and include a discussion of the > differences between in-house payment systems and third-party (i.e., PayPal) > systems. > - Since this is meant to be a way to ease users more deeply into > administration, should there be at least an awareness of areas like > penetration testing, OSINT gathering, vulnerability scanning, and intrusion > protection? They could perhaps be incorporated into "024.1 Local Network > Access Security" and "024.2 Internet Security". > - Similarly, we could add awareness of authentication solutions like > FreeRADIUS, LDAP, and AD. > - I would suggest that "OWASP", "NIST", "SCAP", and the "National > Vulnerability Database" would be good terms to add to the list of used > files, terms... in 021.2. > > David Clinton > > On Thu, Jun 20, 2019 at 12:16 PM Fabian Thorns <[email protected]> wrote: > >> Dear all, >> >> there are some exciting news: This year we will extend our Essentials >> program by a new certificate covering IT security. The new certificate will >> be added next to Linux Essentials. While it is not specific to Linux, it >> will cover common knowledge and free/open technologies/tools. Like Linux >> Essentials, it addresses the common user who gained a significant portion >> of common knowledge, comparable to a student who visited a course on the >> subject, but not to an extend of a professional working in the field. This >> exam's realm should be considered 'Digital Self-Defense', it shall cover >> the knowledge to understand common threats and how to mitigate them. >> >> There is a draft for a potential set of objectives in our wiki: >> >> https://wiki.lpi.org/wiki/SecurityEssentials_Objectives_V1.0 >> >> A lot of the draft's content was contributed by LPI's Academic Advisory >> Committee. >> >> I'd like to invite you all to review this draft and comment on it in this >> threat. We will for sure see a lot of changes, my special concern is how we >> can reduce the portion of theory on the exam in the favor of more practical >> tasks, but please share all your thoughts and suggestions. >> >> As usual, please try to discuss on the list as much as possible, but if >> you'd like to reach out personally, don't hesitate to do so. >> >> Fabian >> >> -- >> Fabian Thorns <[email protected]> GPG: F1426B12 >> Director of Certification Development, Linux Professional Institute >> _______________________________________________ >> lpi-examdev mailing list >> [email protected] >> https://list.lpi.org/mailman/listinfo/lpi-examdev > > _______________________________________________ > lpi-examdev mailing list > [email protected] > https://list.lpi.org/mailman/listinfo/lpi-examdev
_______________________________________________ lpi-examdev mailing list [email protected] https://list.lpi.org/mailman/listinfo/lpi-examdev
