Course Benefits

Security experts are much required in every company and industry, regardless of the organization's size and nature. Can help many IT Professionals execute their responsibilities efficiently, from a IT Security Manager to a Network Administrator, App developer and even a Technical Support Engineer. Completing the cyber security course will make you aware of the core concepts of cyber security to succeed with any Certification Courses like CEH, CHFI etc.

Who this course is for ?

The course is ideal for the following IT Professionals who wants to learn the core concept of Cyber security in a more simple and practical way. For any students who wants to start their career in Cyber Security.

    IT Manager
    Network Manager
    Security Manager
    Site Administrator
    Network Administrator
    Technical Support Engineer
    Systems Engineer
    Government Agencies
    Mobile Developers
    Web App Developers
    IT Students
    After A/L Students

Course Content

Introduction to Cyber Security

  • What is Cyber Security ?
  • Difference between Cyber Security and Information Security
  • Fundamentals of Cyber Security
  • Threats, Attacks, Vulnerability, Mitigation , Exploitation, Data Breach
  • Principles of Cybersecurity - Confidentiality, Integrity, Availability
  • Types of Threat
  • Types of Cyber Attacks
  • Threat Modeling - STRIDE, DREAD
  • VA Testing
  • PEN Testing
  • Best Practices for Cyber Defense and Protection
  • Cyber Defense for Businesses
  • Cyber Defense for Individuals
  • What is Cryptography ?
  • Evolution of Cryptography
  • Classic Vs Modern Cryptography
  • Cryptography Primitives (Encryption, Decryption, Hash functions, Message Authentication codes)
  • Cryptosystem Components
  • What is Cryptology, Cryptanalysis, Cipher, Cipher Text, Cipher Suite
  • Security Services of Cryptography
  • Types of CryptoSystems
  • Attacks on CryptoSystem
  • Encoding and Decoding (Base64, UTF-8, UTF-16, ASN.1)
  • BitWise Operations in Cryptography
  • By end of this session, the students will have a very good understanding of what Cyber Security is. Difference between Threat, Attack, Threat Agent, Exploitation and Vulnerability. Good understanding of how to systematically identify Threats and eliminate it. Learn the best practices for Cyber Defence and protection.

    Will learn the fundamentals of Cryptography and learn the usage of it in CyberSecurity. Know the Cryptography algorithms and its behavior and know which are safe and which are not.

    Basics of Encryption, Decryption and Hashing

  • Symmetric Encryption
  • Ciphers
  • Block Cipher - Block Size, Padding, Schemes
  • Modes of Operation - ECB, CBC, CFB, OFB etc.
  • Stream Cipher
  • Encryption Process, Decryption Process
  • Algorithms - DES,Triple DES,AES
  • Asymmetric Encryption
  • Private Public Key - Generation
  • Public-key cryptography Algorithms
  • Difference between RSA & ECC Algorithms
  • Uses of asymmetric cryptography
  • Asymmetric cryptography based protocols (SSL, SSH)
  • Steganography
  • Cryptography Hash functions
  • Features of Hash Functions
  • Properties of Hash Functions
  • Design of Hashing Algorithms
  • Popular Hash Functions - MD5,SHA-1,SHA-256
  • Applications of Hash Functions
  • Message Authentication
  • Message Authentication Code (MAC)
  • Limitations of MAC
  • Types of MAC - HMAC,CBC-MAC
  • Cryptography Digital signatures
  • Model of Digital Signature
  • Importance of Digital Signature
  • Encryption with Digital Signature
  • What is Fingerprint,Digital Signature,Hashes,Message Digest ?
  • Difference between Checksum and Hashing
  • What is OTP,TOTP,HOTP ?
  • What is Key Derivation Functions and where it is used ?
  • PBKDF1,PBKDF2,bcrypt
  • Safe Cryptographic Algorithms,KeySize and Hashes
  • By end of this session, the students will have a very good understanding of information can sent be securely in web and how to prevent data tampering. Learn how hashing is useful in CyberSecurity and the best Hashing Algorithm to use.

    Deep dive into Digital Certificates

  • What is a Digital Certificate ?
  • Use of Digital Certificate
  • Levels of Validations
  • ASN.1,X.509,X.500
  • What is PKCS ?
  • Components of a Digital Certificate
  • Encoding and Decoding a Digital Certificate
  • What is CSR ?
  • Encoding and Decoding a CSR
  • Certificate Types
  • What is TLS/SSL Certificate?
  • What is Code Signing Certificate?
  • What is S/MIME Certificate?
  • PKI (CA, RA, VA)
  • A journey from CSR to Certificate
  • KeyStore,TrustStore
  • X.509 certificate encoding formats and extensions
  • File Formats: der, pem, crt, cer, pfx, p7b, p7c , p12, jks, bks
  • What is Certificate Pinning ?
  • Web of Trust Vs PKI
  • PGP,GnuPG,and other OpenPGP
  • How to Measure Cybersecurity in the Workplace ?
  • By end of this session, the students will have a very good understanding of Digital Certificate and the usage of it and how to safely use it. How Trust work in the real world.


  • Basic commands related to digital certificates
  • Create new Private Key and Certificate Signing Request
  • Create a Self-Signed Certificate
  • Verify CSR file
  • Create RSA Private Key
  • Remove Passphrase from Key
  • Verify Private Key
  • Verify Certificate File
  • Verify the Certificate Signer Authority
  • Check Hash Value of A Certificate
  • Convert DER to PEM format
  • Convert PEM to DER format
  • Convert Certificate and Private Key to PKCS#12 format
  • Create CSR using an existing private key
  • Check contents of PKCS12 format cert
  • Convert PKCS12 format to PEM certificate
  • Test SSL certificate of particular URL
  • Find out OpenSSL version
  • Check PEM File Certificate Expiration Date
  • Check Certificate Expiration Date of SSL URL
  • Check if SSL V2 or V3 is accepted on URL
  • Verify if the particular cipher is accepted on URL
  • ASN.1 Encoding of Certificates and CSR
  • Coding in Java (For Developers)
  • Encrypt / Decrypt using Symmetric/Asymmetric algorithm
  • Sign a message
  • Verify the signature
  • Cryptographic Message Syntax
  • By end of this session, the students will have a very good practical knowledge of how to test, check, create certificates.

    Web Security

  • How a WebApp Works ?
  • Interaction between Browser, WebServer, DNSServer,AppServer
  • How HTTP Protocol works ?
  • HTTP 1.0 vs HTTP 1.1 vs HTTP 2.0
  • HTTP Authentication Methods
  • Difference between HTTPS,SSL,TLS
  • How HTTPS works ?
  • Vulnerabilities of SSL/TLS
  • Who your browser trusts, and how to control it ?
  • What is a Browser Cookie and how to manage it
  • GDPR compliant cookie policy for your website
  • Best Practices for Protecting your Web Site and Web Application
  • How to Create Social Media Security Guidelines for Your Business
  • Case Study - WebApp Attacks in the past 5 years
  • By end of this session, the students will have know how a browser works and the interaction between web server and application server. How the data from web page is transfered securely and how it is done.

    Email Security

  • Webmail vs Email Clients: Which one should you choose?
  • How SMTP,POP3, IMAP4 Protocol works ?
  • How to Secure your Email Using PGP ?
  • Which type of email encryption is right for you ?
  • Email Hijacking
  • Targeted Email Attacks and how to prevent
  • Case Study - Email Attacks in the past 5 years
  • Email Security Best Practices for 2020 & Beyond
  • Office 365 Mail Protection
  • Gmail Protection
  • By end of this session, the students will know how a email works and the interaction between email client and email server. How to send emails securely.

    Cyber Attacks

  • Attack Types
  • How Attack Works and how to prevent
  • DDOS
  • SQLi
  • XSS
  • CSRF
  • XSS
  • Buffer Overflow
  • MITM
  • Phishing
  • Malware
  • Malware Types
  • How it works ? Virus,Worm,Trojan Horse,Ransomware,Spyware,Adware, and Scareware.
  • Malware Detection
  • How to protect against Malware
  • Microsoft Safety Scanner
  • Windows Malicious Software Removal Tool
  • Windows Defender Antivirus
  • Windows Defender Security Center
  • Windows Defender SmartScreen
  • Microsoft Defender Advanced Threat Protection
  • By end of this session, the students will know how malware works and how to protect your computer.

    Authentication & Authorization

  • Multifactor Authentication
  • What you know, what you have and what you are ?
  • Fingerprint,Facial Recognition,QR,SMS,eToken
  • Windows Hello
  • Single Sign-on
  • Identity and Access Management Solutions
  • Azure Active Directory
  • REST API and OAuth2
  • Common mistakes in Authentication and Authorization
  • Best Practices for Authentication and Authorization
  • Best Practices for API Protection
  • By end of this session, the students will know how authentication and authorization works. Learn the common mistakes in Authentication and Authorization and how to avoid it. How to make authentication more strong.

    Shan Shanmugarajah

    Shan holds a B.E degree in computer science and engineering. Has over 20 years of experience in Software Industry. He specializes in Information Security, Mobile Technology, IoT and middleware. He is a specialist in Local Language computing who has worked in many indic languages. He was an external consultant to ICTA and Microsoft for addressing Sinhala and Tamil language issues.He is a visiting lecturer at CICRA campus, where he lectures Application Security for Executive MSc. in Information Security and Certificate Course on iOS and Android Security. He was a lecturer at IIT, where he was lecturing iOS, Android, Mobile UX/UI for MSc and BSc. Graduates. He also delivers lectures for Centre for Banking Studies,Central Bank of Sri Lanka. He was the Ex-Direction-Mobile Architecture at WSO2.

    Under Shan's supervision, mBrain joined with IIT and started an Advanced CyberSecurity Lab at IIT called MIIT ARCS Lab, there are about 35 research students who are going through training to do advanced research on next generation Cyber Security covering areas like Cryptography, Digital Certificates, Malware & Threat Protection, BlockChain, ML and AI based Security. MIIT Lab undertakes any cyber security research project.