HTTP/S for Beginners
RCCE students will learn HTTP and HTTPS protocol security including request/response analysis, header security (HSTS, CSP, X-Frame-Options), TLS/SSL configuration, certificate management, and common HTTP-based attacks. RCCE students will learn to analyze HTTP traffic for security issues, configure security headers to protect web applications, implement proper TLS configurations, manage digital certificates, detect and investigate HTTP-based attacks including request smuggling, host header injection, and cookie manipulation, troubleshoot HTTPS connectivity issues, and audit web server configurations for security weaknesses. Designed for students with no prior experience in this area, this course builds knowledge from the ground up with clear explanations, guided demonstrations, and progressive skill-building. Starting from foundational concepts, RCCE students will learn core concepts through practical examples that connect theory to real-world security operations. By completion, students will have the foundational knowledge and hands-on confidence needed to contribute in professional cybersecurity roles.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing HTTP/S for Beginners
- Execute hands-on tasks for protocol security, traffic analysis & web defense
- Explain Course Overview & Learning Objectives fundamentals
- Execute hands-on tasks for what you will learn
- Execute hands-on tasks for skills you will gain — covering Analyze HTTP traffic for security issues.
- Build detections and response workflows for privilege escalation, including Analyze HTTP traffic for security issues.
- Execute hands-on tasks for hypertext transfer protocol — covering Application-layer protocol (OSI Layer 7), Carries nearly all web application traffic.
- Execute hands-on tasks for why http matters for security — covering Application-layer protocol (OSI Layer 7).
- Execute hands-on tasks for default port: tcp 80 — covering Carries nearly all web application traffic.
- Design a scalable privilege management architecture with policy and enforcement
- Execute hands-on tasks for client (user agent) — covering Web browsers, curl, APIs, mobile apps, Initiates requests to servers.
- Execute hands-on tasks for web browsers, curl, apis, mobile apps — covering Initiates requests to servers.
- Execute hands-on tasks for server (origin) — covering Apache, Nginx, IIS, Node.js, Listens on ports 80/443.
| Module 01 | Protocol Security, Traffic Analysis & Web Defense |
| Module 02 | Course Overview & Learning Objectives |
| Module 03 | What You Will Learn |
| Module 04 | Skills You Will Gain |
| Module 05 | Common HTTP-based attack detection |
| Module 06 | Hypertext Transfer Protocol |
| Module 07 | Why HTTP Matters for Security |
| Module 08 | Default port: TCP 80 |
| Module 09 | The Client-Server Model |
| Module 10 | Client (User Agent) |
| Module 11 | Web browsers, curl, APIs, mobile apps |
| Module 12 | Server (Origin) |
| Module 13 | Apache, Nginx, IIS, Node.js |
| Module 14 | Security Considerations in the Model |
All hands-on labs run on Rocheston Rose X OS. Students practice http/s for beginners by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for protocol security, traffic analysis & web defense
- Lab 2: Explain Course Overview & Learning Objectives fundamentals
- Lab 3: Execute hands-on tasks for what you will learn
- Lab 4: Execute hands-on tasks for skills you will gain
- Lab 5: Build detections and response workflows for privilege escalation
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for HTTP/S for Beginners, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI