Risk assessment Threats, Tactics, and Defenses: Primer
RCCE students will learn comprehensive risk assessment methodologies including threat identification, vulnerability assessment, impact analysis, likelihood estimation, risk scoring, and risk treatment planning. RCCE students will learn to facilitate risk assessment workshops, apply qualitative and quantitative assessment methods, use frameworks such as NIST SP 800-30, ISO 27005, FAIR, and OCTAVE, document risk assessment findings, calculate risk scores and prioritize treatments, present risk assessment results to executive leadership, and maintain living risk registers that evolve with the threat landscape and organizational changes. This threat-focused course teaches students to think like adversaries while building robust defenses. Building on core knowledge, RCCE students will learn to analyze attack techniques, build detection logic, and implement defensive strategies that proactively identify threats before they cause damage. Students develop a threat-informed mindset that drives better security decisions across all operational activities.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Risk assessment Threats, Tactics, and Defenses: Primer
- Explain Course Overview fundamentals
- Execute hands-on tasks for learning objectives
- Execute hands-on tasks for practical outcomes — covering SQLi in application code.
- Execute hands-on tasks for why attackers target sql — covering Language for managing relational databases.
- Execute hands-on tasks for how web applications use databases
- Execute hands-on tasks for normal query flow — covering User submits form or clicks link.
- Execute hands-on tasks for key characteristics
- Execute hands-on tasks for potential impact — covering Exploits trust between app and DB, Complete data breach of all records.
- Execute hands-on tasks for ranked owasp top 10 #03 (injection) — covering Complete data breach of all records.
- Execute hands-on tasks for out-of-band sqli — covering Results returned directly.
- Execute hands-on tasks for union-based sqli — covering Deliberately triggers database errors.
- Execute hands-on tasks for boolean-based blind
| Module 01 | Course Overview |
| Module 02 | Learning Objectives |
| Module 03 | Practical Outcomes |
| Module 04 | Why Attackers Target SQL |
| Module 05 | How Web Applications Use Databases |
| Module 06 | Normal Query Flow |
| Module 07 | Key Characteristics |
| Module 08 | Potential Impact |
| Module 09 | Ranked OWASP Top 10 #03 (Injection) |
| Module 10 | Out-of-Band SQLi |
| Module 11 | UNION-Based SQLi |
| Module 12 | Boolean-Based Blind |
| Module 13 | Time-Based Blind |
| Module 14 | How Out-of-Band Works |
All hands-on labs run on Rocheston Rose X OS. Students practice risk assessment threats, tactics, and defenses: primer by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Explain Course Overview fundamentals
- Lab 2: Execute hands-on tasks for learning objectives
- Lab 3: Execute hands-on tasks for practical outcomes
- Lab 4: Execute hands-on tasks for why attackers target sql
- Lab 5: Execute hands-on tasks for how web applications use databases
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Risk assessment Threats, Tactics, and Defenses: Primer, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI