Zero-Trust Approach to HTTP/S: Primer
RCCE students will learn HTTP and HTTPS protocol security including request/response analysis, header security (HSTS, CSP, X-Frame-Options), TLS/SSL configuration, certificate management, and common HTTP-based attacks. RCCE students will learn to analyze HTTP traffic for security issues, configure security headers to protect web applications, implement proper TLS configurations, manage digital certificates, detect and investigate HTTP-based attacks including request smuggling, host header injection, and cookie manipulation, troubleshoot HTTPS connectivity issues, and audit web server configurations for security weaknesses. This zero-trust course applies modern security principles including least privilege, continuous verification, and explicit trust evaluation. Starting from foundational concepts, RCCE students will learn to implement zero-trust architectures that assume breach and verify every access request regardless of network location. Students build practical zero-trust implementations that align with organizational security modernization goals.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Zero-Trust Approach to HTTP/S: Primer
- Apply zero-trust principles to privilege decisions and elevation
- Explain Course Overview & Zero-Trust Philosophy fundamentals
- Execute hands-on tasks for course scope
- Apply zero-trust principles to privilege decisions and elevation, including HTTP/HTTPS protocol security analysis, and Never trust, always verify.
- Apply zero-trust principles to privilege decisions and elevation, including Perimeter-based models fail against modern threats.
- Build detections and response workflows for privilege escalation, including Method: GET, POST, PUT, DELETE, PATCH.
- Execute hands-on tasks for cookies transmitted via cookie header — covering Status codes: 2xx, 3xx, 4xx, 5xx.
- Execute hands-on tasks for http methods & status codes deep dive
- Execute hands-on tasks for security note
- Explain HTTP Headers Security Overview fundamentals
- Execute hands-on tasks for request headers
- Build detections and response workflows for privilege escalation
| Module 01 | Zero-Trust Approach to HTTP/S: Primer |
| Module 02 | Course Overview & Zero-Trust Philosophy |
| Module 03 | Course Scope |
| Module 04 | Zero-Trust Principles |
| Module 05 | Why Zero-Trust for HTTP/S? |
| Module 06 | Response Components |
| Module 07 | Cookies transmitted via Cookie header |
| Module 08 | HTTP Methods & Status Codes Deep Dive |
| Module 09 | Security Note |
| Module 10 | HTTP Headers Security Overview |
| Module 11 | Request Headers |
| Module 12 | Response Security |
| Module 13 | Zero-Trust Headers |
| Module 14 | Origin: CORS source |
All hands-on labs run on Rocheston Rose X OS. Students practice zero-trust approach to http/s: primer by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Apply zero-trust principles to privilege decisions and elevation
- Lab 2: Explain Course Overview & Zero-Trust Philosophy fundamentals
- Lab 3: Execute hands-on tasks for course scope
- Lab 4: Apply zero-trust principles to privilege decisions and elevation
- Lab 5: Apply zero-trust principles to privilege decisions and elevation
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Zero-Trust Approach to HTTP/S: Primer, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI