This week we cruised from F5 all the way to H8 in the CPSA syllabus and wow, it was a buffet of hacking techniques, security hardening tips, and “don’t try this at home unless it’s in a VM moments.
🔐 F5 – User Account Management & Privilege Controls
- Learned how not to give Dave in Accounts admin rights “just in case he needs it.”
- Covered privilege escalation risks and secure password policies.
- Security+ Crossover: Domain 4 (Security Operations) and Domain 2 (Threats & Vulnerabilities) — perfect overlap with account security and access control principles.
🖥️ F6 – Logging & Monitoring
- Logs: not just boring text files — they’re the breadcrumbs to catch cyber-Hansels and Gretels.
- SIEM basics, log retention, and detecting anomalies before they become disasters.
- Security+ Crossover: Domain 4 again — your logging and monitoring skills will be top-tier for both exams.
🌍 G1–G5 – Web Application Security
- OWASP Top 10 greatest hits: XSS, SQL Injection, CSRF… all the fun ways bad guys ruin a website.
- Explored input validation and output encoding like web bouncers keeping dodgy data out.
- Security+ Crossover: Domain 2 (Threats & Vulns) and Domain 3 (Architecture) — both love a secure web app.
💾 G6–G10 – Databases & Attacks
- From MS SQL to Oracle DB, learning their quirks, ports, and sneaky vulnerabilities.
- Practiced queries that should be harmless… until you leave them in the wrong hands.
- Security+ Crossover: Database security is straight from Domain 3’s playbook.
⚡ H1–H8 – Security Testing & Exploitation
- Scanning, probing, and responsibly poking systems until they spilled secrets.
- Talked vulnerability assessment vs penetration testing, and why report writing is your real superpower.
- Security+ Crossover: Domain 4 for testing methods, Domain 2 for threat analysis.
By this point, studying CPSA is like running Security+ training in the background without even realising it.