Internet And Network Technologies
OWASP Top 10
OWASP A10 and A9: API and Component Attacks
OWASP A4 and A2: Broken Applications
OWASP A5 and A1: Security and Injection
OWASP A7 and A6: Leaky and Unprepared Applications
OWASP A8 and A3: Cross-Site Attacks
OWASP Overview
OWASP Top 10: List Item Overview

OWASP A10 and A9: API and Component Attacks

Course Number:
sp_owtt_a07_it_enus
Lesson Objectives

OWASP A10 and A9: API and Component Attacks

  • start the course
  • define what an underprotected API is
  • describe how underprotected APIs can be exploited and what kind of access is needed to exploit it
  • describe how easy it is to detect underprotected APIs and how common they are
  • list the technical and business impacts of underprotected APIs
  • provide examples of underprotected API attacks
  • specify what a vulnerable component is
  • describe how vulnerable components can be exploited and what kind of access is needed to exploit them
  • describe how easy it is to detect vulnerable components and how common they are
  • list the technical and business impacts of vulnerable components
  • provide examples of vulnerable component attacks
  • purchase merchandise at an unauthorized discount
  • describe what A10 and A9 are and how they affect web application security

Overview/Description
OWASP Top 10 list items 10 and 9 are exploits of APIs and components of web applications.

Target Audience
Individuals who wish to increase their knowledge in the field of web application security and common exploits used against web applications

OWASP A4 and A2: Broken Applications

Course Number:
sp_owtt_a05_it_enus
Lesson Objectives

OWASP A4 and A2: Broken Applications

  • start the course
  • explain what Broken Access Control is
  • how Broken Access Control can be exploited and what kind of access is needed to exploit it
  • how easy it is to detect Broken Access Control and how common they are
  • the technical and business impacts of Broken Access Control
  • provide examples of Broken Access Control attacks
  • guess URLs and parameters to gain access to web pages and data
  • explain what Broken Authentication and Session Management is
  • how Broken Authentication and Session Management can be exploited and what kind of access is needed to exploit it
  • how easy it is to detect Broken Authentication and Session Management and how common they are
  • the technical and business impacts of Broken Authentication and Session Management
  • provide examples of Broken Authentication and Session Management attacks
  • retrieve sensitive data through password reset pages
  • what an attacker can access if they exploit A4 or A2

Overview/Description
OWASP Top 10 list items 4 and 2 involve applications with broken access controls and broken authentication and session management.

Target Audience
Individuals who wish to increase their knowledge in the field of web application security and common exploits used against web applications

OWASP A5 and A1: Security and Injection

Course Number:
sp_owtt_a06_it_enus
Lesson Objectives

OWASP A5 and A1: Security and Injection

  • start the course
  • explain what Security Misconfigurations are
  • how Security Misconfigurations can be exploited and what kind of access is needed to exploit it
  • how easy it is to detect Security Misconfigurations and how common they are
  • the technical and business impacts of Security Misconfigurations
  • provide examples of Security Misconfiguration attacks
  • enable protection for a web app through a WAF
  • explain what Injection is
  • how Injection can be exploited and what kind of access is needed to exploit it
  • how easy it is to detect Injection and how common they are
  • the technical and business impacts of Injection attacks
  • provide examples of Injection attacks
  • inject SQL commands into a web form field
  • explain how A5 and A1 can be exploited by attackers

Overview/Description
OWASP Top 10 list items 5 and 1 cover security misconfigurations and injection, two highly common attacks in modern web applications

Target Audience
Individuals who wish to increase their knowledge in the field of web application security and common exploits used against web applications

OWASP A7 and A6: Leaky and Unprepared Applications

Course Number:
sp_owtt_a04_it_enus
Lesson Objectives

OWASP A7 and A6: Leaky and Unprepared Applications

  • start the course
  • describe what insufficient attack protection is
  • exploit insufficient attack protection and what kind of access is needed to exploit it
  • use nmap to scan a network
  • detect insufficient attack protection and note how common it is
  • use online web app scanners
  • describe the client/server HTTP exchange
  • analyze Linux log rotation files for a Linux web server
  • list the technical and business impacts of insufficient attack protection
  • discuss attacks that take advantage of insufficient attack protection
  • describe what sensitive data exposure is
  • analyze sensitive network traffic in Linux
  • describe how sensitive data exposure can be exploited
  • review how sensitive data exposure can be exploited and what kind of access is needed to exploit it
  • describe how easy it is to detect sensitive data exposure and how common it is
  • list the technical and business impacts of sensitive data exposure
  • describe how various attacks can result in sensitive data exposure
  • provide examples of sensitive data exposure attacks
  • describe the impact of these exploits on the business and technical sides

Overview/Description
OWASP Top 10 list items 7 and 6 involve applications that expose sensitive data and are not protected from modern attacks.

Target Audience
Individuals who wish to increase their knowledge in the field of web application security and common exploits used against web applications

OWASP A8 and A3: Cross-site Attacks

Course Number:
sp_owtt_a03_it_enus
Lesson Objectives

OWASP A8 and A3: Cross-site Attacks

  • start the course
  • explain what Cross-site Request Forgery (CSRF) is
  • exploit CSRF and what kind of access is needed to exploit it
  • detect CSRF and how common they are
  • list technical and business impacts of CSRFs
  • provide examples of CSRF attacks
  • describe what Cross-site Scripting (XSS) is
  • exploit XSS and what kind of access is needed to exploit it
  • detect XSS and how common it is
  • list the technical and business impacts of XSS
  • provide examples of XSS attacks
  • review an XSS attack
  • describe how CSRF and XSS can be exploited by an attacker

Overview/Description
OWASP Top 10 list items 8 and 3 include cross-site attacks, which are very common exploits in modern web applications.

Target Audience
Individuals who wish to increase their knowledge in the field of web application security and common exploits used against web applications

OWASP Overview

Course Number:
sp_owtt_a01_it_enus
Lesson Objectives

OWASP Overview

  • start the course
  • describe the modern state of web applications
  • specify the importance of security in web applications
  • list recent major attacks on web applications
  • review an example of an exploit and review topics to identify an exploit
  • describe who OWASP is, what they do, and why they are relevant
  • review the key areas on the OWASP site and review some of the key sections
  • describe what the OWASP Top 10 is
  • review how to access the latest Top 10 information from the OWASP web site
  • list items on the previous OWASP Top 10 lists
  • list items on the OWASP Top 10 2017 list
  • compare the similarities between the 2017 OWASP Top 10 list and previous lists
  • describe why OWASP Top 10 is important and useful
  • demonstrate how to access the OWASP Top 10 developer guide
  • specify who the OWASP Top 10 is meant for
  • list commonalities between old and new lists

Overview/Description
In this course, you'll learn who OWASP is, what they do, and what the OWASP Top 10 list represents.

Target Audience
Individuals who wish to increase their knowledge in the field of web application security and common exploits used against web applications

OWASP Top 10: List Item Overview

Course Number:
sp_owtt_a02_it_enus
Lesson Objectives

OWASP Top 10: List Item Overview

  • start the course.
  • describe A10 in general terms
  • describe A9 in general terms
  • review different types of vulnerabilities
  • describe A8 in general terms
  • describe A7 in general terms
  • describe A6 in general terms
  • describe A5 in general terms
  • demonstrate how to monitor for vulnerabilities
  • describe A4 in general terms
  • demonstrate how to apply the least privilege principle
  • describe A3 in general terms
  • describe A2 in general terms
  • describe A1 in general terms
  • describe all 10 exploits on the OWASP Top 10 list |w

Overview/Description
This course provides a general overview of the OWASP Top 10 list items.

Target Audience
Individuals who wish to increase their knowledge in the field of web application security and common exploits used against web applications

Close Chat Live