Course Details

Previous Page


OWASP A7 and A6: Leaky and Unprepared Applications


Overview/Description
Target Audience
Prerequisites
Expected Duration
Lesson Objectives
Course Number


Overview/Description
OWASP Top 10 list items 7 and 6 involve applications that expose sensitive data and are not protected from modern attacks.

Target Audience
Individuals who wish to increase their knowledge in the field of web application security and common exploits used against web applications

Prerequisites
None

Expected Duration (hours)
1.1

Lesson Objectives

OWASP A7 and A6: Leaky and Unprepared Applications

  • start the course
  • describe what insufficient attack protection is
  • exploit insufficient attack protection and what kind of access is needed to exploit it
  • use nmap to scan a network
  • detect insufficient attack protection and note how common it is
  • use online web app scanners
  • describe the client/server HTTP exchange
  • analyze Linux log rotation files for a Linux web server
  • list the technical and business impacts of insufficient attack protection
  • discuss attacks that take advantage of insufficient attack protection
  • describe what sensitive data exposure is
  • analyze sensitive network traffic in Linux
  • describe how sensitive data exposure can be exploited
  • review how sensitive data exposure can be exploited and what kind of access is needed to exploit it
  • describe how easy it is to detect sensitive data exposure and how common it is
  • list the technical and business impacts of sensitive data exposure
  • describe how various attacks can result in sensitive data exposure
  • provide examples of sensitive data exposure attacks
  • describe the impact of these exploits on the business and technical sides
  • Course Number:
    sp_owtt_a04_it_enus