OWASP: OWASP 2021 Intermediate

https://www.skillsoft.com/channel/owasp-a3c24501-1952-11e7-b488-c198130a9b04?technologyandversion=84665&expertiselevel=84666 https://www.skillsoft.com/channel/owasp-a3c24501-1952-11e7-b488-c198130a9b04?technologyandversion=84667&expertiselevel=84666 https://www.skillsoft.com/channel/owasp-a3c24501-1952-11e7-b488-c198130a9b04?technologyandversion=84668&expertiselevel=84666
  • 12 Courses | 13h 11m 55s
  • Includes Lab
  • 7 Courses | 7h 26m 4s
  • 6 Courses | 5h 2m 27s
Likes 153 Likes 153
 
Explore OWASP, The Open Web Application Security Project, an online community focused on enhancing software security.

GETTING STARTED

OWASP Top 10: Web Application Security

  • Playable
    1. 
    Course Overview
    1m 35s
    NOW PLAYING
  • Playable
    2. 
    Web Application Development
    7m 40s
    UP NEXT

GETTING STARTED

OWASP Overview

  • Playable
    1. 
    Web Applications
    7m 10s
    NOW PLAYING
  • Playable
    2. 
    Security of Web Applications
    6m 6s
    UP NEXT

GETTING STARTED

OWASP: Top 10 & Web Applications

  • Playable
    1. 
    Course Overview
    1m 54s
    NOW PLAYING
  • Playable
    2. 
    Web Application Security Flaws
    4m 20s
    UP NEXT

COURSES INCLUDED

OWASP Top 10: Web Application Security
Web applications are ubiquitous in today's computing world. In this course, you'll learn about software developer tools that can result in secure web application creation. You'll learn about server-side and client-side code, as well how to scan a web app for vulnerabilities using OWASP ZAP and Burp Suite. Next, you’ll explore secure coding using the OWASP ESAPI. Moving on, you’ll examine how to enable the Metasploitable intentionally vulnerable web app virtual machine. You'll also learn about different types of software testing methodologies and the difference between vulnerability scanning and penetration testing. Lastly, you'll learn how to deploy a web application firewall in the Microsoft Azure cloud.
15 videos | 1h 44m has Assessment available Badge
OWASP Top 10: A1 - Injection
Many web applications accept input from either external data sources or app users. In this course, you'll learn about various types of injection attacks such as SQL and command injections. You will learn how malicious users submit malicious code or commands to a web app for execution by the web server stack. Next, you'll learn how to test a web app for injection vulnerabilities using the OWASP ZAP tool. Next, you’ll set low security for a vulnerable web application tool in order to allow the execution of injection attacks. Next, you'll execute various types of injection attacks against a web application. Lastly, you will learn how to mitigate injection attacks using techniques such as input validation and input sanitization.
7 videos | 40m has Assessment available Badge
OWASP Top 10: A2 - Broken Authentication
Hardening user and device authentication can go a long way in securing web applications. In this course, you'll start by learning the difference between authentication and authorization, where authorization follows successful authentication. You'll also learn how authentication and authorization are related to web application security. Next, you'll explore how to hash and encrypt user credentials and harden user accounts through Microsoft Group Policy. You'll then examine how to use freely available tools to crack user credentials in various ways, such as using the John the Ripper tool to pass Linux passwords and the Hydra tool to crack RDP passwords. Lastly, you'll learn how to enable user multi-factor authentication and conditional access policies, as well as how to mitigate weak authentication.
16 videos | 1h 32m has Assessment available Badge
OWASP Top 10: A3 - Sensitive Data Exposure
Data is one of the most valuable assets to an organization and must be protected in accordance with applicable laws, regulations, and security standards. In this course, you'll learn about attacks that compromise sensitive data, as well as how to classify sensitive data using a variety of methods. Next, you'll examine how to hash files in Windows and Linux, along with various methods of file encryption for Windows devices. You'll then explore the PKI hierarchy and how to use a certificate to secure a web application with HTTPS. Lastly, you'll learn how to configure IPsec, encrypt cloud storage, and mitigate sensitive data attacks.
17 videos | 1h 55m has Assessment available Badge
OWASP Top 10: A4 - XML External Entities
Extensible Markup Language uses tags to describe data and has become the standard information exchange format between dissimilar systems. Many applications use XML to share and manage data. In this course, you'll begin with an XML overview, including document type definitions and how XML differs from HTML. Next, you'll learn what XML external entity attacks are. Moving on, you'll examine how the OWASP ZAP tool can scan a vulnerable web application and identify weaknesses. Next, you'll explore how to scan a web app for XXE vulnerabilities and execute an XXE attack. Lastly, you'll learn how to mitigate XXE attacks.
7 videos | 31m has Assessment available Badge
OWASP Top 10: A5 - Broken Access Control
Resource authorization occurs after successful authentication. Resources include objects such as files, folders, web apps, storage accounts, virtual machines, and so on. In this course, you'll learn about various resource access control models including MAC, DAC, and RBAC. Next, you'll examine how broken access control attacks occur. You'll then explore HTTP methods, as well as how to set file system permissions in Windows and Linux, assign permissions to code, and digitally sign a PowerShell script. Lastly, you'll learn about identify federation, how to execute broken access control attacks, and how to mitigate broken access control attacks.
14 videos | 1h 37m has Assessment available Badge
OWASP Top 10: A6 - Security Misconfiguration
Modern on-premises and cloud networks consist of many types of network devices, hosts, and services. Each of these must be configured and monitored to ensure continued compliance with organization security policies. In this course, you'll learn about various types of security misconfigurations, including using default credentials, leaving unnecessary services running, and exposing services unnecessarily to the Internet. Next, you'll explore application container management, including how to pull containers from Docker Hub and then start them. Moving on, you'll examine how containers relate to security, how to harden security settings through Group Policy, and how to manage software updates on-premises and in the cloud.
11 videos | 1h 7m has Assessment available Badge
OWASP Top 10: A7 - Cross-site Scripting
Most web apps accept some kind of input, whether from users or through other automated means. All app input must be treated as untrusted and must be vigorously validated to ensure application and data integrity. In this course, you'll learn the difference between Java and JavaScript, as well as what cross-site scripting is and how it can compromise a web site and its visitors. Next, you'll learn how to execute various XSS attacks against an intentionally vulnerable virtual machine, including through web forms. You'll also explore how to use XSS to hijack a user web browser and how to mitigate XSS attacks.
7 videos | 38m has Assessment available Badge
OWASP Top 10: A8 - Insecure Deserialization
Object-oriented programming is common when writing scripts, as well as during software development. OOP treats items as objects that have properties and methods, as opposed to treating command output as a simple string. In this course, you'll learn about OOP along with some syntax examples. You'll explore how programming objects become serialized and deserialized and how this can present a security risk to web applications. Next, you'll examine how deserialization works in PowerShell, as well as how to execute a deserialization attack against an intentionally vulnerable web application. Lastly, you'll learn how to prevent deserialization attacks from succeeding.
5 videos | 21m has Assessment available Badge
OWASP Top 10: A9 - Using Components with Known Vulnerabilities
Software developers often use existing third-party APIs and software components instead of recreating the wheel, so to speak. This reduces development time and time to market for software products. In this course, you'll learn that only trusted APIs and components should be used, that developers must truly understand how these items work, and that they must be kept up-to-date. Next, you'll learn about the Heartbleed Bug and how to view components in Microsoft Visual Studio. You'll then examine how security must apply to all aspects of Continuous Integration and Continuous Delivery. Lastly, you'll explore how to search the shodan.io web site for vulnerable devices and apps.
6 videos | 32m has Assessment available Badge
OWASP Top 10: A10 - Insufficient Logging & Monitoring
Modern web applications can consist of many components, which are often running within application containers. Each component must be monitored to detect intrusions. In this course, you'll learn about various ways monitoring can be enabled in Linux on individual hosts, in Windows, and in cloud computing environments. Next, you'll explore how to forward log entries to a central logging host in Linux and in Windows. You'll then learn how to monitor cloud-based web application performance. Moving on, you’ll examine how to download and configure the Snort IDS by creating IDS rules for Telnet and ICMP network traffic. Lastly, you'll learn how to analyze packet captures for suspicious activity and mitigate monitoring deficiencies.
11 videos | 1h 11m has Assessment available Badge
OWASP Top 10: Discovering & Exploiting Web App Vulnerabilities
There are almost two billion web sites in the world today. Many of these sites are not sufficiently protected against attacks. In this course, you'll begin by learning how to install a sample vulnerable web application. Next, you'll explore how to use reconnaissance methods, such as nmap scanning and web app scanning using OWASP ZAP, to discover HTTP hosts and vulnerable applications. You'll learn how to execute attacks including XSS, CSRF, file injection, and denial of service. You'll move on to examine how to capture user keystrokes using a hardware keylogger and capture cleartext HTTP transmissions. Lastly, you'll learn how to forge fake TCP/IP packets and then deploy and secure a cloud-hosted web application.
14 videos | 1h 18m has Assessment available Badge
SHOW MORE
FREE ACCESS

COURSES INCLUDED

OWASP Overview
Discover who OWASP is, what they do, and what the OWASP Top 10 list represents.
15 videos | 58m has Assessment available Badge
Top 10 List Items
The OWASP top 10 lists is a list of the most critical application securitry risks. Explore each item on this list.
14 videos | 1h 6m has Assessment available Badge
A8 and A3: Cross-Site Attacks
OWASP Top 10 list items 8 and 3 include cross-site attacks, which are very common exploits in modern web applications
12 videos | 51m has Assessment available Badge
A7 and A6: Leaky and Unprepared Applications
OWASP Top 10 list items 7 and 6 involve applications that expose sensitive data and are not protected from modern attacks.
18 videos | 1h 8m has Assessment available Badge
A4 and A2: Broken Applications
OWASP Top 10 list items 4 and 2 involve applications with broken access controls and broken authentication and session management.
13 videos | 1h 12m has Assessment available Badge
A5 and A1: Security and Injection
OWASP Top 10 list items 5 and 1 cover security misconfigurations and injection, two highly common attacks in modern web applications
13 videos | 1h 14m has Assessment available Badge
A10 and A9: API and Component Attacks
OWASP Top 10 list items 10 and 9 are exploits of APIs and components of web applications. 
12 videos | 54m has Assessment available Badge
SHOW MORE
FREE ACCESS

COURSES INCLUDED

OWASP: Top 10 & Web Applications
Web applications rely on numerous underlying infrastructure components, including public key infrastructure (PKI). Discover the overall web application ecosystem with a focus on the OWASP Top 10 2017. Key concepts covered in this 13-video course include how to identify common web application security issues and their impacts; how tools such as Nmap, Metasploit, and Nessus can be used for benign and malicious purposes; and how the OWASP Top 10 helps to secure web applications. Next, you will learn the OWASP security tools; how to identify common web application architecture and development techniques and the role that clients and servers play; and how TLS supersedes SSL and tools such as SSL Labs can test PKI implementations. Learners then observe how PKI certificates can enhance web application security; how to configure HTTPS bindings for Microsoft IIS websites; and how to configure Microsoft IIS websites to require client certificates. Finally, learn how to configure HTTPS bindings for Linux Apache websites, and how to scan a public Internet site's PKI configuration to determine the site's security posture.
13 videos | 1h 5m has Assessment available Badge
OWASP: Web Application Security
A number of high-level security controls such as web application firewalls and secure coding practices go a long way toward securing web applications. In this 10-video course, learners can explore vulnerability scanning and penetration testing tools and procedures. Key concepts covered in this course include learning to adhere to secure coding guidelines at all phases of the SDLC; how a web application firewall is much more of an in-depth solution for web application security than a traditional firewall; and how to configure a web application firewall for a Microsoft Azure web application. Next, learn why malicious users and ethical hackers perform network and vulnerability scans; learn the importance of conducting periodic penetration tests with the goal to exploit vulnerabilities to determine risk; how to perform a network scan by using Nmap, which identifies devices on the network. Conclude by observing how to perform a vulnerability scan using Nessus; and how to test the security of a web application with OWASP ZAP.
10 videos | 47m has Assessment available Badge
OWASP: Top 10 Item A10
A lack of log analysis and security event monitoring results in security breaches going undetected for long periods of time. Learners can explore aspects and recommendations focusing on OWASP Top 10 2017 item A10: Insufficient Logging and Monitoring, in this 10-video course. Key concepts covered here include the details of OWASP Top 10 Item A10, which deals with common logging security flaws and insufficient logging and monitoring; learning how to mitigate insufficient logging and monitoring with an incident response plan; and learning how to configure Windows Event Viewer log forwarding. Next, you will observe how to configure a Linux environment for centralized logging using rsyslog forwarding; how to build a custom Windows Event Viewer log view; and how to attach a PowerShell script to a specific logged event. Finally, learn how to use a Windows Data Collector Set to establish a performance baseline; and how to use the Windows Performance Monitor tool to create a performance baseline and identify performance anomalies which could indicate security compromises.
10 videos | 48m has Assessment available Badge
OWASP: Top 10 Items A9, A8, & A7
In this 11-video course, learners will discover security aspects focusing on OWASP Top 10 2017 Item A9: Using Components with Known Vulnerabilities; Item A8: Insecure Deserialization; and Item A7: Cross-Site Scripting (XSS). Key concepts covered in this course include details about OWASP Top 10 2017 Item A9, dealing with known vulnerabilities, and examining different types of common vulnerabilities; and details about OWASP Top 10 2017 Item A8, which involves insecure deserialization and transmission of objects between network hosts programmatically, or storage of an object in a file, such as storing something in a web browser cookie. Next, learn how insecure deserialization can be mitigated by treating it as user input; learn how to secure traffic by encrypting it with IPSec to protect serialized data; and learn details about OWASP Top 10 2017 Item A7 relating to XSS and how XSS can be mitigated. Finally, you will learn to perform a fuzz test by using OWASP ZAP; and how to identify insecure components, serialization, and XSS.
11 videos | 42m has Assessment available Badge
OWASP: Top 10 Items A6, A5, & A4
Explore security aspects focusing on OWASP Top 10 2017 Item A6: Security Misconfiguration, Item A5: Broken Access Control, and Item A4: XML External Entities in this 11-video course. Key concepts covered in this course include details about OWASP Top 10 2017 Item A6, and how security misconfigurations can come in many different forms and on different levels of a web application ecosystem; and learning how security misconfigurations can be mitigated. Next, learn how to lock down anonymous cloud storage access; observe how to disable SSLv3 on web browsers and web servers; and learn details about OWASP Top 10 2017 Item A5 broken access control, and how broken access control can be mitigated. Learners will then observe how to use the Microsoft Azure Cloud computing environment to create a shared access signature to limit access to sensitive files. Finally, learn the details about OWASP Top 10 2017 Item A4 covering XML external entities and how XML external entity vulnerabilities can be mitigated.
11 videos | 51m has Assessment available Badge
OWASP: Top 10 Items A3, A2, & A1
In this 12-video course, learners will discover security aspects focusing on OWASP Top 10 2017 Item A3: Sensitive Data Exposure, Item A2: Broken Authentication and Item A1: Injection. Key concepts covered in this course include details about OWASP Top 10 2017 Item A3, sensitive data exposure, and how data are transmitted over networks; how to prevent sensitive data disclosure through mitigating and protecting; and how to enable BitLocker encryption for a web server disk volume. Next, learn details about OWASP Top 10 2017 Item A2, broken authentication, and learn how to secure authentication; observe how to enable multifactor authentication (MFA) for an Amazon Web Services user account; and learn how to retrieve sensitive data through password reset pages. Finally, learn details about OWASP Top 10 2017 Item A1, injection – how attackers feed malicious input to a web application; and how to validate user input before allowing submission for execution. The concluding exercise deals with how authentication can be hardened, how to list mitigations against SQL injection attacks, and how MFA enhances security.
12 videos | 47m has Assessment available Badge
SHOW MORE
FREE ACCESS

EARN A DIGITAL BADGE WHEN YOU COMPLETE THESE COURSES

Skillsoft is providing you the opportunity to earn a digital badge upon successful completion on some of our courses, which can be shared on any social network or business platform.

Digital badges are yours to keep, forever.

YOU MIGHT ALSO LIKE

Likes 117 Likes 117  
Likes 22 Likes 22