OWASP: OWASP 2017 (2019 Update) intermediate

https://www.skillsoft.com/channel/owasp-a3c24501-1952-11e7-b488-c198130a9b04?technologyandversion=84665&expertiselevel=84666 https://www.skillsoft.com/channel/owasp-a3c24501-1952-11e7-b488-c198130a9b04?technologyandversion=43033247&expertiselevel=84666 https://www.skillsoft.com/channel/owasp-a3c24501-1952-11e7-b488-c198130a9b04?technologyandversion=84667&expertiselevel=84666 https://www.skillsoft.com/channel/owasp-a3c24501-1952-11e7-b488-c198130a9b04?technologyandversion=84668&expertiselevel=84666
  • 12 Courses | 12h 42m 55s
  • Includes Lab
  • 11 Courses | 11h 21m 31s
  • 6 Courses | 5h 44m 59s
  • 6 Courses | 4h 34m 57s
Rating 4.0 of 1 users Rating 4.0 of 1 users (1)
 
Explore OWASP, The Open Web Application Security Project, an online community focused on enhancing software security.

GETTING STARTED

OWASP Top 10: Web Application Security

  • 1m 35s
  • 7m 40s

GETTING STARTED

OWASP Top 10: Securing Web Applications

  • 56s
  • 9m 14s

GETTING STARTED

OWASP Overview

  • 7m 10s
  • 6m 6s

GETTING STARTED

OWASP: Top 10 & Web Applications

  • 1m 54s
  • 4m 20s

COURSES INCLUDED

OWASP Top 10: Web Application Security
Web applications are ubiquitous in today's computing world. In this course, you'll learn about software developer tools that can result in secure web application creation. You'll learn about server-side and client-side code, as well how to scan a web app for vulnerabilities using OWASP ZAP and Burp Suite. Next, you'll explore secure coding using the OWASP ESAPI. Moving on, you'll examine how to enable the Metasploitable intentionally vulnerable web app virtual machine. You'll also learn about different types of software testing methodologies and the difference between vulnerability scanning and penetration testing. Lastly, you'll learn how to deploy a web application firewall in the Microsoft Azure cloud.
15 videos | 1h 37m has Assessment available Badge
OWASP Top 10: A1 - Injection
Many web applications accept input from either external data sources or app users. In this course, you'll learn about various types of injection attacks such as SQL and command injections. You will learn how malicious users submit malicious code or commands to a web app for execution by the web server stack. Next, you'll learn how to test a web app for injection vulnerabilities using the OWASP ZAP tool. Next, you'll set low security for a vulnerable web application tool in order to allow the execution of injection attacks. Next, you'll execute various types of injection attacks against a web application. Lastly, you will learn how to mitigate injection attacks using techniques such as input validation and input sanitization.
7 videos | 40m has Assessment available Badge
OWASP Top 10: A2 - Broken Authentication
Hardening user and device authentication can go a long way in securing web applications. In this course, you'll start by learning the difference between authentication and authorization, where authorization follows successful authentication. You'll also learn how authentication and authorization are related to web application security. Next, you'll explore how to hash and encrypt user credentials and harden user accounts through Microsoft Group Policy. You'll then examine how to use freely available tools to crack user credentials in various ways, such as using the John the Ripper tool to pass Linux passwords and the Hydra tool to crack RDP passwords. Lastly, you'll learn how to enable user multi-factor authentication and conditional access policies, as well as how to mitigate weak authentication.
16 videos | 1h 32m has Assessment available Badge
OWASP Top 10: A3 - Sensitive Data Exposure
Data is one of the most valuable assets to an organization and must be protected in accordance with applicable laws, regulations, and security standards. In this course, you'll learn about attacks that compromise sensitive data, as well as how to classify sensitive data using a variety of methods. Next, you'll examine how to hash files in Windows and Linux, along with various methods of file encryption for Windows devices. You'll then explore the PKI hierarchy and how to use a certificate to secure a web application with HTTPS. Lastly, you'll learn how to configure IPsec, encrypt cloud storage, and mitigate sensitive data attacks.
17 videos | 1h 48m has Assessment available Badge
OWASP Top 10: A4 - XML External Entities
Extensible Markup Language uses tags to describe data and has become the standard information exchange format between dissimilar systems. Many applications use XML to share and manage data. In this course, you'll begin with an XML overview, including document type definitions and how XML differs from HTML. Next, you'll learn what XML external entity attacks are. Moving on, you'll examine how the OWASP ZAP tool can scan a vulnerable web application and identify weaknesses. Next, you'll explore how to scan a web app for XXE vulnerabilities and execute an XXE attack. Lastly, you'll learn how to mitigate XXE attacks.
7 videos | 31m has Assessment available Badge
OWASP Top 10: A5 - Broken Access Control
Resource authorization occurs after successful authentication. Resources include objects such as files, folders, web apps, storage accounts, virtual machines, and so on. In this course, you'll learn about various resource access control models including MAC, DAC, and RBAC. Next, you'll examine how broken access control attacks occur. You'll then explore HTTP methods, as well as how to set file system permissions in Windows and Linux, assign permissions to code, and digitally sign a PowerShell script. Lastly, you'll learn about identify federation, how to execute broken access control attacks, and how to mitigate broken access control attacks.
14 videos | 1h 31m has Assessment available Badge
OWASP Top 10: A6 - Security Misconfiguration
Modern on-premises and cloud networks consist of many types of network devices, hosts, and services. Each of these must be configured and monitored to ensure continued compliance with organization security policies. In this course, you'll learn about various types of security misconfigurations, including using default credentials, leaving unnecessary services running, and exposing services unnecessarily to the Internet. Next, you'll explore application container management, including how to pull containers from Docker Hub and then start them. Moving on, you'll examine how containers relate to security, how to harden security settings through Group Policy, and how to manage software updates on-premises and in the cloud.
11 videos | 1h 7m has Assessment available Badge
OWASP Top 10: A7 - Cross-site Scripting
Most web apps accept some kind of input, whether from users or through other automated means. All app input must be treated as untrusted and must be vigorously validated to ensure application and data integrity. In this course, you'll learn the difference between Java and JavaScript, as well as what cross-site scripting is and how it can compromise a web site and its visitors. Next, you'll learn how to execute various XSS attacks against an intentionally vulnerable virtual machine, including through web forms. You'll also explore how to use XSS to hijack a user web browser and how to mitigate XSS attacks.
7 videos | 36m has Assessment available Badge
OWASP Top 10: A8 - Insecure Deserialization
Object-oriented programming is common when writing scripts, as well as during software development. OOP treats items as objects that have properties and methods, as opposed to treating command output as a simple string. In this course, you'll learn about OOP along with some syntax examples. You'll explore how programming objects become serialized and deserialized and how this can present a security risk to web applications. Next, you'll examine how deserialization works in PowerShell, as well as how to execute a deserialization attack against an intentionally vulnerable web application. Lastly, you'll learn how to prevent deserialization attacks from succeeding.
5 videos | 21m has Assessment available Badge
OWASP Top 10: A9 - Using Components with Known Vulnerabilities
Software developers often use existing third-party APIs and software components instead of recreating the wheel, so to speak. This reduces development time and time to market for software products. In this course, you'll learn that only trusted APIs and components should be used, that developers must truly understand how these items work, and that they must be kept up-to-date. Next, you'll learn about the Heartbleed Bug and how to view components in Microsoft Visual Studio. You'll then examine how security must apply to all aspects of Continuous Integration and Continuous Delivery. Lastly, you'll explore how to search the shodan.io web site for vulnerable devices and apps.
6 videos | 30m has Assessment available Badge
OWASP Top 10: A10 - Insufficient Logging & Monitoring
Modern web applications can consist of many components, which are often running within application containers. Each component must be monitored to detect intrusions. In this course, you'll learn about various ways monitoring can be enabled in Linux on individual hosts, in Windows, and in cloud computing environments. Next, you'll explore how to forward log entries to a central logging host in Linux and in Windows. You'll then learn how to monitor cloud-based web application performance. Moving on, you'll examine how to download and configure the Snort IDS by creating IDS rules for Telnet and ICMP network traffic. Lastly, you'll learn how to analyze packet captures for suspicious activity and mitigate monitoring deficiencies.
11 videos | 1h 6m has Assessment available Badge
OWASP Top 10: Discovering & Exploiting Web App Vulnerabilities
There are almost two billion web sites in the world today. Many of these sites are not sufficiently protected against attacks. In this course, you'll begin by learning how to install a sample vulnerable web application. Next, you'll explore how to use reconnaissance methods, such as nmap scanning and web app scanning using OWASP ZAP, to discover HTTP hosts and vulnerable applications. You'll learn how to execute attacks including XSS, CSRF, file injection, and denial of service. You'll move on to examine how to capture user keystrokes using a hardware keylogger and capture cleartext HTTP transmissions. Lastly, you'll learn how to forge fake TCP/IP packets and then deploy and secure a cloud-hosted web application.
14 videos | 1h 18m has Assessment available Badge
SHOW MORE
FREE ACCESS

COURSES INCLUDED

OWASP Top 10: Securing Web Applications
Web applications are ubiquitous in today's computing world, and many software development tools are available to help with secure web app creation. In this course, examine different software development tools and explore server-side and client-side code. Next, learn how to scan web apps for vulnerabilities using OWASP ZAP and Burp Suite, write secure code, and enable the Metasploitable intentionally vulnerable web app virtual machine. Finally, compare the different types of software testing methodologies, learn the difference between vulnerability scanning and penetration testing, and discover how web application firewalls (WAFs) protect web apps from common attacks. Upon completion, you'll be able to recognize the key components of secure web app creation and the purpose of the Open Web Application Security Project (OWASP).
12 videos | 1h 27m has Assessment available Badge
OWASP Top 10: A01:2021-Broken Access Control
Resource authorization occurs after successful authentication. Resources include objects such as files, folders, web apps, storage accounts, virtual machines, and more. In this course, learn about various resource access control models, including mandatory (MAC), discretionary (DAC), role-based (RBAC), and attribute-based access control (ABAC). Next, examine how broken access control attacks occur and how HTTP requests and responses interact with web applications. Discover how to set file system permissions in Windows and Linux, assign permissions to code, and digitally sign a PowerShell script. Finally, explore identity federation and how to execute and mitigate broken access control attacks. Upon completion, you'll be able to harden resource access to mitigate broken access control attacks.
12 videos | 1h 13m has Assessment available Badge
OWASP Top 10: A02:2021-Cryptographic Failures
Data is one of the most valuable assets to an organization and must be protected in accordance with applicable laws, regulations, and security standards. In this course, learn about cryptographic failure attacks that compromise sensitive data and how to classify sensitive data. Next, examine how to hash files in Windows and Linux and encrypt files for Windows devices. Then, explore the public key infrastructure (PKI) hierarchy and learn how to use a certificate to secure a web application with HTTPS. Finally, learn how to configure IPsec, encrypt cloud storage, and mitigate sensitive data attacks. Upon completion, you'll be able to protect sensitive data with security controls and classify and encrypt data at rest.
14 videos | 1h 26m has Assessment available Badge
OWASP Top 10: A03:2021-Injection
Many web applications accept input from either external data sources or app users. In this course, learn about the types of injection attacks and how malicious users submit malicious code or commands to a web app for execution by the web server stack. Next, practice testing a web app for injection vulnerabilities using the OWASP ZAP tool, setting low security for a vulnerable web app tool, and executing injection attacks against a web app. Finally, discover how to mitigate injection attacks using input validation and input sanitization. Upon completion, you'll be able to identify and mitigate web app injection attacks.
11 videos | 1h has Assessment available Badge
OWASP Top 10: A04:2021-Insecure Design
Today's web applications combine software code and resultant data, with the trustworthiness of both resulting in a secure trusted application. There are many planning strategies and tools that can ensure software and data integrity. In this course, explore IT supply chain security, how to deploy Linux updates, and how to configure a Windows Server Update Services (WSUS) host. Next, examine object-oriented programming (OOP) and how it is related to insecure deserialization attacks. Finally, learn how to use the OWASP Dependency-Check tool to verify that publicly disclosed vulnerabilities are not present in a project's dependencies. Upon completion, you'll be able to ensure that the design of a web application includes business requirements and related security controls.
8 videos | 38m has Assessment available Badge
OWASP Top 10: A05:2021-Security Misconfiguration
Modern on-premises and cloud networks consist of many types of network devices, hosts, and services. Each of these must be configured and monitored to ensure continued compliance with organizational security policies. In this course, learn about security misconfiguration attack criteria, including using default credentials, leaving unnecessary services running, and exposing services unnecessarily to the Internet. Next, explore application container management, including how to pull containers from Docker Hub and start them. Finally, examine how containers relate to security, how to harden security settings through Group Policy, and how to manage software updates on-premises and in the cloud. Upon completion, you'll be able to detect security misconfigurations and deploy solutions to rectify weaknesses.
9 videos | 49m has Assessment available Badge
OWASP Top 10: A06:2021-Vulnerable & Outdated Components
Software developers often use existing third-party APIs and software components. This reduces development time and the time to market for software products. In this course, learn about trusted APIs and components, including when they are used, how developers must truly understand how these items work, and how they must be kept up to date. Next, examine the Heartbleed Bug and how to view components in Microsoft Visual Studio. Finally, discover how security must apply to all aspects of continuous integration and continuous delivery (CI/CD) and learn how to search the Shodan website for vulnerable devices and apps. Upon completion, you'll be able to recognize the importance of using only trusted third-party APIs and software components during application development.
8 videos | 40m has Assessment available Badge
OWASP Top 10: A07:2021-Identification & Authentication Failures
Hardening user and device authentication can go a long way in securing web applications. In this course, learn the difference between authentication and authorization and how they relate to web application security. Next, explore how to hash and encrypt user credentials and harden user accounts through Microsoft Group Policy and practice using freely available tools to crack user credentials in various ways, including the Hydra tool, Burp Suite, and John the Ripper. Finally, learn how to enable user multi-factor authentication and conditional access policies, as well as how to mitigate weak authentication. Upon completion, you'll be able to recognize how to discover and mitigate authentication vulnerabilities using various tools.
14 videos | 1h 18m has Assessment available Badge
OWASP Top 10: A08:2021-Software & Data Integrity Failures
Today's web applications combine software code and resultant data, with the trustworthiness of both resulting in a secure and trusted application. There are many planning strategies and tools that can ensure software and data integrity. In this course, learn about IT supply chain security, deploying Linux updates, and configuring a Windows Server Update Services (WSUS) host. Next, explore object-oriented programming (OOP) and how it is related to insecure deserialization attacks. Finally, practice ensuring file integrity using file hashing in Windows and Linux and using the OWASP Dependency-Check tool to verify that publicly disclosed vulnerabilities are not present in a project's dependencies. Upon completion, you'll be able to ensure the integrity of software code, dependencies, and resultant data.
12 videos | 1h 6m has Assessment available Badge
OWASP Top 10: A09:2021-Security Logging & Monitoring Failures
Modern web applications can consist of many components which are often running within application containers. Each component must be monitored to detect intrusions. In this course, learn how monitoring can be enabled in Linux on individual hosts, Windows, and cloud computing environments. Next, explore how to forward log entries to a central logging host in Linux and Windows, monitor cloud-based web application performance, and download and configure the Snort IDS by creating IDS rules. Finally, practice analyzing packet captures for suspicious activity and mitigating monitoring deficiencies. Upon completion, you'll be able to ensure that monitoring is deployed correctly and the timely detection of past security breaches and security incidents in the midst of occurring.
10 videos | 57m has Assessment available Badge
OWASP Top 10: A10:2021-Server-Side Request Forgery (SSRF)
URLs are endpoints for web services that can be accessed remotely. Server-Side Request Forgery (SSRF) attacks target servers and result from attackers leveraging URLs and vulnerable web applications to access sensitive data. Cross-Site Request Forgery (CSRF) attacks target client devices and perform unauthorized actions using authenticated user sessions with web services. In this course, learn about SSRFs. Next, discover how to scan a network for HTTP hosts using Nmap, execute a Cross-Site Request Forgery (CSRF) attack, and run a Denial of Service (DoS) attack against a web server. Finally, practice mitigating controls for SSRFs. Upon completion, you'll be able to mitigate Cross-Site Request Forgery and Server-Side Request Forgery attacks.
7 videos | 37m has Assessment available Badge
SHOW MORE
FREE ACCESS

COURSES INCLUDED

OWASP Overview
Discover who OWASP is, what they do, and what the OWASP Top 10 list represents.
15 videos | 53m has Assessment available Badge
A8 and A3: Cross-Site Attacks
OWASP Top 10 list items 8 and 3 include cross-site attacks, which are very common exploits in modern web applications
12 videos | 46m has Assessment available Badge
A7 and A6: Leaky and Unprepared Applications
OWASP Top 10 list items 7 and 6 involve applications that expose sensitive data and are not protected from modern attacks.
18 videos | 1h 1m has Assessment available Badge
A4 and A2: Broken Applications
OWASP Top 10 list items 4 and 2 involve applications with broken access controls and broken authentication and session management.
13 videos | 1h 6m has Assessment available Badge
A5 and A1: Security and Injection
OWASP Top 10 list items 5 and 1 cover security misconfigurations and injection, two highly common attacks in modern web applications
13 videos | 1h 8m has Assessment available Badge
A10 and A9: API and Component Attacks
OWASP Top 10 list items 10 and 9 are exploits of APIs and components of web applications.
12 videos | 49m has Assessment available Badge
SHOW MORE
FREE ACCESS

COURSES INCLUDED

OWASP: Top 10 & Web Applications
Web applications rely on numerous underlying infrastructure components, including public key infrastructure (PKI). Discover the overall web application ecosystem with a focus on the OWASP Top 10 2017. Key concepts covered in this 13-video course include how to identify common web application security issues and their impacts; how tools such as Nmap, Metasploit, and Nessus can be used for benign and malicious purposes; and how the OWASP Top 10 helps to secure web applications. Next, you will learn the OWASP security tools; how to identify common web application architecture and development techniques and the role that clients and servers play; and how TLS supersedes SSL and tools such as SSL Labs can test PKI implementations. Learners then observe how PKI certificates can enhance web application security; how to configure HTTPS bindings for Microsoft IIS websites; and how to configure Microsoft IIS websites to require client certificates. Finally, learn how to configure HTTPS bindings for Linux Apache websites, and how to scan a public Internet site's PKI configuration to determine the site's security posture.
13 videos | 1h has Assessment available Badge
OWASP: Web Application Security
A number of high-level security controls such as web application firewalls and secure coding practices go a long way toward securing web applications. In this 10-video course, learners can explore vulnerability scanning and penetration testing tools and procedures. Key concepts covered in this course include learning to adhere to secure coding guidelines at all phases of the SDLC; how a web application firewall is much more of an in-depth solution for web application security than a traditional firewall; and how to configure a web application firewall for a Microsoft Azure web application. Next, learn why malicious users and ethical hackers perform network and vulnerability scans; learn the importance of conducting periodic penetration tests with the goal to exploit vulnerabilities to determine risk; how to perform a network scan by using Nmap, which identifies devices on the network. Conclude by observing how to perform a vulnerability scan using Nessus; and how to test the security of a web application with OWASP ZAP.
10 videos | 43m has Assessment available Badge
OWASP: Top 10 Item A10
A lack of log analysis and security event monitoring results in security breaches going undetected for long periods of time. Learners can explore aspects and recommendations focusing on OWASP Top 10 2017 item A10: Insufficient Logging and Monitoring, in this 10-video course. Key concepts covered here include the details of OWASP Top 10 Item A10, which deals with common logging security flaws and insufficient logging and monitoring; learning how to mitigate insufficient logging and monitoring with an incident response plan; and learning how to configure Windows Event Viewer log forwarding. Next, you will observe how to configure a Linux environment for centralized logging using rsyslog forwarding; how to build a custom Windows Event Viewer log view; and how to attach a PowerShell script to a specific logged event. Finally, learn how to use a Windows Data Collector Set to establish a performance baseline; and how to use the Windows Performance Monitor tool to create a performance baseline and identify performance anomalies which could indicate security compromises.
10 videos | 44m has Assessment available Badge
OWASP: Top 10 Items A9, A8, & A7
In this 11-video course, learners will discover security aspects focusing on OWASP Top 10 2017 Item A9: Using Components with Known Vulnerabilities; Item A8: Insecure Deserialization; and Item A7: Cross-Site Scripting (XSS). Key concepts covered in this course include details about OWASP Top 10 2017 Item A9, dealing with known vulnerabilities, and examining different types of common vulnerabilities; and details about OWASP Top 10 2017 Item A8, which involves insecure deserialization and transmission of objects between network hosts programmatically, or storage of an object in a file, such as storing something in a web browser cookie. Next, learn how insecure deserialization can be mitigated by treating it as user input; learn how to secure traffic by encrypting it with IPSec to protect serialized data; and learn details about OWASP Top 10 2017 Item A7 relating to XSS and how XSS can be mitigated. Finally, you will learn to perform a fuzz test by using OWASP ZAP; and how to identify insecure components, serialization, and XSS.
11 videos | 37m has Assessment available Badge
OWASP: Top 10 Items A6, A5, & A4
Explore security aspects focusing on OWASP Top 10 2017 Item A6: Security Misconfiguration, Item A5: Broken Access Control, and Item A4: XML External Entities in this 11-video course. Key concepts covered in this course include details about OWASP Top 10 2017 Item A6, and how security misconfigurations can come in many different forms and on different levels of a web application ecosystem; and learning how security misconfigurations can be mitigated. Next, learn how to lock down anonymous cloud storage access; observe how to disable SSLv3 on web browsers and web servers; and learn details about OWASP Top 10 2017 Item A5 broken access control, and how broken access control can be mitigated. Learners will then observe how to use the Microsoft Azure Cloud computing environment to create a shared access signature to limit access to sensitive files. Finally, learn the details about OWASP Top 10 2017 Item A4 covering XML external entities and how XML external entity vulnerabilities can be mitigated.
11 videos | 46m has Assessment available Badge
OWASP: Top 10 Items A3, A2, & A1
In this 12-video course, learners will discover security aspects focusing on OWASP Top 10 2017 Item A3: Sensitive Data Exposure, Item A2: Broken Authentication and Item A1: Injection. Key concepts covered in this course include details about OWASP Top 10 2017 Item A3, sensitive data exposure, and how data are transmitted over networks; how to prevent sensitive data disclosure through mitigating and protecting; and how to enable BitLocker encryption for a web server disk volume. Next, learn details about OWASP Top 10 2017 Item A2, broken authentication, and learn how to secure authentication; observe how to enable multifactor authentication (MFA) for an Amazon Web Services user account; and learn how to retrieve sensitive data through password reset pages. Finally, learn details about OWASP Top 10 2017 Item A1, injection - how attackers feed malicious input to a web application; and how to validate user input before allowing submission for execution. The concluding exercise deals with how authentication can be hardened, how to list mitigations against SQL injection attacks, and how MFA enhances security.
12 videos | 42m has Assessment available Badge
SHOW MORE
FREE ACCESS

EARN A DIGITAL BADGE WHEN YOU COMPLETE THESE COURSES

Skillsoft is providing you the opportunity to earn a digital badge upon successful completion on some of our courses, which can be shared on any social network or business platform.

Digital badges are yours to keep, forever.

SKILL BENCHMARKS INCLUDED

Web App Security Literacy (Beginner Level)
The Web App Security Literacy benchmark will measure your ability to recognize the OWASP Top 10 concepts. You will be evaluated on secure coding concepts, injection attacks, broken authentication attacks, data exposure attacks, XXE attacks, broken access control attacks, security misconfiguration, cross-site scripting attacks, deserialization attacks, and buffer overflows. A learner who scores high on this benchmark demonstrates that they have the skills to define key OWASP Top 10 vulnerability concepts.
36m    |   24 questions
OWASP Top 10 Awareness (Entry Level)
The OWASP Top 10 Awareness benchmark will measure your ability to recognize key terms and concepts related to OWASP Top 10 concepts. You will be evaluated on securing web applications and each of the OWASP Top 10 web vulnerabilities. A learner who scores high on this benchmark demonstrates that they have the skills related to OWASP Top 10 terminology and concepts.
21m    |   21 questions

SKILL BENCHMARKS INCLUDED

OWASP Top 10 Competency (Intermediate Level)
The OWASP Top 10 Competency benchmark will measure your ability to recognize key terms and concepts related to OWASP Top 10 concepts. You will be evaluated on securing web applications and each of the OWASP Top 10 web vulnerabilities. A learner who scores high on this benchmark demonstrates that they have the skills related to OWASP Top 10 terminology and concepts.
20m    |   20 questions
OWASP Top 10 Awareness (Entry Level)
The OWASP Top 10 Awareness benchmark will measure your ability to recognize key terms and concepts related to OWASP Top 10 concepts. You will be evaluated on securing web applications and each of the OWASP Top 10 web vulnerabilities. A learner who scores high on this benchmark demonstrates that they have the skills related to OWASP Top 10 terminology and concepts.
21m    |   21 questions
Web App Vulnerability Analyst 2022 Awareness (Entry Level)
The Web App Vulnerability Analyst 2022 Awareness (Entry Level) benchmark measures your exposure to basic web application vulnerabilities. Learners who score high on this benchmark demonstrate that they have a basic awareness of the web application vulnerability discipline and know where to find additional information on its topics. They can participate in discussions and comprehend basic terminology.
11m    |   11 questions
Web App Vulnerability Analyst 2022 Literacy (Beginner Level)
The Web App Vulnerability Analyst 2022 Literacy (Beginner Level) benchmark measures your working exposure to basic web application vulnerabilities. Learners who score high on this benchmark demonstrate that they have a confident understanding of the web application vulnerability discipline and know where to find additional information on its topics. They can participate in discussions and comprehend basic terminology.
16m    |   16 questions
Web App Vulnerability Analyst 2022 Competency (Intermediate Level)
The Web App Vulnerability Analyst 2022 Competency (Intermediate Level) benchmark measures your basic exposure to basic web application vulnerabilities. Learners who score high on this benchmark demonstrate that they are competent in the web application vulnerability discipline and can quickly adapt to new tools and processes. They can work mostly independently after receiving direction from superiors.
21m    |   21 questions
Web App Vulnerability Analyst 2022 Proficiency (Advanced Level)
The Web App Vulnerability Analyst 2022 Proficiency (Advanced Level) benchmark measures your ability to design and implement vulnerability processes and programs. Learners who score high on this benchmark demonstrate that they have advanced proficiency in the web application vulnerability discipline and are considered leaders in the domain. They can work independently without supervision.
29m    |   29 questions
Web App Vulnerability Analyst 2022 Mastery (Expert Level)
The Web App Vulnerability Analyst 2022 Mastery (Expert Level) benchmark measures your comprehension of the web application vulnerability practice and the scope of most, if not all, application vulnerabilities. Learners who score high on this benchmark demonstrate that they have a mastery of the web application vulnerability discipline and are considered thought leaders in this domain. They can lead discussions and communicate complex jargon and terminology to less accomplished analysts.
31m    |   31 questions
SHOW MORE
FREE ACCESS

YOU MIGHT ALSO LIKE

Rating 5.0 of 1 users Rating 5.0 of 1 users (1)
Rating 4.6 of 96 users Rating 4.6 of 96 users (96)
Rating 4.5 of 19 users Rating 4.5 of 19 users (19)