CompTIA PenTest+: Application-based Attacks

CompTIA PenTest+
  • 15 Videos | 1h 24m 53s
  • Earns a Badge
Application-based attacks are designed to deliberately cause a fault in a computer's operating system or applications. In this course, you'll learn how to research attack vectors and perform application-based attacks. You'll explore the benefits of the OWASP Top 10 standard awareness document, which is used to present the most critical security risks to web applications. You'll examine application-based attacks such as server-side request forgery, business logic flaws, and injection attacks. You'll move on to learn about application vulnerabilities such as race conditions, lack of code signing, and session attacks, as well as the characteristics of API attacks such as Restful, Soap, and Extensible Markup Language-Remote Procedure Call. Lastly, you'll learn about application-based attack tools and resources. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.

WHAT YOU WILL LEARN

  • discover the key concepts covered in this course
    provide an overview of the OWASP Top 10 standard awareness document
    provide an overview of server-side request forgery (SSRF) attacks
    describe how business logic vulnerabilities can be exploited
    recognize characteristics of a Structured Query Language (SQL) injection attack
    provide an overview of command injection attacks
    describe how to perform cross-site scripting (XSS) attacks
    list characteristics of a Lightweight Directory Access Protocol (LDAP) injection attack
  • differentiate between race conditions, lack of error handling, lack of code signing, and insecure data transmission application vulnerabilities
    differentiate between session attacks including session hijacking, cross-site request forgery (CSRF), privilege escalation, session replay, and session fixation
    provide an overview of application programming interface (API) attacks
    recognize how directory traversal attacks work
    differentiate between application-based attack tools such as SQLmap and DirBuster
    provide an overview of the benefits offered by resources such as wordlists
    summarize the key concepts covered in this course

IN THIS COURSE

  • Playable
    1. 
    Course Overview
    1m 38s
    UP NEXT
  • Playable
    2. 
    OWASP Security Risks
    10m 20s
  • Locked
    3. 
    Server-side Request Forgery
    6m 34s
  • Locked
    4. 
    Business Logic Vulnerabilities
    5m 59s
  • Locked
    5. 
    Structured Query Language Injection Attacks
    8m 3s
  • Locked
    6. 
    Command Injection Attacks
    5m 41s
  • Locked
    7. 
    Cross-site Scripting Attacks
    4m 30s
  • Locked
    8. 
    Lightweight Directory Access Protocol Injection
    4m 47s
  • Locked
    9. 
    Common Application Vulnerabilities
    6m 56s
  • Locked
    10. 
    Application-based Session Attacks
    9m 52s
  • Locked
    11. 
    Application Programming Interface Attacks
    8m 26s
  • Locked
    12. 
    Directory Traversal Attacks
    3m 56s
  • Locked
    13. 
    Application-based Attack Tools
    3m 24s
  • Locked
    14. 
    Application-based Attack Resources
    3m 48s
  • Locked
    15. 
    Course Summary
    1m 1s

EARN A DIGITAL BADGE WHEN YOU COMPLETE THIS COURSE

Skillsoft is providing you the opportunity to earn a digital badge upon successful completion of this course, which can be shared on any social network or business platform

Digital badges are yours to keep, forever.