Final Exam: OWASP Top 10 Mitigations - 2021

OWASP 2021    |    Intermediate
  • 1 Video | 32s
  • Includes Assessment
  • Earns a Badge
Final Exam: OWASP Top 10 Mitigations - 2021 will test your knowledge and application of the topics presented throughout the Skillsoft Aspire Web App Vulnerability Analyst - 2022 Update Journey.

WHAT YOU WILL LEARN

  • identify components related to developing and running a web application
    recognize how to write code securely
    distinguish web application firewalls (WAFs) from other types of firewalls
    differentiate web application firewalls (WAFs) from other types of firewalls
    outline a plan for various types of security testing
    recall the purpose of the Open Web Application Security Project (OWASP)
    differentiate between mandatory, discretionary, role-based, and attribute-based access control
    identify how broken access control attacks occur
    identify how HTTP requests and responses interact with web applications
    manage Windows file system permissions
    understand Linux file system permissions
    manage Linux file system permissions
    list methods by which malicious actors can gain access to sensitive data
    outline the PKI hierarchy
    identify what personally identifiable information (PII) is and how it relates to data classification and security
    name common data privacy standards
    encrypt files in Windows using Encrypting File System (EFS)
    encrypt files using BitLocker
    encrypt files in Windows using BitLocker
    capture clear-text HTTP credentials using Wireshark
    recognize types of injection attacks
    describe how to mitigate injection attacks using fuzzing, input validation, and sanitization
    outline how to mitigate injection attacks using fuzzing, input validation, and sanitization
    execute a command injection attack against a web application using freely available tools
    identify how Java and JavaScript are used in web applications
    recognize how Cross-Site Scripting (XSS) attacks occur
    outline how confidentiality, integrity, and availability (CIA) apply to web app development
    name various types of software testing
    list the benefits of using a secure API when writing web app code
    state how security applies to each phase of the software development life cycle (SDLC)
  • recall examples of security misconfigurations
    outline how application containers work
    manage Docker containers on a Linux computer
    configure Azure Policy to check for the security compliance of Azure resources
    search and understand the Common Vulnerabilities and Exposures (CVE) database
    recall how the Heartbleed Bug compromises older versions of OpenSSL
    recognize how security must be integrated into all aspects of continuous integration and continuous delivery (CI/CD)
    browse vulnerable devices using the Shodan website
    distinguish between authentication and authorization
    differentiate between authentication and authorization
    recognize how weak authentication configurations can lead to system compromise
    hash user credentials
    analyze plain text credential transmissions using Wireshark
    crack web form passwords using the Hydra tool
    crack RDP passwords using Hydra
    crack Linux passwords using John the Ripper
    configure a Windows Server Update Services (WSUS) server
    configure and deploy a Windows Server Update Services (WSUS) server
    digitally sign a Microsoft PowerShell script
    recognize how to deploy security controls to mitigate deserialization attacks
    identify how deserialization attacks occur
    hash files using Windows commands
    differentiate between SIEM and SOAR monitoring and incident response solutions
    distinguish between SIEM and SOAR monitoring and incident response solutions
    identify how intrusion detection and prevention can be deployed and used
    install the Snort IDS
    configure and test Snort IDS rules
    identify active network hosts and services using Nmap
    run a Denial of Service (DoS) attack against a vulnerable web application
    implement controls to reduce the potential for Server-Side Request Forgery (SSRF) attacks

IN THIS COURSE

  • Playable
    1. 
    OWASP Top 10 Mitigations - 2021
    33s
    UP NEXT

EARN A DIGITAL BADGE WHEN YOU COMPLETE THIS COURSE

Skillsoft is providing you the opportunity to earn a digital badge upon successful completion of this course, which can be shared on any social network or business platform

Digital badges are yours to keep, forever.

YOU MIGHT ALSO LIKE

Likes 5 Likes 5  
Likes 7 Likes 7  
Likes 12 Likes 12