Final Exam: OWASP Top 10 Mitigations

Intermediate
  • 1 Video | 32s
  • Includes Assessment
  • Earns a Badge
Final Exam: OWASP Top 10 Mitigations will test your knowledge and application of the topics presented throughout the Skillsoft Aspire Web App Vulnerability Analyst Journey.

WHAT YOU WILL LEARN

  • apply security controls to mitigate broken access control attacks
    apply security settings to users and computers using Microsoft Group Policy
    browse vulnerable devices on the Shodan.io website
    configure and test Snort IDS rules
    configure syslog-ng in Linux to forward log entries to a central logging host
    crack RDP passwords using Hydra
    deploy a web application firewall solution in the Microsoft Azure cloud
    deploy security controls to correct monitoring deficiencies
    deploy security controls to mitigate XSS attacks
    describe how application containers work
    describe how a web application firewall differs from other types of firewalls
    describe how intrusion detection and prevention can be deployed and used
    describe how Java and JavaScript are used in web applications
    describe how security misconfigurations can be mitigated
    describe how the concept of objects, methods, and properties applies to scripting and software development
    describe how to mitigate XXE attacks
    describe the PKI hierarchy
    describe the purpose of the Open Web Application Security Project (OWASP)
    describe what Personally Identifiable Information (PII) is and how it relates to data classification and security
    differentiate between authentication and authorization
    differentiate between mandatory, discretionary, role-based, and attribute-based access control
    differentiate between SIEM and SOAR monitoring and incident response solutions
    differentiate between static and dynamic software testing
    digitally sign a Microsoft PowerShell script
    enable IPsec to protect LAN traffic
    encrypt user credentials
    harden user authentication settings using Microsoft Group Policy
    hash files using Linux commands
    hash files using Windows commands
    hash user credentials
  • identify active network hosts and services using nmap
    identify components related to developing and running a web application
    identify how broken access control attacks occur
    identify how Extensible Markup Language (XML) is used to describe data
    identify how HTTP requests and responses interact with web applications
    identify methods by which sensitive data exposure attacks can be mitigated
    install and configure Windows Server Update Services (WSUS)
    install the Snort IDS
    list common data privacy standards
    list methods by which malicious actors can gain access to sensitive data
    list various ways that XML attacks can be executed
    manage Docker containers on a Linux computer
    manage Linux file system permissions
    manage Windows file system permissions
    mitigate injection attacks using techniques such as fuzzing and input validation, and sanitization
    navigate through web server subdirectories through a web application
    plan for various types of security testing
    provide examples of security misconfigurations
    recall methods by which sensitive data exposure attacks can be mitigated
    recognize how Cross-site Scripting (XSS) attacks occur
    recognize how security must be integrated into all aspects of Continuous Integration and Continuous Delivery (CI/CD)
    recognize how to deploy security controls to mitigate deserialization attacks
    recognize how to mitigate broken authentication attacks
    recognize how to securely write code
    recognize how weak authentication configurations can lead to system compromise
    recognize types of injection attacks
    search vulnerable devices on the Shodan.io website
    use freely available tools to run a SQL injection attack against a web application
    use the Hydra tool to crack web form user passwords
    use Wireshark to view plain text credential transmissions

IN THIS COURSE

  • Playable
    1. 
    OWASP Top 10 Mitigations
    33s
    UP NEXT

EARN A DIGITAL BADGE WHEN YOU COMPLETE THIS COURSE

Skillsoft is providing you the opportunity to earn a digital badge upon successful completion of this course, which can be shared on any social network or business platform

Digital badges are yours to keep, forever.

YOU MIGHT ALSO LIKE

Likes 1 Likes 1  
Likes 3 Likes 3