Final Exam: OWASP Top 10 Mitigations

WHAT YOU WILL LEARN

• 

  apply security controls to mitigate broken access control attacks
  

  apply security settings to users and computers using Microsoft Group Policy
  

  browse vulnerable devices on the Shodan.io website
  

  configure and test Snort IDS rules
  

  configure syslog-ng in Linux to forward log entries to a central logging host
  

  crack RDP passwords using Hydra
  

  deploy a web application firewall solution in the Microsoft Azure cloud
  

  deploy security controls to correct monitoring deficiencies
  

  deploy security controls to mitigate XSS attacks
  

  describe how application containers work
  

  describe how a web application firewall differs from other types of firewalls
  

  describe how intrusion detection and prevention can be deployed and used
  

  describe how Java and JavaScript are used in web applications
  

  describe how security misconfigurations can be mitigated
  

  describe how the concept of objects, methods, and properties applies to scripting and software development
  

  describe how to mitigate XXE attacks
  

  describe the PKI hierarchy
  

  describe the purpose of the Open Web Application Security Project (OWASP)
  

  describe what Personally Identifiable Information (PII) is and how it relates to data classification and security
  

  differentiate between authentication and authorization
  

  differentiate between mandatory, discretionary, role-based, and attribute-based access control
  

  differentiate between SIEM and SOAR monitoring and incident response solutions
  

  differentiate between static and dynamic software testing
  

  digitally sign a Microsoft PowerShell script
  

  enable IPsec to protect LAN traffic
  

  encrypt user credentials
  

  harden user authentication settings using Microsoft Group Policy
  

  hash files using Linux commands
  

  hash files using Windows commands
  

  hash user credentials
• 

  identify active network hosts and services using nmap
  

  identify components related to developing and running a web application
  

  identify how broken access control attacks occur
  

  identify how Extensible Markup Language (XML) is used to describe data
  

  identify how HTTP requests and responses interact with web applications
  

  identify methods by which sensitive data exposure attacks can be mitigated
  

  install and configure Windows Server Update Services (WSUS)
  

  install the Snort IDS
  

  list common data privacy standards
  

  list methods by which malicious actors can gain access to sensitive data
  

  list various ways that XML attacks can be executed
  

  manage Docker containers on a Linux computer
  

  manage Linux file system permissions
  

  manage Windows file system permissions
  

  mitigate injection attacks using techniques such as fuzzing and input validation, and sanitization
  

  navigate through web server subdirectories through a web application
  

  plan for various types of security testing
  

  provide examples of security misconfigurations
  

  recall methods by which sensitive data exposure attacks can be mitigated
  

  recognize how Cross-site Scripting (XSS) attacks occur
  

  recognize how security must be integrated into all aspects of Continuous Integration and Continuous Delivery (CI/CD)
  

  recognize how to deploy security controls to mitigate deserialization attacks
  

  recognize how to mitigate broken authentication attacks
  

  recognize how to securely write code
  

  recognize how weak authentication configurations can lead to system compromise
  

  recognize types of injection attacks
  

  search vulnerable devices on the Shodan.io website
  

  use freely available tools to run a SQL injection attack against a web application
  

  use the Hydra tool to crack web form user passwords
  

  use Wireshark to view plain text credential transmissions