OWASP Top 10: A03:2021-Injection

OWASP 2022 | Intermediate

11 Videos | 1h 6m
Includes Assessment
Earns a Badge

Many web applications accept input from either external data sources or app users. In this course, learn about the types of injection attacks and how malicious users submit malicious code or commands to a web app for execution by the web server stack. Next, practice testing a web app for injection vulnerabilities using the OWASP ZAP tool, setting low security for a vulnerable web app tool, and executing injection attacks against a web app. Finally, discover how to mitigate injection attacks using input validation and input sanitization. Upon completion, you'll be able to identify and mitigate web app injection attacks.

WHAT YOU WILL LEARN

discover the key concepts covered in this course

recognize types of injection attacks

outline how to mitigate injection attacks using fuzzing, input validation, and sanitization

test a web app for injection vulnerabilities using the OWASP Zed Attack Proxy (ZAP) tool

execute a SQL injection attack against a web application using freely available tools

execute a command injection attack against a web application using freely available tools
identify how Java and JavaScript are used in web applications

recognize how Cross-Site Scripting (XSS) attacks occur

run a Cross-Site Scripting (XSS) attack through web page forms

run a Cross-Site Scripting (XSS) attack to hijack a client web browser

summarize the key concepts covered in this course

IN THIS COURSE

1.

Course Overview

1m 4s

UP NEXT
2.

Injection Attack Types

6m 54s
3.

Fuzzing, Input Validation, and Sanitization

6m 56s

FREE ACCESS
4.

Testing for Injection Attack Vulnerabilities

7m 1s

FREE ACCESS
5.

Executing a SQL Injection Attack

6m 29s

FREE ACCESS
6.

Executing a Command Injection Attack

6m 59s

FREE ACCESS
7.

Java and JavaScript in Web Applications

6m 24s

FREE ACCESS
8.

Cross-site Scripting (XSS) Attacks

6m 24s

FREE ACCESS
9.

Running XSS through Web Page Forms

7m 51s

FREE ACCESS
10.

Compromising a Web Browser through XSS

8m 58s

FREE ACCESS
11.

Course Summary

1m 1s

FREE ACCESS

EARN A DIGITAL BADGE WHEN YOU COMPLETE THIS COURSE

Skillsoft is providing you the opportunity to earn a digital badge upon successful completion of this course, which can be shared on any social network or business platform

Digital badges are yours to keep, forever.

COURSE OWASP Top 10: A3 - Sensitive Data Exposure

COURSE OWASP Top 10: A04:2021-Insecure Design

COURSE OWASP Top 10: A05:2021-Security Misconfiguration

Get Started

Sharpen your skills. Upgrade your career. Find the right learning path for you, based on your role and skills. Take part in hands-on practice, study for a certification, and much more - all personalized for you.

*Content items for Compliance and Leadership are not included in this subscription.

Your content + our content + our platform = a path to learning success

Using our learning experience platform, Percipio, your learners can engage in custom learning paths that can feature curated content from all sources.

Learn More

Aspire to something bigger

Aspire Journeys are guided learning paths that set you in motion for career success.

Browse Aspire Journeys

Explore a world of live learning with Global Knowledge

Choose from convenient delivery formats to get the training you and your team need - where, when and how you want it.

Browse Live Learning

OWASP Top 10: A03:2021-Injection

WHAT YOU WILL LEARN

IN THIS COURSE

EARN A DIGITAL BADGE WHEN YOU COMPLETE THIS COURSE

YOU MIGHT ALSO LIKE