OWASP Top 10: A03:2021-Injection

OWASP 2022    |    Intermediate
  • 11 Videos | 1h 6m
  • Includes Assessment
  • Earns a Badge
Many web applications accept input from either external data sources or app users. In this course, learn about the types of injection attacks and how malicious users submit malicious code or commands to a web app for execution by the web server stack. Next, practice testing a web app for injection vulnerabilities using the OWASP ZAP tool, setting low security for a vulnerable web app tool, and executing injection attacks against a web app. Finally, discover how to mitigate injection attacks using input validation and input sanitization. Upon completion, you'll be able to identify and mitigate web app injection attacks.

WHAT YOU WILL LEARN

  • discover the key concepts covered in this course
    recognize types of injection attacks
    outline how to mitigate injection attacks using fuzzing, input validation, and sanitization
    test a web app for injection vulnerabilities using the OWASP Zed Attack Proxy (ZAP) tool
    execute a SQL injection attack against a web application using freely available tools
    execute a command injection attack against a web application using freely available tools
  • identify how Java and JavaScript are used in web applications
    recognize how Cross-Site Scripting (XSS) attacks occur
    run a Cross-Site Scripting (XSS) attack through web page forms
    run a Cross-Site Scripting (XSS) attack to hijack a client web browser
    summarize the key concepts covered in this course

IN THIS COURSE

  • Playable
    1. 
    Course Overview
    1m 4s
    UP NEXT
  • Playable
    2. 
    Injection Attack Types
    6m 54s
  • Locked
    3. 
    Fuzzing, Input Validation, and Sanitization
    6m 56s
  • Locked
    4. 
    Testing for Injection Attack Vulnerabilities
    7m 1s
  • Locked
    5. 
    Executing a SQL Injection Attack
    6m 29s
  • Locked
    6. 
    Executing a Command Injection Attack
    6m 59s
  • Locked
    7. 
    Java and JavaScript in Web Applications
    6m 24s
  • Locked
    8. 
    Cross-site Scripting (XSS) Attacks
    6m 24s
  • Locked
    9. 
    Running XSS through Web Page Forms
    7m 51s
  • Locked
    10. 
    Compromising a Web Browser through XSS
    8m 58s
  • Locked
    11. 
    Course Summary
    1m 1s

EARN A DIGITAL BADGE WHEN YOU COMPLETE THIS COURSE

Skillsoft is providing you the opportunity to earn a digital badge upon successful completion of this course, which can be shared on any social network or business platform

Digital badges are yours to keep, forever.