OWASP Top 10: A1 - Injection
OWASP 2021
| Intermediate
- 7 videos | 40m 1s
- Includes Assessment
- Earns a Badge
Many web applications accept input from either external data sources or app users. In this course, you'll learn about various types of injection attacks such as SQL and command injections. You will learn how malicious users submit malicious code or commands to a web app for execution by the web server stack. Next, you'll learn how to test a web app for injection vulnerabilities using the OWASP ZAP tool. Next, you'll set low security for a vulnerable web application tool in order to allow the execution of injection attacks. Next, you'll execute various types of injection attacks against a web application. Lastly, you will learn how to mitigate injection attacks using techniques such as input validation and input sanitization.
WHAT YOU WILL LEARN
-
discover the key concepts covered in this course
recognize types of injection attacks
test a web app for injection vulnerabilities using the OWASP Zed Attack Proxy (ZAP) tool
use freely available tools to run a SQL injection attack against a web application -
use freely available tools to run a command injection attack against a web application
mitigate injection attacks using techniques such as fuzzing and input validation and sanitization
summarize the key concepts covered in this course
IN THIS COURSE
-
1m 37s
-
9m 27s
-
3. Testing for Injection Attack Vulnerabilities6m 6s
-
4. Executing a SQL Injection Attack7m 19s
-
5. Executing a Command Injection Attack8m 13s
-
6. Mitigating Injection Attacks6m 33s
-
7. Course Summary47s
EARN A DIGITAL BADGE WHEN YOU COMPLETE THIS COURSE
Skillsoft is providing you the opportunity to earn a digital badge upon successful completion on some of our courses, which can be shared on any social network or business platform.
Digital badges are yours to keep, forever.
