OWASP Top 10: Discovering & Exploiting Web App Vulnerabilities

OWASP 2021    |    Intermediate
  • 14 Videos | 1h 27m 7s
  • Includes Assessment
  • Earns a Badge
There are almost two billion web sites in the world today. Many of these sites are not sufficiently protected against attacks. In this course, you'll begin by learning how to install a sample vulnerable web application. Next, you'll explore how to use reconnaissance methods, such as nmap scanning and web app scanning using OWASP ZAP, to discover HTTP hosts and vulnerable applications. You'll learn how to execute attacks including XSS, CSRF, file injection, and denial of service. You'll move on to examine how to capture user keystrokes using a hardware keylogger and capture cleartext HTTP transmissions. Lastly, you'll learn how to forge fake TCP/IP packets and then deploy and secure a cloud-hosted web application.

WHAT YOU WILL LEARN

  • discover the key concepts covered in this course
    download and enable the free Metasploitable virtual machine for testing web application vulnerabilities
    discover network hosts running a web application
    download, install, and use the free OWASP ZAP tool to identify web application vulnerabilities
    execute a denial of service (DoS) attack against a web application
    execute a cross-site scripting (XSS) attack against a vulnerable web application
    execute a cross-site request forgery (CSRF) attack against a vulnerable web application
  • execute a SQL injection attack against a vulnerable web application
    execute a file inclusion attack against a vulnerable web application
    capture user keystrokes using a hardware keylogger
    capture cleartext HTTP credentials using Wireshark
    assemble fake TCP/IP packets using hping3
    deploy a web app in the Microsoft Azure cloud
    summarize the key concepts covered in this course

IN THIS COURSE

  • Playable
    1. 
    Course Overview
    1m 40s
    UP NEXT
  • Playable
    2. 
    Configuring the Metasploitable2 Web App Virtual Machine
    5m 51s
  • Locked
    3. 
    Using nmap to Discover HTTP Hosts
    5m 39s
  • Locked
    4. 
    Scanning a Web Application for Vulnerabilities
    8m 18s
  • Locked
    5. 
    Executing a Denial of Service Attack against a Web App
    4m 39s
  • Locked
    6. 
    Executing a Cross-site Scripting Attack against a Web App
    7m 57s
  • Locked
    7. 
    Executing a Cross-site Request Forgery Attack against a Web App
    7m 54s
  • Locked
    8. 
    Executing a SQL Injection Attack against a Web App
    7m 54s
  • Locked
    9. 
    Executing a File Inclusion Attack against a Web App
    4m 51s
  • Locked
    10. 
    Capturing Web App Keystrokes Using a Hardware Key Logger
    5m 27s
  • Locked
    11. 
    Capturing HTTP Cleartext Credentials
    4m 35s
  • Locked
    12. 
    Spoofing HTTP Traffic Using hping3
    6m 4s
  • Locked
    13. 
    Deploying a Cloud-based Web Application
    8m 52s
  • Locked
    14. 
    Course Summary
    1m 25s

EARN A DIGITAL BADGE WHEN YOU COMPLETE THIS COURSE

Skillsoft is providing you the opportunity to earn a digital badge upon successful completion of this course, which can be shared on any social network or business platform

Digital badges are yours to keep, forever.

YOU MIGHT ALSO LIKE

Likes 3 Likes 3  
Likes 0 Likes 0  
</