OWASP Top 10 Awareness (Entry Level)

  • 21m
  • 21 questions
The OWASP Top 10 Awareness benchmark will measure your ability to recognize key terms and concepts related to OWASP Top 10 concepts. You will be evaluated on securing web applications and each of the OWASP Top 10 web vulnerabilities. A learner who scores high on this benchmark demonstrates that they have the skills related to OWASP Top 10 terminology and concepts.

Topics covered

  • deploy Linux updates
  • differentiate between SIEM and SOAR monitoring and incident response solutions
  • hash user credentials
  • identify active network hosts and services using Nmap
  • identify components related to developing and running a web application
  • identify how broken access control attacks occur
  • identify how HTTP requests and responses interact with web applications
  • identify what personally identifiable information (PII) is and how it relates to data classification and security
  • list methods by which malicious actors can gain access to sensitive data
  • outline how application containers work
  • outline how confidentiality, integrity, and availability (CIA) apply to web app development
  • outline how signed hardware firmware updates and software code pipelines play a role in web app security
  • outline how to mitigate injection attacks using fuzzing, input validation, and sanitization
  • recall examples of security misconfigurations
  • recall how the Heartbleed Bug compromises older versions of OpenSSL
  • recognize how Server-Side Request Forgery (SSRF) attacks occur and how to mitigate against them
  • recognize how weak authentication configurations can lead to system compromise
  • recognize the importance of logging at all levels, including application logging
  • recognize types of injection attacks
  • search and understand the Common Vulnerabilities and Exposures (CVE) database
  • state how security applies to each phase of the software development life cycle (SDLC)