Web App Security Literacy (Beginner Level)

  • 36m
  • 24 questions
The Web App Security Literacy benchmark will measure your ability to recognize the OWASP Top 10 concepts. You will be evaluated on secure coding concepts, injection attacks, broken authentication attacks, data exposure attacks, XXE attacks, broken access control attacks, security misconfiguration, cross-site scripting attacks, deserialization attacks, and buffer overflows. A learner who scores high on this benchmark demonstrates that they have the skills to define key OWASP Top 10 vulnerability concepts.

Topics covered

  • apply security controls to mitigate broken access control attacks
  • deploy security controls to correct monitoring deficiencies
  • deploy security controls to mitigate XSS attacks
  • describe how security misconfigurations can be mitigated
  • describe how the Heartbleed Bug compromises older versions of OpenSSL
  • describe how to mitigate XXE attacks
  • describe the purpose of the Open Web Application Security Project (OWASP)
  • execute a denial of service (DoS) attack against a web application
  • identify how broken access control attacks occur
  • identify how deserialization attacks occur
  • identify methods by which sensitive data exposure attacks can be mitigated
  • list methods by which malicious actors can gain access to sensitive data
  • list various ways that XML attacks can be executed
  • mitigate injection attacks using techniques such as fuzzing and input validation and sanitization
  • provide examples of security misconfigurations
  • recognize how Cross-site Scripting (XSS) attacks occur
  • recognize how security must be integrated into all aspects of Continuous Integration and Continuous Delivery (CI/CD)
  • recognize how to deploy security controls to mitigate deserialization attacks
  • recognize how to mitigate broken authentication attacks
  • recognize how to securely write code
  • recognize how weak authentication configurations can lead to system compromise
  • recognize the importance of logging at all levels, including application logging
  • recognize the relevance of web application security testing
  • recognize types of injection attacks