Web App Vulnerability Analyst 2022 Proficiency (Advanced Level)

Topics covered

• configure a conditional access policy in Microsoft Azure
• configure and test Snort IDS rules
• crack RDP passwords using Hydra
• describe how intrusion detection and prevention can be deployed and used
• describe how the concept of objects, methods, and properties applies to scripting and software development
• describe how the Heartbleed Bug compromises older versions of OpenSSL
• differentiate between static and dynamic software testing
• download and run the Metasploitable intentionally vulnerable web app VM
• enable multi-factor authentication for a Microsoft Azure cloud user account
• harden user authentication settings using Microsoft Group Policy
• identify active network hosts and services using nmap
• identify host vulnerabilities using OpenVAS
• identify how deserialization attacks occur
• identify how software developers commonly use third-party APIs and components
• list the benefits of using a secure API when writing web app code
• mitigate injection attacks using techniques such as fuzzing and input validation and sanitization
• plan for various types of security testing
• recognize how security must be integrated into all aspects of Continuous Integration and Continuous Delivery (CI/CD)
• recognize how to deploy security controls to mitigate deserialization attacks
• recognize how to mitigate broken authentication attacks
• recognize the relevance of web application security testing
• use an online service to analyze a Wireshark packet capture
• use Burp Suite to crack web form user password
• use freely available tools to run a command injection attack against a web application
• use freely available tools to run a SQL injection attack against a web application
• use John the Ripper to crack Linux passwords
• use the Hydra tool to crack web form user passwords
• use the Social Engineering Toolkit (SET) to steal user credentials
• use Wireshark to view plain text credential transmissions