OWASP: Top 10 Items A6, A5, & A4


Overview/Description
Expected Duration
Lesson Objectives
Course Number
Expertise Level



Overview/Description

Explore security aspects focusing on OWASP Top 10 2017 Item A6: Security Misconfiguration, Item A5: Broken Access Control, and Item A4: XML External Entities in this 11-video course. Key concepts covered in this course include details about OWASP Top 10 2017 Item A6, and how security misconfigurations can come in many different forms and on different levels of a web application ecosystem; and learning how security misconfigurations can be mitigated. Next, learn how to lock down anonymous cloud storage access; observe how to disable SSLv3 on web browsers and web servers; and learn details about OWASP Top 10 2017 Item A5 broken access control, and how broken access control can be mitigated. Learners will then observe how to use the Microsoft Azure Cloud computing environment to create a shared access signature to limit access to sensitive files. Finally, learn the details about OWASP Top 10 2017 Item A4 covering XML external entities and how XML external entity vulnerabilities can be mitigated.



Expected Duration (hours)
0.8

Lesson Objectives

OWASP: Top 10 Items A6, A5, & A4

  • Course Overview
  • describe OWASP Top 10 2017 item A6 dealing with security misconfigurations
  • recognize how security misconfigurations can be mitigated
  • lock down anonymous cloud storage access
  • disable SSLv3 on web browsers and web servers
  • describe OWASP Top 10 2017 item A5 - Broken Access Control
  • recognize how broken access control can be mitigated
  • create a Microsoft Azure shared access signature
  • describe OWASP Top 10 2017 item A4 covering XML external entities
  • recognize how XML external entity vulnerabilities can be mitigated
  • describe security configurations, misconfigurations, and access control
  • Course Number:
    it_spowsp_10_enus

    Expertise Level
    Intermediate