OWASP: Top 10 Items A3, A2, & A1


Overview/Description
Expected Duration
Lesson Objectives
Course Number
Expertise Level



Overview/Description

In this 12-video course, learners will discover security aspects focusing on OWASP Top 10 2017 Item A3: Sensitive Data Exposure, Item A2: Broken Authentication and Item A1: Injection. Key concepts covered in this course include details about OWASP Top 10 2017 Item A3, sensitive data exposure, and how data are transmitted over networks; how to prevent sensitive data disclosure through mitigating and protecting; and how to enable BitLocker encryption for a web server disk volume. Next, learn details about OWASP Top 10 2017 Item A2, broken authentication, and learn how to secure authentication; observe how to enable multifactor authentication (MFA) for an Amazon Web Services user account; and learn how to retrieve sensitive data through password reset pages. Finally, learn details about OWASP Top 10 2017 Item A1, injection – how attackers feed malicious input to a web application; and how to validate user input before allowing submission for execution. The concluding exercise deals with how authentication can be hardened, how to list mitigations against SQL injection attacks, and how MFA enhances security.



Expected Duration (hours)
0.7

Lesson Objectives

OWASP: Top 10 Items A3, A2, & A1

  • discover the subject areas covered in this course
  • describe OWASP Top 10 2017 item A3, sensitive data exposure
  • recognize how to prevent sensitive data disclosure
  • enable BitLocker encryption for a web server disk volume
  • describe OWASP Top 10 2017 item A2, broken authentication
  • recognize how to secure authentication
  • enable MFA for an Amazon Web Services user account
  • retrieve sensitive data through password reset pages
  • describe OWASP Top 10 2017 item A1, injection
  • recognize how to validate user input before allowing submission for execution
  • inject SQL commands into a web form field
  • encrypt data at rest, secure authentication and prevent injection attacks
  • Course Number:
    it_spowsp_11_enus

    Expertise Level
    Intermediate