Overview/Description
OWASP Top 10 list items 8 and 3 include cross-site attacks, which are very common exploits in modern web applications.

Target Audience
Individuals who wish to increase their knowledge in the field of web application security and common exploits used against web applications

Prerequisites
None

Expected Duration (hours)
0.9

Lesson Objectives

OWASP A8 and A3: Cross-site Attacks

start the course

explain what Cross-site Request Forgery (CSRF) is

exploit CSRF and what kind of access is needed to exploit it

detect CSRF and how common they are

list technical and business impacts of CSRFs

provide examples of CSRF attacks

describe what Cross-site Scripting (XSS) is

exploit XSS and what kind of access is needed to exploit it

detect XSS and how common it is

list the technical and business impacts of XSS

provide examples of XSS attacks

review an XSS attack

describe how CSRF and XSS can be exploited by an attacker

Course Number:
sp_owtt_a03_it_enus

Expertise Level
Intermediate