OWASP A7 and A6: Leaky and Unprepared Applications Overview/Description Target Audience Prerequisites Expected Duration Lesson Objectives Course Number Expertise Level Overview/Description
OWASP Top 10 list items 7 and 6 involve applications that expose sensitive data and are not protected from modern attacks.
Target Audience
Individuals who wish to increase their knowledge in the field of web application security and common exploits used against web applications
Prerequisites
None
Expected Duration (hours)
1.1
Lesson Objectives OWASP A7 and A6: Leaky and Unprepared Applications
start the course
describe what insufficient attack protection is
exploit insufficient attack protection and what kind of access is needed to exploit it
use nmap to scan a network
detect insufficient attack protection and note how common it is
use online web app scanners
describe the client/server HTTP exchange
analyze Linux log rotation files for a Linux web server
list the technical and business impacts of insufficient attack protection
discuss attacks that take advantage of insufficient attack protection
describe what sensitive data exposure is
analyze sensitive network traffic in Linux
describe how sensitive data exposure can be exploited
review how sensitive data exposure can be exploited and what kind of access is needed to exploit it
describe how easy it is to detect sensitive data exposure and how common it is
list the technical and business impacts of sensitive data exposure
describe how various attacks can result in sensitive data exposure
provide examples of sensitive data exposure attacks
describe the impact of these exploits on the business and technical sides
Course Number: sp_owtt_a04_it_enus
Expertise Level
Intermediate