OWASP A4 and A2: Broken Applications


Overview/Description
Target Audience
Prerequisites
Expected Duration
Lesson Objectives
Course Number
Expertise Level


Overview/Description
OWASP Top 10 list items 4 and 2 involve applications with broken access controls and broken authentication and session management.

Target Audience
Individuals who wish to increase their knowledge in the field of web application security and common exploits used against web applications

Prerequisites
None

Expected Duration (hours)
1.2

Lesson Objectives

OWASP A4 and A2: Broken Applications

  • start the course
  • explain what Broken Access Control is
  • how Broken Access Control can be exploited and what kind of access is needed to exploit it
  • how easy it is to detect Broken Access Control and how common they are
  • the technical and business impacts of Broken Access Control
  • provide examples of Broken Access Control attacks
  • guess URLs and parameters to gain access to web pages and data
  • explain what Broken Authentication and Session Management is
  • how Broken Authentication and Session Management can be exploited and what kind of access is needed to exploit it
  • how easy it is to detect Broken Authentication and Session Management and how common they are
  • the technical and business impacts of Broken Authentication and Session Management
  • provide examples of Broken Authentication and Session Management attacks
  • retrieve sensitive data through password reset pages
  • what an attacker can access if they exploit A4 or A2

    • Course Number:
    sp_owtt_a05_it_enus

    Expertise Level
    Intermediate