OWASP A5 and A1: Security and Injection


Overview/Description
Target Audience
Prerequisites
Expected Duration
Lesson Objectives
Course Number
Expertise Level


Overview/Description
OWASP Top 10 list items 5 and 1 cover security misconfigurations and injection, two highly common attacks in modern web applications

Target Audience
Individuals who wish to increase their knowledge in the field of web application security and common exploits used against web applications

Prerequisites
None

Expected Duration (hours)
1.2

Lesson Objectives

OWASP A5 and A1: Security and Injection

  • start the course
  • explain what Security Misconfigurations are
  • how Security Misconfigurations can be exploited and what kind of access is needed to exploit it
  • how easy it is to detect Security Misconfigurations and how common they are
  • the technical and business impacts of Security Misconfigurations
  • provide examples of Security Misconfiguration attacks
  • enable protection for a web app through a WAF
  • explain what Injection is
  • how Injection can be exploited and what kind of access is needed to exploit it
  • how easy it is to detect Injection and how common they are
  • the technical and business impacts of Injection attacks
  • provide examples of Injection attacks
  • inject SQL commands into a web form field
  • explain how A5 and A1 can be exploited by attackers

    • Course Number:
    sp_owtt_a06_it_enus

    Expertise Level
    Intermediate