OWASP A10 and A9: API and Component Attacks


Overview/Description
Target Audience
Prerequisites
Expected Duration
Lesson Objectives
Course Number
Expertise Level


Overview/Description
OWASP Top 10 list items 10 and 9 are exploits of APIs and components of web applications.

Target Audience
Individuals who wish to increase their knowledge in the field of web application security and common exploits used against web applications

Prerequisites
None

Expected Duration (hours)
0.9

Lesson Objectives

OWASP A10 and A9: API and Component Attacks

  • start the course
  • define what an underprotected API is
  • describe how underprotected APIs can be exploited and what kind of access is needed to exploit it
  • describe how easy it is to detect underprotected APIs and how common they are
  • list the technical and business impacts of underprotected APIs
  • provide examples of underprotected API attacks
  • specify what a vulnerable component is
  • describe how vulnerable components can be exploited and what kind of access is needed to exploit them
  • describe how easy it is to detect vulnerable components and how common they are
  • list the technical and business impacts of vulnerable components
  • provide examples of vulnerable component attacks
  • purchase merchandise at an unauthorized discount
  • describe what A10 and A9 are and how they affect web application security

    • Course Number:
    sp_owtt_a07_it_enus

    Expertise Level
    Intermediate