OWASP: Top 10 Items A9, A8, & A7


Overview/Description
Expected Duration
Lesson Objectives
Course Number
Expertise Level



Overview/Description

In this 11-video course, learners will discover security aspects focusing on OWASP Top 10 2017 Item A9: Using Components with Known Vulnerabilities; Item A8: Insecure Deserialization; and Item A7: Cross-Site Scripting (XSS). Key concepts covered in this course include details about OWASP Top 10 2017 Item A9, dealing with known vulnerabilities, and examining different types of common vulnerabilities; and details about OWASP Top 10 2017 Item A8, which involves insecure deserialization and transmission of objects between network hosts programmatically, or storage of an object in a file, such as storing something in a web browser cookie. Next, learn how insecure deserialization can be mitigated by treating it as user input; learn how to secure traffic by encrypting it with IPSec to protect serialized data; and learn details about OWASP Top 10 2017 Item A7 relating to XSS and how XSS can be mitigated. Finally, you will learn to perform a fuzz test by using OWASP ZAP; and how to identify insecure components, serialization, and XSS.



Expected Duration (hours)
0.6

Lesson Objectives

OWASP: Top 10 Items A9, A8, & A7

  • Course Overview
  • describe OWASP Top 10 2017 item A9 dealing with known vulnerabilities
  • review different types of vulnerabilities
  • purchase merchandise at an unauthorized discount
  • describe OWASP Top 10 2017 item A8 which involves insecure deserialization
  • recognize how insecure deserialization can be mitigated by treating it as user input
  • secure traffic by encrypting it with IPSec to protect serialized data
  • describe OWASP Top 10 2017 item A7 relating to cross-site scripting (XSS)
  • recognize how cross-site scripting can be mitigated
  • perform a fuzz test using OWASP ZAP
  • identify insecure components, serialization, and XSS
  • Course Number:
    it_spowsp_09_enus

    Expertise Level
    Intermediate