CompTIA PenTest+: Application-based Attacks
CompTIA
| Intermediate
- 15 videos | 1h 24m 53s
- Includes Assessment
- Earns a Badge
Application-based attacks are designed to deliberately cause a fault in a computer's operating system or applications. In this course, you'll learn how to research attack vectors and perform application-based attacks. You'll explore the benefits of the OWASP Top 10 standard awareness document, which is used to present the most critical security risks to web applications. You'll examine application-based attacks such as server-side request forgery, business logic flaws, and injection attacks. You'll move on to learn about application vulnerabilities such as race conditions, lack of code signing, and session attacks, as well as the characteristics of API attacks such as Restful, Soap, and Extensible Markup Language-Remote Procedure Call. Lastly, you'll learn about application-based attack tools and resources. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.
WHAT YOU WILL LEARN
-
Discover the key concepts covered in this course
Provide an overview of the owasp top 10 standard awareness document
Provide an overview of server-side request forgery (ssrf) attacks
Describe how business logic vulnerabilities can be exploited
Recognize characteristics of a structured query language (sql) injection attack
Provide an overview of command injection attacks
Describe how to perform cross-site scripting (xss) attacks
List characteristics of a lightweight directory access protocol (ldap) injection attack -
Differentiate between race conditions, lack of error handling, lack of code signing, and insecure data transmission application vulnerabilities
Differentiate between session attacks including session hijacking, cross-site request forgery (csrf), privilege escalation, session replay, and session fixation
Provide an overview of application programming interface (api) attacks
Recognize how directory traversal attacks work
Differentiate between application-based attack tools such as sqlmap and dirbuster
Provide an overview of the benefits offered by resources such as wordlists
Summarize the key concepts covered in this course
IN THIS COURSE
-
1m 38s
-
10m 20s
-
3. Server-side Request Forgery6m 34s
-
4. Business Logic Vulnerabilities5m 59s
-
5. Structured Query Language Injection Attacks8m 3s
-
6. Command Injection Attacks5m 41s
-
7. Cross-site Scripting Attacks4m 30s
-
8. Lightweight Directory Access Protocol Injection4m 47s
-
9. Common Application Vulnerabilities6m 56s
-
10. Application-based Session Attacks9m 52s
-
11. Application Programming Interface Attacks8m 26s
-
12. Directory Traversal Attacks3m 56s
-
13. Application-based Attack Tools3m 24s
-
14. Application-based Attack Resources3m 48s
-
15. Course Summary1m 1s
EARN A DIGITAL BADGE WHEN YOU COMPLETE THIS COURSE
Skillsoft is providing you the opportunity to earn a digital badge upon successful completion on some of our courses, which can be shared on any social network or business platform.
Digital badges are yours to keep, forever.
