Final Exam: OWASP Top 10 Mitigations - 2021

WHAT YOU WILL LEARN

• 

  Identify components related to developing and running a web application
  

  recognize how to write code securely
  

  distinguish web application firewalls (wafs) from other types of firewalls
  

  differentiate web application firewalls (wafs) from other types of firewalls
  

  outline a plan for various types of security testing
  

  recall the purpose of the open web application security project (owasp)
  

  differentiate between mandatory, discretionary, role-based, and attribute-based access control
  

  identify how broken access control attacks occur
  

  identify how http requests and responses interact with web applications
  

  manage windows file system permissions
  

  understand linux file system permissions
  

  manage linux file system permissions
  

  list methods by which malicious actors can gain access to sensitive data
  

  outline the pki hierarchy
  

  identify what personally identifiable information (pii) is and how it relates to data classification and security
  

  name common data privacy standards
  

  encrypt files in windows using encrypting file system (efs)
  

  encrypt files using bitlocker
  

  encrypt files in windows using bitlocker
  

  capture clear-text http credentials using wireshark
  

  recognize types of injection attacks
  

  describe how to mitigate injection attacks using fuzzing, input validation, and sanitization
  

  outline how to mitigate injection attacks using fuzzing, input validation, and sanitization
  

  execute a command injection attack against a web application using freely available tools
  

  identify how java and javascript are used in web applications
  

  recognize how cross-site scripting (xss) attacks occur
  

  outline how confidentiality, integrity, and availability (cia) apply to web app development
  

  name various types of software testing
  

  list the benefits of using a secure api when writing web app code
  

  state how security applies to each phase of the software development life cycle (sdlc)
• 

  recall examples of security misconfigurations
  

  outline how application containers work
  

  manage docker containers on a linux computer
  

  configure azure policy to check for the security compliance of azure resources
  

  search and understand the common vulnerabilities and exposures (cve) database
  

  recall how the heartbleed bug compromises older versions of openssl
  

  recognize how security must be integrated into all aspects of continuous integration and continuous delivery (ci/cd)
  

  browse vulnerable devices using the shodan website
  

  distinguish between authentication and authorization
  

  differentiate between authentication and authorization
  

  recognize how weak authentication configurations can lead to system compromise
  

  hash user credentials
  

  analyze plain text credential transmissions using wireshark
  

  crack web form passwords using the hydra tool
  

  crack rdp passwords using hydra
  

  crack linux passwords using john the ripper
  

  configure a windows server update services (wsus) server
  

  configure and deploy a windows server update services (wsus) server
  

  digitally sign a microsoft powershell script
  

  recognize how to deploy security controls to mitigate deserialization attacks
  

  identify how deserialization attacks occur
  

  hash files using windows commands
  

  differentiate between siem and soar monitoring and incident response solutions
  

  distinguish between siem and soar monitoring and incident response solutions
  

  identify how intrusion detection and prevention can be deployed and used
  

  install the snort ids
  

  configure and test snort ids rules
  

  identify active network hosts and services using nmap
  

  run a denial of service (dos) attack against a vulnerable web application
  

  implement controls to reduce the potential for server-side request forgery (ssrf) attacks