OWASP Top 10: Discovering & Exploiting Web App Vulnerabilities

OWASP    |    Intermediate
  • 14 videos | 1h 18m 36s
  • Includes Assessment
  • Earns a Badge
Rating 4.5 of 60 users Rating 4.5 of 60 users (60)
There are almost two billion web sites in the world today. Many of these sites are not sufficiently protected against attacks. In this course, you'll begin by learning how to install a sample vulnerable web application. Next, you'll explore how to use reconnaissance methods, such as nmap scanning and web app scanning using OWASP ZAP, to discover HTTP hosts and vulnerable applications. You'll learn how to execute attacks including XSS, CSRF, file injection, and denial of service. You'll move on to examine how to capture user keystrokes using a hardware keylogger and capture cleartext HTTP transmissions. Lastly, you'll learn how to forge fake TCP/IP packets and then deploy and secure a cloud-hosted web application.

WHAT YOU WILL LEARN

  • Discover the key concepts covered in this course
    Download and enable the free metasploitable virtual machine for testing web application vulnerabilities
    Discover network hosts running a web application
    Download, install, and use the free owasp zap tool to identify web application vulnerabilities
    Execute a denial of service (dos) attack against a web application
    Execute a cross-site scripting (xss) attack against a vulnerable web application
    Execute a cross-site request forgery (csrf) attack against a vulnerable web application
  • Execute a sql injection attack against a vulnerable web application
    Execute a file inclusion attack against a vulnerable web application
    Capture user keystrokes using a hardware keylogger
    Capture cleartext http credentials using wireshark
    Assemble fake tcp/ip packets using hping3
    Deploy a web app in the microsoft azure cloud
    Summarize the key concepts covered in this course

IN THIS COURSE

  • 1m 40s
  • 5m 51s
  • Locked
    3.  Using nmap to Discover HTTP Hosts
    5m 39s
  • Locked
    4.  Scanning a Web Application for Vulnerabilities
    8m 18s
  • Locked
    5.  Executing a Denial of Service Attack against a Web App
    4m 39s
  • Locked
    6.  Executing a Cross-site Scripting Attack against a Web App
    7m 57s
  • Locked
    7.  Executing a Cross-site Request Forgery Attack against a Web App
    7m 54s
  • Locked
    8.  Executing a SQL Injection Attack against a Web App
    5m 23s
  • Locked
    9.  Executing a File Inclusion Attack against a Web App
    4m 51s
  • Locked
    10.  Capturing Web App Keystrokes Using a Hardware Key Logger
    5m 27s
  • Locked
    11.  Capturing HTTP Cleartext Credentials
    4m 35s
  • Locked
    12.  Spoofing HTTP Traffic Using hping3
    6m 4s
  • Locked
    13.  Deploying a Cloud-based Web Application
    8m 52s
  • Locked
    14.  Course Summary
    1m 25s

EARN A DIGITAL BADGE WHEN YOU COMPLETE THIS COURSE

Skillsoft is providing you the opportunity to earn a digital badge upon successful completion on some of our courses, which can be shared on any social network or business platform.

Digital badges are yours to keep, forever.

YOU MIGHT ALSO LIKE

Course OWASP Top 10: A03:2021-Injection
Rating 4.6 of 344 users Rating 4.6 of 344 users (344)
Course OWASP Top 10: Web Application Security
Rating 4.6 of 396 users Rating 4.6 of 396 users (396)
Course Fundamentals of Malware Analysis and Remediation
Rating 4.4 of 56 users Rating 4.4 of 56 users (56)

PEOPLE WHO VIEWED THIS ALSO VIEWED THESE

Course RADD Knowledge Area: Part 2
Rating 4.4 of 164 users Rating 4.4 of 164 users (164)
Course OWASP Top 10: Securing Web Applications
Rating 4.6 of 1111 users Rating 4.6 of 1111 users (1111)
Course Business Analysis Activities and Tools
Rating 4.5 of 2499 users Rating 4.5 of 2499 users (2499)