SKILL BENCHMARK
Web App Vulnerability Analyst 2022 Mastery (Expert Level)
- 31m
- 31 questions
The Web App Vulnerability Analyst 2022 Mastery (Expert Level) benchmark measures your comprehension of the web application vulnerability practice and the scope of most, if not all, application vulnerabilities. Learners who score high on this benchmark demonstrate that they have a mastery of the web application vulnerability discipline and are considered thought leaders in this domain. They can lead discussions and communicate complex jargon and terminology to less accomplished analysts.
Topics covered
- apply security controls to mitigate broken access control attacks
- capture user keystrokes using a hardware keylogger
- compare past network scans with current scans to identify changes
- configure and test Snort IDS rules
- deploy a web application firewall solution in the Microsoft Azure cloud
- deploy security controls to correct monitoring deficiencies
- deploy security controls to mitigate XSS attacks
- describe how a web application firewall differs from other types of firewalls
- describe how intrusion detection and prevention can be deployed and used
- describe how Java and JavaScript are used in web applications
- describe how the concept of objects, methods, and properties applies to scripting and software development
- download, install, and use the free OWASP ZAP tool to identify web application vulnerabilities
- execute a cross-site request forgery (CSRF) attack against a vulnerable web application
- execute a cross-site scripting (XXS) attack against a vulnerable web application
- execute a denial of service (DoS) attack against a web application
- execute a file inclusion attack against a vulnerable web application
- execute a SQL injection attack against a vulnerable web application
- identify active network hosts and services using nmap
- identify host vulnerabilities using OpenVAS
- identify how deserialization attacks occur
- install the Snort IDS
- mitigate injection attacks using techniques such as fuzzing and input validation and sanitization
- navigate through web server subdirectories through a web application
- plan for various types of security testing
- recognize how Cross-site Scripting (XSS) attacks occur
- recognize how to deploy security controls to mitigate deserialization attacks
- run a XSS attack through web page forms
- run a XSS attack to hijack a client web browser
- use an online service to analyze a Wireshark packet capture
- use freely available tools to run a command injection attack against a web application
- use freely available tools to run a SQL injection attack against a web application