SKILL BENCHMARK
Web App Vulnerability Analyst 2022 Proficiency (Advanced Level)
- 29m
- 29 questions
The Web App Vulnerability Analyst 2022 Proficiency (Advanced Level) benchmark measures your ability to design and implement vulnerability processes and programs. Learners who score high on this benchmark demonstrate that they have advanced proficiency in the web application vulnerability discipline and are considered leaders in the domain. They can work independently without supervision.
Topics covered
- configure a conditional access policy in Microsoft Azure
- configure and test Snort IDS rules
- crack RDP passwords using Hydra
- describe how intrusion detection and prevention can be deployed and used
- describe how the concept of objects, methods, and properties applies to scripting and software development
- describe how the Heartbleed Bug compromises older versions of OpenSSL
- differentiate between static and dynamic software testing
- download and run the Metasploitable intentionally vulnerable web app VM
- enable multi-factor authentication for a Microsoft Azure cloud user account
- harden user authentication settings using Microsoft Group Policy
- identify active network hosts and services using nmap
- identify host vulnerabilities using OpenVAS
- identify how deserialization attacks occur
- identify how software developers commonly use third-party APIs and components
- list the benefits of using a secure API when writing web app code
- mitigate injection attacks using techniques such as fuzzing and input validation and sanitization
- plan for various types of security testing
- recognize how security must be integrated into all aspects of Continuous Integration and Continuous Delivery (CI/CD)
- recognize how to deploy security controls to mitigate deserialization attacks
- recognize how to mitigate broken authentication attacks
- recognize the relevance of web application security testing
- use an online service to analyze a Wireshark packet capture
- use Burp Suite to crack web form user password
- use freely available tools to run a command injection attack against a web application
- use freely available tools to run a SQL injection attack against a web application
- use John the Ripper to crack Linux passwords
- use the Hydra tool to crack web form user passwords
- use the Social Engineering Toolkit (SET) to steal user credentials
- use Wireshark to view plain text credential transmissions