Course Description
OWASP Top 10 list items 5 and 1 cover security misconfigurations and injection, two highly common attacks in modern web applications
Learning Objectives
OWASP A5 and A1: Security and Injection
- start the course
- explain what Security Misconfigurations are
- how Security Misconfigurations can be exploited and what kind of access is needed to exploit it
- how easy it is to detect Security Misconfigurations and how common they are
- the technical and business impacts of Security Misconfigurations
- provide examples of Security Misconfiguration attacks
- enable protection for a web app through a WAF
- explain what Injection is
- how Injection can be exploited and what kind of access is needed to exploit it
- how easy it is to detect Injection and how common they are
- the technical and business impacts of Injection attacks
- provide examples of Injection attacks
- inject SQL commands into a web form field
Practice: A5 and A1 Commonality
- explain how A5 and A1 can be exploited by attackers