• Online, Self-Paced
Course Description

OWASP Top 10 list items 5 and 1 cover security misconfigurations and injection, two highly common attacks in modern web applications

Learning Objectives

OWASP A5 and A1: Security and Injection

  • start the course
  • explain what Security Misconfigurations are
  • how Security Misconfigurations can be exploited and what kind of access is needed to exploit it
  • how easy it is to detect Security Misconfigurations and how common they are
  • the technical and business impacts of Security Misconfigurations
  • provide examples of Security Misconfiguration attacks
  • enable protection for a web app through a WAF
  • explain what Injection is
  • how Injection can be exploited and what kind of access is needed to exploit it
  • how easy it is to detect Injection and how common they are
  • the technical and business impacts of Injection attacks
  • provide examples of Injection attacks
  • inject SQL commands into a web form field

Practice: A5 and A1 Commonality

  • explain how A5 and A1 can be exploited by attackers

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Cyber Defense Infrastructure Support
  • Cybersecurity Management
  • Systems Architecture
  • Systems Development
  • Vulnerability Assessment and Management