• Online, Self-Paced

In this 12-video course, learners will discover security aspects focusing on OWASP Top 10 2017 Item A3: Sensitive Data Exposure, Item A2: Broken Authentication and Item A1: Injection. Key concepts covered in this course include details about OWASP Top 10 2017 Item A3, sensitive data exposure, and how data are transmitted over networks; how to prevent sensitive data disclosure through mitigating and protecting; and how to enable BitLocker encryption for a web server disk volume. Next, learn details about OWASP Top 10 2017 Item A2, broken authentication, and learn how to secure authentication; observe how to enable multifactor authentication (MFA) for an Amazon Web Services user account; and learn how to retrieve sensitive data through password reset pages. Finally, learn details about OWASP Top 10 2017 Item A1, injection - how attackers feed malicious input to a web application; and how to validate user input before allowing submission for execution. The concluding exercise deals with how authentication can be hardened, how to list mitigations against SQL injection attacks, and how MFA enhances security.

Learning Objectives

{"discover the subject areas covered in this course"}

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.