• Online, Self-Paced

In this 11-video course, learners will discover security aspects focusing on OWASP Top 10 2017 Item A9: Using Components with Known Vulnerabilities; Item A8: Insecure Deserialization; and Item A7: Cross-Site Scripting (XSS). Key concepts covered in this course include details about OWASP Top 10 2017 Item A9, dealing with known vulnerabilities, and examining different types of common vulnerabilities; and details about OWASP Top 10 2017 Item A8, which involves insecure deserialization and transmission of objects between network hosts programmatically, or storage of an object in a file, such as storing something in a web browser cookie. Next, learn how insecure deserialization can be mitigated by treating it as user input; learn how to secure traffic by encrypting it with IPSec to protect serialized data; and learn details about OWASP Top 10 2017 Item A7 relating to XSS and how XSS can be mitigated. Finally, you will learn to perform a fuzz test by using OWASP ZAP; and how to identify insecure components, serialization, and XSS.

Learning Objectives

In this 11-video course, learners will discover security aspects focusing on OWASP Top 10 2017 Item A9: Using Components with Known Vulnerabilities; Item A8: Insecure Deserialization; and Item A7: Cross-Site Scripting (XSS). Key concepts covered in this course include details about OWASP Top 10 2017 Item A9, dealing with known vulnerabilities, and examining different types of common vulnerabilities; and details about OWASP Top 10 2017 Item A8, which involves insecure deserialization and transmission of objects between network hosts programmatically, or storage of an object in a file, such as storing something in a web browser cookie. Next, learn how insecure deserialization can be mitigated by treating it as user input; learn how to secure traffic by encrypting it with IPSec to protect serialized data; and learn details about OWASP Top 10 2017 Item A7 relating to XSS and how XSS can be mitigated. Finally, you will learn to perform a fuzz test by using OWASP ZAP; and how to identify insecure components, serialization, and XSS.

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.