• Online, Self-Paced

Discover security aspects focusing on OWASP Top 10 - 2017 item A9: Using Components with Known Vulnerabilities, item A8: Insecure Deserialization, and item A7: Cross-Site Scripting (XSS).

Learning Objectives

OWASP: Top 10 Items A9, A8, & A7

  • describe OWASP Top 10 2017 item A9 dealing with known vulnerabilities
  • review different types of vulnerabilities
  • purchase merchandise at an unauthorized discount
  • describe OWASP Top 10 2017 item A8 which involves insecure deserialization
  • recognize how insecure deserialization can be mitigated by treating it as user input
  • secure traffic by encrypting it with IPSec to protect serialized data
  • describe OWASP Top 10 2017 item A7 relating to cross-site scripting (XSS)
  • recognize how cross-site scripting can be mitigated
  • perform a fuzz test using OWASP ZAP
  • identify insecure components, serialization, and XSS

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.