• Online, Self-Paced
Course Description

In this lab, the focus will be on discovering and exploiting web app vulnerabilities as detailed in the OWASP Top 10. The following exercises will be performed:

- Perform vulnerability scanning using OWASP Zed Attack Proxy
- Identify active network hosts and services using nmap
- Use freely available tools to run a SQL injection attack against a web application
- Use Wireshark to view plain text credential transmissions
- Use the Hydra tool to crack web form user passwords
- Hash files using Windows commands
- Assemble fake TCP/IP packets using hping3
- Execute a denial of service (DoS) attack against a web application

In this lab, you will have access to:

- Windows Server 2019
- Parrot OS
- Bee-box
- Wireshark
- bWAPP
- Hydra
- Hping3
- Slowloris
- Windows Powershell

This lab is part of the OWASP Top 10 Mitigations track of the Skillsoft Aspire Web App Vulnerability Analyst journey.

Learning Objectives

In this lab, the focus will be on discovering and exploiting web app vulnerabilities as detailed in the OWASP Top 10. The following exercises will be performed:

- Perform vulnerability scanning using OWASP Zed Attack Proxy
- Identify active network hosts and services using nmap
- Use freely available tools to run a SQL injection attack against a web application
- Use Wireshark to view plain text credential transmissions
- Use the Hydra tool to crack web form user passwords
- Hash files using Windows commands
- Assemble fake TCP/IP packets using hping3
- Execute a denial of service (DoS) attack against a web application

In this lab, you will have access to:

- Windows Server 2019
- Parrot OS
- Bee-box
- Wireshark
- bWAPP
- Hydra
- Hping3
- Slowloris
- Windows Powershell

This lab is part of the OWASP Top 10 Mitigations track of the Skillsoft Aspire Web App Vulnerability Analyst journey.

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.