• Online, Self-Paced
Course Description

In this lab, the focus will be on discovering and exploiting web app vulnerabilities as detailed in the OWASP Top 10. The following exercises will be performed:

- Perform vulnerability scanning using OWASP Zed Attack Proxy
- Identify active network hosts and services using nmap
- Use freely available tools to run a SQL injection attack against a web application
- Use Wireshark to view plain text credential transmissions
- Use the Hydra tool to crack web form user passwords
- Hash files using Windows commands
- Assemble fake TCP/IP packets using hping3
- Execute a denial of service (DoS) attack against a web application

In this lab, you will have access to:

- Windows Server 2019
- Parrot OS
- Bee-box
- Wireshark
- bWAPP
- Hydra
- Hping3
- Slowloris
- Windows Powershell

This lab is part of the OWASP Top 10 Mitigations track of the Skillsoft Aspire Web App Vulnerability Analyst journey.

Learning Objectives

In this lab, the focus will be on discovering and exploiting web app vulnerabilities as detailed in the OWASP Top 10. The following exercises will be performed:

- Perform vulnerability scanning using OWASP Zed Attack Proxy
- Identify active network hosts and services using nmap
- Use freely available tools to run a SQL injection attack against a web application
- Use Wireshark to view plain text credential transmissions
- Use the Hydra tool to crack web form user passwords
- Hash files using Windows commands
- Assemble fake TCP/IP packets using hping3
- Execute a denial of service (DoS) attack against a web application

In this lab, you will have access to:

- Windows Server 2019
- Parrot OS
- Bee-box
- Wireshark
- bWAPP
- Hydra
- Hping3
- Slowloris
- Windows Powershell

This lab is part of the OWASP Top 10 Mitigations track of the Skillsoft Aspire Web App Vulnerability Analyst journey.

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Cybersecurity Management

Specialty Areas have been removed from the NICE Framework. With the recent release of the new NICE Framework data, updates to courses are underway. Until this course can be updated, this historical information is provided to give better context as to how it can help you with your cybersecurity goals.

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.