In this lab, the focus will be on discovering and exploiting web app vulnerabilities as detailed in the OWASP Top 10. The following exercises will be performed:
- Perform vulnerability scanning using OWASP Zed Attack Proxy
- Identify active network hosts and services using nmap
- Use freely available tools to run a SQL injection attack against a web application
- Use Wireshark to view plain text credential transmissions
- Use the Hydra tool to crack web form user passwords
- Hash files using Windows commands
- Assemble fake TCP/IP packets using hping3
- Execute a denial of service (DoS) attack against a web application
In this lab, you will have access to:
- Windows Server 2019
- Parrot OS
- Bee-box
- Wireshark
- bWAPP
- Hydra
- Hping3
- Slowloris
- Windows Powershell
This lab is part of the OWASP Top 10 Mitigations track of the Skillsoft Aspire Web App Vulnerability Analyst journey.
Learning Objectives
In this lab, the focus will be on discovering and exploiting web app vulnerabilities as detailed in the OWASP Top 10. The following exercises will be performed:
- Perform vulnerability scanning using OWASP Zed Attack Proxy
- Identify active network hosts and services using nmap
- Use freely available tools to run a SQL injection attack against a web application
- Use Wireshark to view plain text credential transmissions
- Use the Hydra tool to crack web form user passwords
- Hash files using Windows commands
- Assemble fake TCP/IP packets using hping3
- Execute a denial of service (DoS) attack against a web application
In this lab, you will have access to:
- Windows Server 2019
- Parrot OS
- Bee-box
- Wireshark
- bWAPP
- Hydra
- Hping3
- Slowloris
- Windows Powershell
This lab is part of the OWASP Top 10 Mitigations track of the Skillsoft Aspire Web App Vulnerability Analyst journey.
Framework Connections
Specialty Areas
- Cybersecurity Management
Feedback
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.