• Online, Self-Paced
Course Description

Web applications rely on numerous underlying infrastructure components, including public key infrastructure (PKI). Discover the overall web application ecosystem with a focus on the OWASP Top 10 2017. Key concepts covered in this 13-video course include how to identify common web application security issues and their impacts; how tools such as Nmap, Metasploit, and Nessus can be used for benign and malicious purposes; and how the OWASP Top 10 helps to secure web applications. Next, you will learn the OWASP security tools; how to identify common web application architecture and development techniques and the role that clients and servers play; and how TLS supersedes SSL and tools such as SSL Labs can test PKI implementations. Learners then observe how PKI certificates can enhance web application security; how to configure HTTPS bindings for Microsoft IIS websites; and how to configure Microsoft IIS websites to require client certificates. Finally, learn how to configure HTTPS bindings for Linux Apache websites, and how to scan a public Internet site's PKI configuration to determine the site's security posture.

Learning Objectives

Web applications rely on numerous underlying infrastructure components, including public key infrastructure (PKI). Discover the overall web application ecosystem with a focus on the OWASP Top 10 2017. Key concepts covered in this 13-video course include how to identify common web application security issues and their impacts; how tools such as Nmap, Metasploit, and Nessus can be used for benign and malicious purposes; and how the OWASP Top 10 helps to secure web applications. Next, you will learn the OWASP security tools; how to identify common web application architecture and development techniques and the role that clients and servers play; and how TLS supersedes SSL and tools such as SSL Labs can test PKI implementations. Learners then observe how PKI certificates can enhance web application security; how to configure HTTPS bindings for Microsoft IIS websites; and how to configure Microsoft IIS websites to require client certificates. Finally, learn how to configure HTTPS bindings for Linux Apache websites, and how to scan a public Internet site's PKI configuration to determine the site's security posture.

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.