Attention:  CISA Learning is now available!  If you are an EXTERNAL (non-CISA) user access the new system using this url: CISA Learning. The Federal Virtual Training Environment (FedVTE) has been permanently decommissioned and replaced by CISA Learning. Please reference the CISA Learning page for the latest information. Please note: CISA Users (staff and contractors) should access CISA Learning through the internal site. You should have received an email on December 4, 2024, titled “CISA Learning is LIVE!” with more information.

Knowledge ID: K1079

Knowledge of web application security risks

Work roles with this Knowledge

  • Cybersecurity Policy and Planning

    NICE Framework ID: OG-WRL-002

    Responsible for developing and maintaining cybersecurity plans, strategy, and policy to support and align with organizational cybersecurity initiatives and regulatory compliance.

  • Executive Cybersecurity Leadership

    NICE Framework ID: OG-WRL-007

    Responsible for establishing vision and direction for an organization's cybersecurity operations and resources and their impact on digital and physical spaces. Possesses authority to make and execute decisions that impact an organization broadly, including policy approval and stakeholder engagement.

  • Security Control Assessment

    NICE Framework ID: OG-WRL-012

    Responsible for conducting independent comprehensive assessments of management, operational, and technical security controls and control enhancements employed within or inherited by a system to determine their overall effectiveness.

  • Systems Authorization

    NICE Framework ID: OG-WRL-013

    Responsible for operating an information system at an acceptable level of risk to organizational operations, organizational assets, individuals, other organizations, and the nation.

  • Systems Security Management

    NICE Framework ID: OG-WRL-014

    Responsible for managing the cybersecurity of a program, organization, system, or enclave.

  • Secure Software Development

    NICE Framework ID: DD-WRL-003

    Responsible for developing, creating, modifying, and maintaining computer applications, software, or specialized utility programs.

  • Software Security Assessment

    NICE Framework ID: DD-WRL-005

    Responsible for analyzing the security of new or existing computer applications, software, or specialized utility programs and delivering actionable results.

  • Defensive Cybersecurity

    NICE Framework ID: PD-WRL-001

    Responsible for analyzing data collected from various cybersecurity defense tools to mitigate risks.

  • Digital Forensics

    NICE Framework ID: PD-WRL-002

    Responsible for analyzing digital evidence from computer security incidents to derive useful information in support of system and network vulnerability mitigation.

  • Incident Response

    NICE Framework ID: PD-WRL-003

    Responsible for investigating, analyzing, and responding to network cybersecurity incidents.

  • Vulnerability Analysis

    NICE Framework ID: PD-WRL-007

    Responsible for assessing systems and networks to identify deviations from acceptable configurations, enclave policy, or local policy. Measure effectiveness of defense-in-depth architecture against known vulnerabilities.

  • Cybercrime Investigation

    Category: Investigation
    NICE Framework ID: IN-WRL-001

    Responsible for investigating cyberspace intrusion incidents and crimes. Applies tactics, techniques, and procedures for a full range of investigative tools and processes and appropriately balances the benefits of prosecution versus intelligence gathering.

  • Digital Evidence Analysis

    Category: Investigation
    NICE Framework ID: IN-WRL-002

    Responsible for identifying, collecting, examining, and preserving digital evidence using controlled and documented analytical and investigative techniques.