• Online, Self-Paced
Course Description

OWASP Top 10 list items 5 and 1 cover security misconfigurations and injection, two highly common attacks in modern web applications

Learning Objectives

OWASP A5 and A1: Security and Injection

  • start the course
  • explain what Security Misconfigurations are
  • how Security Misconfigurations can be exploited and what kind of access is needed to exploit it
  • how easy it is to detect Security Misconfigurations and how common they are
  • the technical and business impacts of Security Misconfigurations
  • provide examples of Security Misconfiguration attacks
  • enable protection for a web app through a WAF
  • explain what Injection is
  • how Injection can be exploited and what kind of access is needed to exploit it
  • how easy it is to detect Injection and how common they are
  • the technical and business impacts of Injection attacks
  • provide examples of Injection attacks
  • inject SQL commands into a web form field

Practice: A5 and A1 Commonality

  • explain how A5 and A1 can be exploited by attackers

Framework Connections

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.