• Online, Self-Paced
Course Description

OWASP Top 10 list items 7 and 6 involve applications that expose sensitive data and are not protected from modern attacks.

Learning Objectives

OWASP A7 and A6

  • start the course
  • describe what insufficient attack protection is
  • exploit insufficient attack protection and what kind of access is needed to exploit it
  • use nmap to scan a network
  • detect insufficient attack protection and note how common it is
  • use online web app scanners
  • describe the client/server HTTP exchange
  • analyze Linux log rotation files for a Linux web server
  • list the technical and business impacts of insufficient attack protection
  • discuss attacks that take advantage of insufficient attack protection
  • describe what sensitive data exposure is
  • analyze sensitive network traffic in Linux
  • describe how sensitive data exposure can be exploited
  • review how sensitive data exposure can be exploited and what kind of access is needed to exploit it
  • describe how easy it is to detect sensitive data exposure and how common it is
  • list the technical and business impacts of sensitive data exposure
  • describe how various attacks can result in sensitive data exposure
  • provide examples of sensitive data exposure attacks

Practice: Leaky and Unprepared Applications

  • describe the impact of these exploits on the business and technical sides

Framework Connections

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.