Course Description
OWASP Top 10 list items 7 and 6 involve applications that expose sensitive data and are not protected from modern attacks.
Learning Objectives
OWASP A7 and A6
- start the course
- describe what insufficient attack protection is
- exploit insufficient attack protection and what kind of access is needed to exploit it
- use nmap to scan a network
- detect insufficient attack protection and note how common it is
- use online web app scanners
- describe the client/server HTTP exchange
- analyze Linux log rotation files for a Linux web server
- list the technical and business impacts of insufficient attack protection
- discuss attacks that take advantage of insufficient attack protection
- describe what sensitive data exposure is
- analyze sensitive network traffic in Linux
- describe how sensitive data exposure can be exploited
- review how sensitive data exposure can be exploited and what kind of access is needed to exploit it
- describe how easy it is to detect sensitive data exposure and how common it is
- list the technical and business impacts of sensitive data exposure
- describe how various attacks can result in sensitive data exposure
- provide examples of sensitive data exposure attacks
Practice: Leaky and Unprepared Applications
- describe the impact of these exploits on the business and technical sides