• Online, Self-Paced
Course Description

OWASP Top 10 list items 8 and 3 include cross-site attacks, which are very common exploits in modern web applications.

Learning Objectives

OWASP A8 and A3: Cross-site Attacks

  • start the course
  • explain what Cross-site Request Forgery (CSRF) is
  • exploit CSRF and what kind of access is needed to exploit it
  • detect CSRF and how common they are
  • list technical and business impacts of CSRFs
  • provide examples of CSRF attacks
  • describe what Cross-site Scripting (XSS) is
  • exploit XSS and what kind of access is needed to exploit it
  • detect XSS and how common it is
  • list the technical and business impacts of XSS
  • provide examples of XSS attacks
  • review an XSS attack

Practice: Cross-site Attacks

  • describe how CSRF and XSS can be exploited by an attacker

Framework Connections

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.