SkillSoft Explore Course – Lambers, Inc.

IT Professional Certifications CompTIA CompTIA PenTest+ CompTIA PenTest+ (PT0-002)

Application-based attacks are designed to deliberately cause a fault in a computer's operating system or applications. In this course, you'll learn how to research attack vectors and perform application-based attacks. You'll explore the benefits of the OWASP Top 10 standard awareness document, which is used to present the most critical security risks to web applications. You'll examine application-based attacks such as server-side request forgery, business logic flaws, and injection attacks. You'll move on to learn about application vulnerabilities such as race conditions, lack of code signing, and session attacks, as well as the characteristics of API attacks such as Restful, Soap, and Extensible Markup Language-Remote Procedure Call. Lastly, you'll learn about application-based attack tools and resources. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.

Asset ID	it_csptpl_08_enus
Course Type	Video Course
Course Category	CompTIA

Objectives
CompTIA PenTest+ (PT0-002): Application-based Attacks discover the key concepts covered in this course provide an overview of the OWASP Top 10 standard awareness document provide an overview of server-side request forgery (SSRF) attacks describe how business logic vulnerabilities can be exploited recognize characteristics of a Structured Query Language (SQL) injection attack provide an overview of command injection attacks describe how to perform cross-site scripting (XSS) attacks list characteristics of a Lightweight Directory Access Protocol (LDAP) injection attack differentiate between race conditions, lack of error handling, lack of code signing, and insecure data transmission application vulnerabilities differentiate between session attacks including session hijacking, cross-site request forgery (CSRF), privilege escalation, session replay, and session fixation provide an overview of application programming interface (API) attacks recognize how directory traversal attacks work differentiate between application-based attack tools such as SQLmap and DirBuster provide an overview of the benefits offered by resources such as wordlists summarize the key concepts covered in this course

Objectives

CompTIA PenTest+ (PT0-002): Application-based Attacks

discover the key concepts covered in this course
provide an overview of the OWASP Top 10 standard awareness document
provide an overview of server-side request forgery (SSRF) attacks
describe how business logic vulnerabilities can be exploited
recognize characteristics of a Structured Query Language (SQL) injection attack
provide an overview of command injection attacks
describe how to perform cross-site scripting (XSS) attacks
list characteristics of a Lightweight Directory Access Protocol (LDAP) injection attack
differentiate between race conditions, lack of error handling, lack of code signing, and insecure data transmission application vulnerabilities
differentiate between session attacks including session hijacking, cross-site request forgery (CSRF), privilege escalation, session replay, and session fixation
provide an overview of application programming interface (API) attacks
recognize how directory traversal attacks work
differentiate between application-based attack tools such as SQLmap and DirBuster
provide an overview of the benefits offered by resources such as wordlists
summarize the key concepts covered in this course