Final Exam: OWASP Top 10 Mitigations - apply security controls to mitigate broken access control attacks
- apply security settings to users and computers using Microsoft Group Policy
- browse vulnerable devices on the Shodan.io website
- configure and test Snort IDS rules
- configure syslog-ng in Linux to forward log entries to a central logging host
- crack RDP passwords using Hydra
- deploy a web application firewall solution in the Microsoft Azure cloud
- deploy security controls to correct monitoring deficiencies
- deploy security controls to mitigate XSS attacks
- describe how application containers work
- describe how a web application firewall differs from other types of firewalls
- describe how intrusion detection and prevention can be deployed and used
- describe how Java and JavaScript are used in web applications
- describe how security misconfigurations can be mitigated
- describe how the concept of objects, methods, and properties applies to scripting and software development
- describe how to mitigate XXE attacks
- describe the PKI hierarchy
- describe the purpose of the Open Web Application Security Project (OWASP)
- describe what Personally Identifiable Information (PII) is and how it relates to data classification and security
- differentiate between authentication and authorization
- differentiate between mandatory, discretionary, role-based, and attribute-based access control
- differentiate between SIEM and SOAR monitoring and incident response solutions
- differentiate between static and dynamic software testing
- digitally sign a Microsoft PowerShell script
- enable IPsec to protect LAN traffic
- encrypt user credentials
- harden user authentication settings using Microsoft Group Policy
- hash files using Linux commands
- hash files using Windows commands
- hash user credentials
- identify active network hosts and services using nmap
- identify components related to developing and running a web application
- identify how broken access control attacks occur
- identify how Extensible Markup Language (XML) is used to describe data
- identify how HTTP requests and responses interact with web applications
- identify methods by which sensitive data exposure attacks can be mitigated
- install and configure Windows Server Update Services (WSUS)
- install the Snort IDS
- list common data privacy standards
- list methods by which malicious actors can gain access to sensitive data
- list various ways that XML attacks can be executed
- manage Docker containers on a Linux computer
- manage Linux file system permissions
- manage Windows file system permissions
- mitigate injection attacks using techniques such as fuzzing and input validation, and sanitization
- navigate through web server subdirectories through a web application
- plan for various types of security testing
- provide examples of security misconfigurations
- recall methods by which sensitive data exposure attacks can be mitigated
- recognize how Cross-site Scripting (XSS) attacks occur
- recognize how security must be integrated into all aspects of Continuous Integration and Continuous Delivery (CI/CD)
- recognize how to deploy security controls to mitigate deserialization attacks
- recognize how to mitigate broken authentication attacks
- recognize how to securely write code
- recognize how weak authentication configurations can lead to system compromise
- recognize types of injection attacks
- search vulnerable devices on the Shodan.io website
- use freely available tools to run a SQL injection attack against a web application
- use the Hydra tool to crack web form user passwords
- use Wireshark to view plain text credential transmissions
|
