IT Professional Curricula     Internet and Network Technologies Solution Area     Security Solutions     OWASP Top 10 2020

---

There are almost two billion web sites in the world today. Many of these sites are not sufficiently protected against attacks. In this course, you'll begin by learning how to install a sample vulnerable web application. Next, you'll explore how to use reconnaissance methods, such as nmap scanning and web app scanning using OWASP ZAP, to discover HTTP hosts and vulnerable applications. You'll learn how to execute attacks including XSS, CSRF, file injection, and denial of service. You'll move on to examine how to capture user keystrokes using a hardware keylogger and capture cleartext HTTP transmissions. Lastly, you'll learn how to forge fake TCP/IP packets and then deploy and secure a cloud-hosted web application.

---

---

Objectives

OWASP Top 10: Discovering & Exploiting Web App Vulnerabilities discover the key concepts covered in this course download and enable the free Metasploitable virtual machine for testing web application vulnerabilities discover network hosts running a web application download, install, and use the free OWASP ZAP tool to identify web application vulnerabilities execute a denial of service (DoS) attack against a web application execute a cross-site scripting (XSS) attack against a vulnerable web application execute a cross-site request forgery (CSRF) attack against a vulnerable web application execute a SQL injection attack against a vulnerable web application execute a file inclusion attack against a vulnerable web application capture user keystrokes using a hardware keylogger capture cleartext HTTP credentials using Wireshark assemble fake TCP/IP packets using hping3 deploy a web app in the Microsoft Azure cloud summarize the key concepts covered in this course