CSX Immersion: The OWASP Top 10
The “OWASP Top 10*” list has informed information security professionals for many years about most critical web application vulnerabilities. This course will train and sharpen your skills to make sure you have the proper knowledge and hands-on experience to identify and mitigate these specific challenges.
Within the state-of-the-art Cybersecurity Nexus (CSX) training platform, this course will help you:
- Understand how each of these vulnerabilities puts an organization at risk.
- Identify if your organization is facing a threat event.
- Mitigate risk before—and minimize impact if—a threat event takes place.
- Practice in an immersive live network environment with real vulnerabilities as each lab goes over the intricacies of each vulnerability.
- Six-month access to train and test on your schedule, 24/7.
Continuing Professional Education (CPE) Credit Count: 24
* The Open Web Application Security Project (OWASP) is a global organization that is dedicated to driving visibility and evolution in the safety and security of the world’s software. ISACA does not claim affiliation with OWASP in the creation of course content.
This course includes:
Ten lessons with hands-on labs that focus on each of the OWASP Top 10 Critical Web Application Security Risks, plus two bonus “Challenge” labs that test your new skills.
Lesson and
Lab Injection
Lesson objectives:
- Understand how systems are vulnerable to injection
attacks
- Know the different types of injection attacks
- Understand how to protect from injection attacks
Instructional Lab: Injection Vulnerability
- Identify an injection vulnerability
present on a simulated organization’s system of
responsibility.
Lesson and
Lab Broken Authentication
Lesson objectives:
- Understand what constitutes a broken
authentication
- Know how to identify if an application is
vulnerable to broken authentication
- Understand how to mitigate and prevent broken
authentications
Instructional Lab: Broken Authentication
- Identify a broken authentication capability within
an organizational application. Once identified,
take action to exploit the vulnerability.
Lesson and
Lab Sensitive Data Exposure
Lesson objectives:
- Know how to identify sensitive data
- Determine if the information should be exposed or
protected
- Understand how to appropriately protect sensitive
data
Instructional Lab: Sensitive Data Exposure
- Enter an environment wherein key organizational
data is incorrectly protected. Identify the
exposed sensitive data and take steps to protect it
from potential misuse
Lesson and
Lab XML External Entities (XXE)
Lesson objectives:
- Understand how threat agents exploit vulnerable
XML processors
- Know how to identify if an application is
vulnerable to XXE
- Understand how to prevent potential XXE
exploitations
Instructional Lab: XML External Entities
- Identify a potential XXE exploitation on a network
of responsibility and test the exploit on the
vulnerable XML processors.
Lesson and
LabBroken Access Control
Lesson objectives:
- Understand the elements which make broken access
control exploitable
- Know how to identify potential access control
bypasses
- Understand how to harden access control mechanisms
for an organization
Instructional Lab: Broken Access Control
- Identify potential broken access mechanisms within
the environment, leveraging them to gain access to
a system, and then harden the system from
additional implementation of the access control.
Lesson and
LabSecurity Misconfiguration
Lesson objectives:
- Understand the dangers presented with
misconfigured systems and networks
- Understand examples of misconfigurations which can
make a system vulnerable to exploitation
- Know how to reconfigure certain system
applications to increase security
Instructional Lab: Security Misconfiguration
- Identify specific misconfigured applications within
a live environment which, when exploited, will
give attackers greater influence over a network.
Lesson and
LabCross-Site Scripting (XSS)
Lesson objectives:
- Understand the different forms of XSS
- Understand how XSS can exploit a user system
- Know how to prevent XSS
Instructional Lab: Cross-Site Scripting (XSS)
- Identify a poorly configured site which performs
XSS attacks against user browsers, then implement
mechanisms to prevent XSS on an application under
their purview.
Lesson and
LabInsecure Deserialization
Lesson objectives:
- Understand the two primary types of
deserialization attacks
- Understand which types of applications leverage
serialization
- Learn how to prevent deserialization attacks
Instructional Lab: Insecure Deserialization
- Identify applications with potential insecure
deserialization vulnerabilities. Take action to
test the vulnerability to see if the environment is
susceptible.
Lesson and
LabUsing Components with Known Vulnerabilities
Lesson objectives:
- Understand characteristics which indication
potentially vulnerable applications
- Know the importance of testing for vulnerabilities
- Understand how to prevent potential compromise
through implementing proven applications
Instructional Lab: Insecure Deserialization
- Identify applications which are potentially
vulnerable to exploitation, take action to address
the vulnerabilities and harden the system.
Lesson and
LabInsufficient Logging and Monitoring
Lesson objectives:
- Understand the importance of log monitoring
- Understand how inattentive administrators miss
attacks
- Know how to prevent poor logging mechanisms within
an infrastructure
Instructional Lab: Insecure Deserialization
- Identify a misconfigured event logger and identify
key events which required should have been
escalated. Reconfigure the logger to ensure
appropriate notification and logging occurs.
Challenge
LabInjection Challenge
CHALLENGE LAB
- As a web app penetration tester, it will be your responsibility to apply learned skills and techniques in order to complete an injection-based web app security challenge.
Challenge
LabAuthentication & Security Misconfiguration Challenge
CHALLENGE LAB
- Using knowledge from the Broken Authentication (#2) and Security Misconfigurations (#6) labs, complete this final challenge lab!