CSX Immersion: The OWASP Top 10

Train and sharpen your skills related to the OWASP Top 10 web application security vulnerabilities.

Difficulty: Multilevel CSF Domain: All domains


Price represents the non member rate.

Buy Now
or pay later by invoice

CSX Immersion: The OWASP Top 10

The “OWASP Top 10*” list has informed information security professionals for many years about most critical web application vulnerabilities. This course will train and sharpen your skills to make sure you have the proper knowledge and hands-on experience to identify and mitigate these specific challenges.

Within the state-of-the-art Cybersecurity Nexus (CSX) training platform, this course will help you:
  • Understand how each of these vulnerabilities puts an organization at risk.
  • Identify if your organization is facing a threat event.
  • Mitigate risk before—and minimize impact if—a threat event takes place.
  • Practice in an immersive live network environment with real vulnerabilities as each lab goes over the intricacies of each vulnerability.
  • Six-month access to train and test on your schedule, 24/7.
Continuing Professional Education (CPE) Credit Count: 24
* The Open Web Application Security Project (OWASP) is a global organization that is dedicated to driving visibility and evolution in the safety and security of the world’s software. ISACA does not claim affiliation with OWASP in the creation of course content.

This course includes:

Ten lessons with hands-on labs that focus on each of the OWASP Top 10 Critical Web Application Security Risks, plus two bonus “Challenge” labs that test your new skills.

Lesson and Lab Injection

Lesson objectives:
  • Understand how systems are vulnerable to injection attacks
  • Know the different types of injection attacks
  • Understand how to protect from injection attacks
Instructional Lab: Injection Vulnerability
  • Identify an injection vulnerability present on a simulated organization’s system of responsibility.

Lesson and Lab Broken Authentication

Lesson objectives:
  • Understand what constitutes a broken authentication
  • Know how to identify if an application is vulnerable to broken authentication
  • Understand how to mitigate and prevent broken authentications
Instructional Lab: Broken Authentication
  • Identify a broken authentication capability within an organizational application. Once identified, take action to exploit the vulnerability.

Lesson and Lab Sensitive Data Exposure

Lesson objectives:
  • Know how to identify sensitive data
  • Determine if the information should be exposed or protected
  • Understand how to appropriately protect sensitive data
Instructional Lab: Sensitive Data Exposure
  • Enter an environment wherein key organizational data is incorrectly protected. Identify the exposed sensitive data and take steps to protect it from potential misuse

Lesson and Lab XML External Entities (XXE)

Lesson objectives:
  • Understand how threat agents exploit vulnerable XML processors
  • Know how to identify if an application is vulnerable to XXE
  • Understand how to prevent potential XXE exploitations
Instructional Lab: XML External Entities
  • Identify a potential XXE exploitation on a network of responsibility and test the exploit on the vulnerable XML processors.

Lesson and LabBroken Access Control

Lesson objectives:
  • Understand the elements which make broken access control exploitable
  • Know how to identify potential access control bypasses
  • Understand how to harden access control mechanisms for an organization
Instructional Lab: Broken Access Control
  • Identify potential broken access mechanisms within the environment, leveraging them to gain access to a system, and then harden the system from additional implementation of the access control.

Lesson and LabSecurity Misconfiguration

Lesson objectives:
  • Understand the dangers presented with misconfigured systems and networks
  • Understand examples of misconfigurations which can make a system vulnerable to exploitation
  • Know how to reconfigure certain system applications to increase security
Instructional Lab: Security Misconfiguration
  • Identify specific misconfigured applications within a live environment which, when exploited, will give attackers greater influence over a network.

Lesson and LabCross-Site Scripting (XSS)

Lesson objectives:
  • Understand the different forms of XSS
  • Understand how XSS can exploit a user system
  • Know how to prevent XSS
Instructional Lab: Cross-Site Scripting (XSS)
  • Identify a poorly configured site which performs XSS attacks against user browsers, then implement mechanisms to prevent XSS on an application under their purview.

Lesson and LabInsecure Deserialization

Lesson objectives:
  • Understand the two primary types of deserialization attacks
  • Understand which types of applications leverage serialization
  • Learn how to prevent deserialization attacks
Instructional Lab: Insecure Deserialization
  • Identify applications with potential insecure deserialization vulnerabilities. Take action to test the vulnerability to see if the environment is susceptible.

Lesson and LabUsing Components with Known Vulnerabilities

Lesson objectives:
  • Understand characteristics which indication potentially vulnerable applications
  • Know the importance of testing for vulnerabilities
  • Understand how to prevent potential compromise through implementing proven applications
Instructional Lab: Insecure Deserialization
  • Identify applications which are potentially vulnerable to exploitation, take action to address the vulnerabilities and harden the system.

Lesson and LabInsufficient Logging and Monitoring

Lesson objectives:
  • Understand the importance of log monitoring
  • Understand how inattentive administrators miss attacks
  • Know how to prevent poor logging mechanisms within an infrastructure
Instructional Lab: Insecure Deserialization
  • Identify a misconfigured event logger and identify key events which required should have been escalated. Reconfigure the logger to ensure appropriate notification and logging occurs.

Challenge LabInjection Challenge

  • As a web app penetration tester, it will be your responsibility to apply learned skills and techniques in order to complete an injection-based web app security challenge.

Challenge LabAuthentication & Security Misconfiguration Challenge

  • Using knowledge from the Broken Authentication (#2) and Security Misconfigurations (#6) labs, complete this final challenge lab!

Need training for a team? Contact us for group pricing.