Overview

Hackers routinely exploit web applications, especially as more services move to the cloud, despite the fact companies can easily fix most vulnerabilities within web applications before releasing their code to the wild. The “Web Application Exploitation” course teaches students about the most common web vulnerabilities (OWASP Top 10) in modern web applications, why they often exist, and several methods to test for their existence.

Each module has video lecture content introducing exploitation concepts to explain why the vulnerabilities exist, and how hackers exploit them. Each module also includes an immersive hands-on lab component, in which the student has the chance to exploit each vulnerability, using the vulnerable Mutillidae framework. Finally, the course encourages students to engage in a dynamic “capstone lab” designed to test the students’ ability to exploit a novel web application leveraging vulnerabilities identified in the OWASP Top 10.

Upon completion of this course, the student will understand how to identify and exploit common vulnerabilities present in modern web applications, and they will gain valuable real-world skills and abilities through a series of challenging hands-on web application exploitation exercises and scenarios.

They will understand the underlying issues enabling these vulnerabilities to exist, and the general principles for fixing them in a web application.

Objective

To define the top ten vulnerabilities that are common to web applications. Analyze a simple web application to search for the presence of the top ten web vulnerabilities. Identify techniques to mitigate the presence of the top ten web vulnerabilities.

Topics
  • Introduction To OWASP Top Ten: A1 - Injection

  • Introduction To OWASP Top Ten: A2 - Broken Authentication

  • Introduction To OWASP Top Ten: A3 - Sensitive Data Exposure

  • Introduction To OWASP Top Ten: A4 - XML External Entities

  • Introduction To OWASP Top Ten: A5 - Broken Access Control

  • Introduction To OWASP Top Ten: A6 - Security Misconfiguration

  • Introduction To OWASP Top Ten: A7 - Cross Site Scripting

  • Introduction To OWASP Top Ten: A8 - Insecure Deserialization

  • Introduction To OWASP Top Ten: A9 - Using Components With Known Vulnerabilities

  • Introduction To OWASP Top Ten: A10 - Insufficient Logging and Monitoring

Course Duration

Estimated Course Length: 9 hours.


Course Datasheet
PEN300 – OWASP Top 10 Exploitation Bootcamp
Download Datasheet