Hackers routinely exploit web applications, especially as more services move to the cloud, despite the fact companies can easily fix most vulnerabilities within web applications before releasing their code to the wild. The “Web Application Exploitation” course teaches students about the most common web vulnerabilities (OWASP Top 10) in modern web applications, why they often exist, and several methods to test for their existence.
Each module has video lecture content introducing exploitation concepts to explain why the vulnerabilities exist, and how hackers exploit them. Each module also includes an immersive hands-on lab component, in which the student has the chance to exploit each vulnerability, using the vulnerable Mutillidae framework. Finally, the course encourages students to engage in a dynamic “capstone lab” designed to test the students’ ability to exploit a novel web application leveraging vulnerabilities identified in the OWASP Top 10.
Upon completion of this course, the student will understand how to identify and exploit common vulnerabilities present in modern web applications, and they will gain valuable real-world skills and abilities through a series of challenging hands-on web application exploitation exercises and scenarios.
They will understand the underlying issues enabling these vulnerabilities to exist, and the general principles for fixing them in a web application.
To define the top ten vulnerabilities that are common to web applications. Analyze a simple web application to search for the presence of the top ten web vulnerabilities. Identify techniques to mitigate the presence of the top ten web vulnerabilities.
Introduction To OWASP Top Ten: A1 - Injection
Introduction To OWASP Top Ten: A2 - Broken Authentication
Introduction To OWASP Top Ten: A3 - Sensitive Data Exposure
Introduction To OWASP Top Ten: A4 - XML External Entities
Introduction To OWASP Top Ten: A5 - Broken Access Control
Introduction To OWASP Top Ten: A6 - Security Misconfiguration
Introduction To OWASP Top Ten: A7 - Cross Site Scripting
Introduction To OWASP Top Ten: A8 - Insecure Deserialization
Introduction To OWASP Top Ten: A9 - Using Components With Known Vulnerabilities
Introduction To OWASP Top Ten: A10 - Insufficient Logging and Monitoring
Estimated Course Length: 9 hours.