• No products in the cart.

ratings 

This series of quick, hard-hitting sessions sets the context and charges through each of the OWASP vulnerabilities. Each virtual, instructor-led session provides a solid set of information for developers, testers, and other stakeholders about understanding, identifying, and mitigating a vulnerability. These short, intense sessions maximize the flow of information in an effective and interactive manner.

PRIVATE
Course Access

Unlimited Duration

Last Updated

March 11, 2021

Students Enrolled

Total Reviews

Posted by
Certification

In this course you will learn about:

· The mechanism by which the vulnerability is exploited. Often the exploitability of a vulnerability is rooted in an underlying pattern that is valid across many technologies and architectures.

· The prevalence of the vulnerability, including characteristics to focus on during design and code reviews to help detect potential issues.

· The potential consequences of a successful exploit.

· The measures that can be taken to eliminate, prevent, or minimize the risk of an exploited vulnerability.

· The relative effectiveness of scanners and other tools in detecting the vulnerability being discussed.

· Generic and code-specific references that can be utilized after the session.

Course Curriculum

    • Security: The Complete Picture 00:00:00
    • Attack Patterns 00:00:00
    • Anthem, Dell, Target, Equifax, and Marriot Debriefs 00:00:00
    • Verizon’s 2019 Data Breach Report 00:00:00
    • Assumptions We Make 00:00:00
    • Recognizing Assets 00:00:00
    • Introduction to OWASP Top 10 00:00:00
    • Injection Flaws 00:00:00
    • Examples: SQL Injection 00:00:00
    • Drill Down on Stored Procedures 00:00:00
    • Understanding the Underlying Problem 00:00:00
    • Other Forms of Injection 00:00:00
    • Minimizing Injection Flaws 00:00:00
    • Potential Demonstration: Defending Against SQL Injection 00:00:00
    • Weak Authentication Data 00:00:00
    • Protecting Authentication Data 00:00:00
    • Protecting Authentication Services 00:00:00
    • Effective Credential Management 00:00:00
    • Effective Multi-Factor Authentication 00:00:00
    • Handling Passwords on Server Side 00:00:00
    • Potential Demonstration: Defending Authentication 00:00:00
    • Protecting Data Can Mitigate Impact of Exploit 00:00:00
    • Regulatory Considerations 00:00:00
    • Establishing an Asset Inventory 00:00:00
    • At Rest Data Handling 00:00:00
    • In Motion Data Handling 00:00:00
    • In Use Data Handling 00:00:00
    • Potential Demonstration: Defending Sensitive Data 00:00:00
    • Recognizing XML Processing: Direct, REST, SOAP, etc. 00:00:00
    • Challenges of Safe XML Parsing 00:00:00
    • Managing External Entity Resolution 00:00:00
    • XSLT Processing Challenges 00:00:00
    • Safe XML Processing 00:00:00
    • Potential Demonstration: Safe XML Processing 00:00:00
    • Access Control and Trust Boundaries 00:00:00
    • Excessive Privileges 00:00:00
    • Insufficient Flow Control 00:00:00
    • Unprotected API Resource Access 00:00:00
    • JWTs, Sessions and Session Management 00:00:00
    • Single Sign-on (SSO) 00:00:00
    • Potential Demonstration: Enforcing Access Control 00:00:00
    • System Hardening: IA Mitigation 00:00:00
    • Application Whitelisting 00:00:00
    • Principle of Least Privileges in Real Terms 00:00:00
    • Secure Configuration Baseline 00:00:00
    • Error-Handling Issues 00:00:00
    • XSS Patterns 00:00:00
    • Stored XSS 00:00:00
    • Reflected XSS 00:00:00
    • DOM XSS 00:00:00
    • Best Practices for Untrusted Data 00:00:00
    • Potential Demonstration: Defending Against XSS 00:00:00
    • Recognizing Serialization in Java, JSON.Net and Elsewhere 00:00:00
    • Deserializing Hostile Objects 00:00:00
    • Safely Managing Deserialization 00:00:00
    • A9: Using Components with Known Vulnerabilities 00:00:00
    • Maintaining Software Inventory 00:00:00
    • Awareness of Vulnerabilities, Updates, and Patches 00:00:00
    • Managing Versions, Updates, and Patches 00:00:00
    • Reducing Software Risks 00:00:00
    • Fingerprinting a Web Site 00:00:00
    • Recognizing When and What to Log 00:00:00
    • Logging in Support of Forensics 00:00:00
    • Monitoring and Alerting 00:00:00
    • Responding to Alerts 00:00:00
    • Strength Training: Project Teams/Developers 00:00:00
    • Strength Training: IT Organizations 00:00:00
    • OWASP ASVS 00:00:00
    • Leveraging Common AppSec Practices and Controls 00:00:00
    • Types of Security Controls 00:00:00
    • Attack Phases 00:00:00
    • Threat Modelling Overview 00:00:00
    • Modeling Assets, Trust Boundaries, and Data Flows 00:00:00
    • Relating Threats to Model Mitigating Threats 00:00:00

    Course Reviews

    Profile Photo
    ashar hafeez
    0
    62

    Students

    About Instructor

    Pak

    Course Events

    [wplms_eventon_events]

    More Courses by Insturctor

    © 2021 Ernesto.  All rights reserved.  
    X