Software Craftsmanship - OWASP Top 10 - IT & Software

OWASP Top 10: A01:2021-Broken Access Control

Price on Request 1 hour 15 minutes

Resource authorization occurs after successful authentication. Resources include objects such as files, folders, web apps, storage accounts, virtual machines, and more. In this course, learn about various resource access control models, including mandatory (MAC), discretionary (DAC), role-based (RBAC), and attribute-based access control (ABAC). Next, examine how broken access control attacks occur and how HTTP requests and responses interact with web applications. Discover how to set file system permissions in Windows and Linux, assign permissions to code, and digitally sign a PowerShell script. Finally, explore identity federation and how to execute and mitigate broken access control attacks. Upon completion, you'll be able to harden resource access to mitigate broken access control attacks.

Perks of Course

Certificate: Yes

CPD Points: 73

Compliance Standards: AICC

OWASP Top 10: A02:2021-Cryptographic Failures

Price on Request 1 hour 25 minutes

Data is one of the most valuable assets to an organization and must be protected in accordance with applicable laws, regulations, and security standards. In this course, learn about cryptographic failure attacks that compromise sensitive data and how to classify sensitive data. Next, examine how to hash files in Windows and Linux and encrypt files for Windows devices. Then, explore the public key infrastructure (PKI) hierarchy and learn how to use a certificate to secure a web application with HTTPS. Finally, learn how to configure IPsec, encrypt cloud storage, and mitigate sensitive data attacks. Upon completion, you'll be able to protect sensitive data with security controls and classify and encrypt data at rest.

Perks of Course

Certificate: Yes

CPD Points: 86

Compliance Standards: AICC

OWASP Top 10: A03:2021-Injection

Price on Request 1 hour 5 minutes

Many web applications accept input from either external data sources or app users. In this course, learn about the types of injection attacks and how malicious users submit malicious code or commands to a web app for execution by the web server stack. Next, practice testing a web app for injection vulnerabilities using the OWASP ZAP tool, setting low security for a vulnerable web app tool, and executing injection attacks against a web app. Finally, discover how to mitigate injection attacks using input validation and input sanitization. Upon completion, you'll be able to identify and mitigate web app injection attacks.

Perks of Course

Certificate: Yes

CPD Points: 66

Compliance Standards: AICC

OWASP Top 10: A04:2021-Insecure Design

Price on Request 40 minutes

Today's web applications combine software code and resultant data, with the trustworthiness of both resulting in a secure trusted application. There are many planning strategies and tools that can ensure software and data integrity. In this course, explore IT supply chain security, how to deploy Linux updates, and how to configure a Windows Server Update Services (WSUS) host. Next, examine object-oriented programming (OOP) and how it is related to insecure deserialization attacks. Finally, learn how to use the OWASP Dependency-Check tool to verify that publicly disclosed vulnerabilities are not present in a project's dependencies. Upon completion, you'll be able to ensure that the design of a web application includes business requirements and related security controls.

Perks of Course

Certificate: Yes

CPD Points: 38

Compliance Standards: AICC

OWASP Top 10: A05:2021-Security Misconfiguration

Price on Request 50 minutes

Modern on-premises and cloud networks consist of many types of network devices, hosts, and services. Each of these must be configured and monitored to ensure continued compliance with organizational security policies. In this course, learn about security misconfiguration attack criteria, including using default credentials, leaving unnecessary services running, and exposing services unnecessarily to the Internet. Next, explore application container management, including how to pull containers from Docker Hub and start them. Finally, examine how containers relate to security, how to harden security settings through Group Policy, and how to manage software updates on-premises and in the cloud. Upon completion, you'll be able to detect security misconfigurations and deploy solutions to rectify weaknesses.

Perks of Course

Certificate: Yes

CPD Points: 49

Compliance Standards: AICC

OWASP Top 10: A06:2021-Vulnerable & Outdated Components

Price on Request 40 minutes

Software developers often use existing third-party APIs and software components. This reduces development time and the time to market for software products. In this course, learn about trusted APIs and components, including when they are used, how developers must truly understand how these items work, and how they must be kept up to date. Next, examine the Heartbleed Bug and how to view components in Microsoft Visual Studio. Finally, discover how security must apply to all aspects of continuous integration and continuous delivery (CI/CD) and learn how to search the Shodan website for vulnerable devices and apps. Upon completion, you'll be able to recognize the importance of using only trusted third-party APIs and software components during application development.

Perks of Course

Certificate: Yes

CPD Points: 40

Compliance Standards: AICC

OWASP Top 10: A07:2021-Identification & Authentication Failures

Price on Request 1 hour 20 minutes

Hardening user and device authentication can go a long way in securing web applications. In this course, learn the difference between authentication and authorization and how they relate to web application security. Next, explore how to hash and encrypt user credentials and harden user accounts through Microsoft Group Policy and practice using freely available tools to crack user credentials in various ways, including the Hydra tool, Burp Suite, and John the Ripper. Finally, learn how to enable user multi-factor authentication and conditional access policies, as well as how to mitigate weak authentication. Upon completion, you'll be able to recognize how to discover and mitigate authentication vulnerabilities using various tools.

Perks of Course

Certificate: Yes

CPD Points: 78

Compliance Standards: AICC

OWASP Top 10: A08:2021-Software & Data Integrity Failures

Price on Request 1 hour 5 minutes

Today's web applications combine software code and resultant data, with the trustworthiness of both resulting in a secure and trusted application. There are many planning strategies and tools that can ensure software and data integrity. In this course, learn about IT supply chain security, deploying Linux updates, and configuring a Windows Server Update Services (WSUS) host. Next, explore object-oriented programming (OOP) and how it is related to insecure deserialization attacks. Finally, practice ensuring file integrity using file hashing in Windows and Linux and using the OWASP Dependency-Check tool to verify that publicly disclosed vulnerabilities are not present in a project's dependencies. Upon completion, you'll be able to ensure the integrity of software code, dependencies, and resultant data.

Perks of Course

Certificate: Yes

CPD Points: 66

Compliance Standards: AICC

OWASP Top 10: A09:2021-Security Logging & Monitoring Failures

Price on Request 55 minutes

Modern web applications can consist of many components which are often running within application containers. Each component must be monitored to detect intrusions. In this course, learn how monitoring can be enabled in Linux on individual hosts, Windows, and cloud computing environments. Next, explore how to forward log entries to a central logging host in Linux and Windows, monitor cloud-based web application performance, and download and configure the Snort IDS by creating IDS rules. Finally, practice analyzing packet captures for suspicious activity and mitigating monitoring deficiencies. Upon completion, you'll be able to ensure that monitoring is deployed correctly and the timely detection of past security breaches and security incidents in the midst of occurring.

Perks of Course

Certificate: Yes

CPD Points: 57

Compliance Standards: AICC

OWASP Top 10: A1 - Injection

Price on Request 40 minutes

Many web applications accept input from either external data sources or app users. In this course, you'll learn about various types of injection attacks such as SQL and command injections. You will learn how malicious users submit malicious code or commands to a web app for execution by the web server stack. Next, you'll learn how to test a web app for injection vulnerabilities using the OWASP ZAP tool. Next, you'll set low security for a vulnerable web application tool in order to allow the execution of injection attacks. Next, you'll execute various types of injection attacks against a web application. Lastly, you will learn how to mitigate injection attacks using techniques such as input validation and input sanitization.

Perks of Course

Certificate: Yes

CPD Points: 40

Compliance Standards: AICC

OWASP Top 10: A10 - Insufficient Logging & Monitoring

Price on Request 1 hour 5 minutes

Modern web applications can consist of many components, which are often running within application containers. Each component must be monitored to detect intrusions. In this course, you'll learn about various ways monitoring can be enabled in Linux on individual hosts, in Windows, and in cloud computing environments. Next, you'll explore how to forward log entries to a central logging host in Linux and in Windows. You'll then learn how to monitor cloud-based web application performance. Moving on, you'll examine how to download and configure the Snort IDS by creating IDS rules for Telnet and ICMP network traffic. Lastly, you'll learn how to analyze packet captures for suspicious activity and mitigate monitoring deficiencies.

Perks of Course

Certificate: Yes

CPD Points: 66

Compliance Standards: AICC

OWASP Top 10: A10:2021-Server-Side Request Forgery (SSRF)

Price on Request 35 minutes

URLs are endpoints for web services that can be accessed remotely. Server-Side Request Forgery (SSRF) attacks target servers and result from attackers leveraging URLs and vulnerable web applications to access sensitive data. Cross-Site Request Forgery (CSRF) attacks target client devices and perform unauthorized actions using authenticated user sessions with web services. In this course, learn about SSRFs. Next, discover how to scan a network for HTTP hosts using Nmap, execute a Cross-Site Request Forgery (CSRF) attack, and run a Denial of Service (DoS) attack against a web server. Finally, practice mitigating controls for SSRFs. Upon completion, you'll be able to mitigate Cross-Site Request Forgery and Server-Side Request Forgery attacks.

Perks of Course

Certificate: Yes

CPD Points: 37

Compliance Standards: AICC

OWASP Top 10: A2 - Broken Authentication

Price on Request 1 hour 30 minutes

Hardening user and device authentication can go a long way in securing web applications. In this course, you'll start by learning the difference between authentication and authorization, where authorization follows successful authentication. You'll also learn how authentication and authorization are related to web application security. Next, you'll explore how to hash and encrypt user credentials and harden user accounts through Microsoft Group Policy. You'll then examine how to use freely available tools to crack user credentials in various ways, such as using the John the Ripper tool to pass Linux passwords and the Hydra tool to crack RDP passwords. Lastly, you'll learn how to enable user multi-factor authentication and conditional access policies, as well as how to mitigate weak authentication.

Perks of Course

Certificate: Yes

CPD Points: 92

Compliance Standards: AICC

OWASP Top 10: A3 - Sensitive Data Exposure

Price on Request 1 hour 50 minutes

Data is one of the most valuable assets to an organization and must be protected in accordance with applicable laws, regulations, and security standards. In this course, you'll learn about attacks that compromise sensitive data, as well as how to classify sensitive data using a variety of methods. Next, you'll examine how to hash files in Windows and Linux, along with various methods of file encryption for Windows devices. You'll then explore the PKI hierarchy and how to use a certificate to secure a web application with HTTPS. Lastly, you'll learn how to configure IPsec, encrypt cloud storage, and mitigate sensitive data attacks.

Perks of Course

Certificate: Yes

CPD Points: 108

Compliance Standards: AICC

OWASP Top 10: A4 - XML External Entities

Price on Request 30 minutes

Extensible Markup Language uses tags to describe data and has become the standard information exchange format between dissimilar systems. Many applications use XML to share and manage data. In this course, you'll begin with an XML overview, including document type definitions and how XML differs from HTML. Next, you'll learn what XML external entity attacks are. Moving on, you'll examine how the OWASP ZAP tool can scan a vulnerable web application and identify weaknesses. Next, you'll explore how to scan a web app for XXE vulnerabilities and execute an XXE attack. Lastly, you'll learn how to mitigate XXE attacks.

Perks of Course

Certificate: Yes

CPD Points: 31

Compliance Standards: AICC

OWASP Top 10: A5 - Broken Access Control

Price on Request 1 hour 30 minutes

Resource authorization occurs after successful authentication. Resources include objects such as files, folders, web apps, storage accounts, virtual machines, and so on. In this course, you'll learn about various resource access control models including MAC, DAC, and RBAC. Next, you'll examine how broken access control attacks occur. You'll then explore HTTP methods, as well as how to set file system permissions in Windows and Linux, assign permissions to code, and digitally sign a PowerShell script. Lastly, you'll learn about identify federation, how to execute broken access control attacks, and how to mitigate broken access control attacks.

Perks of Course

Certificate: Yes

CPD Points: 91

Compliance Standards: AICC

OWASP Top 10: A6 - Security Misconfiguration

Price on Request 1 hour 5 minutes

Modern on-premises and cloud networks consist of many types of network devices, hosts, and services. Each of these must be configured and monitored to ensure continued compliance with organization security policies. In this course, you'll learn about various types of security misconfigurations, including using default credentials, leaving unnecessary services running, and exposing services unnecessarily to the Internet. Next, you'll explore application container management, including how to pull containers from Docker Hub and then start them. Moving on, you'll examine how containers relate to security, how to harden security settings through Group Policy, and how to manage software updates on-premises and in the cloud.

Perks of Course

Certificate: Yes

CPD Points: 67

Compliance Standards: AICC

OWASP Top 10: A7 - Cross-site Scripting

Price on Request 35 minutes

Most web apps accept some kind of input, whether from users or through other automated means. All app input must be treated as untrusted and must be vigorously validated to ensure application and data integrity. In this course, you'll learn the difference between Java and JavaScript, as well as what cross-site scripting is and how it can compromise a web site and its visitors. Next, you'll learn how to execute various XSS attacks against an intentionally vulnerable virtual machine, including through web forms. You'll also explore how to use XSS to hijack a user web browser and how to mitigate XSS attacks.

Perks of Course

Certificate: Yes

CPD Points: 36

Compliance Standards: AICC

OWASP Top 10: A8 - Insecure Deserialization

Price on Request 20 minutes

Object-oriented programming is common when writing scripts, as well as during software development. OOP treats items as objects that have properties and methods, as opposed to treating command output as a simple string. In this course, you'll learn about OOP along with some syntax examples. You'll explore how programming objects become serialized and deserialized and how this can present a security risk to web applications. Next, you'll examine how deserialization works in PowerShell, as well as how to execute a deserialization attack against an intentionally vulnerable web application. Lastly, you'll learn how to prevent deserialization attacks from succeeding.

Perks of Course

Certificate: Yes

CPD Points: 21

Compliance Standards: AICC

OWASP Top 10: A9 - Using Components with Known Vulnerabilities

Price on Request 30 minutes

Software developers often use existing third-party APIs and software components instead of recreating the wheel, so to speak. This reduces development time and time to market for software products. In this course, you'll learn that only trusted APIs and components should be used, that developers must truly understand how these items work, and that they must be kept up-to-date. Next, you'll learn about the Heartbleed Bug and how to view components in Microsoft Visual Studio. You'll then examine how security must apply to all aspects of Continuous Integration and Continuous Delivery. Lastly, you'll explore how to search the shodan.io web site for vulnerable devices and apps.

Perks of Course

Certificate: Yes

CPD Points: 30

Compliance Standards: AICC

OWASP Top 10: Discovering & Exploiting Web App Vulnerabilities

Price on Request 1 hour 20 minutes

There are almost two billion web sites in the world today. Many of these sites are not sufficiently protected against attacks. In this course, you'll begin by learning how to install a sample vulnerable web application. Next, you'll explore how to use reconnaissance methods, such as nmap scanning and web app scanning using OWASP ZAP, to discover HTTP hosts and vulnerable applications. You'll learn how to execute attacks including XSS, CSRF, file injection, and denial of service. You'll move on to examine how to capture user keystrokes using a hardware keylogger and capture cleartext HTTP transmissions. Lastly, you'll learn how to forge fake TCP/IP packets and then deploy and secure a cloud-hosted web application.

Perks of Course

Certificate: Yes

CPD Points: 78

Compliance Standards: AICC

OWASP Top 10: Securing Web Applications

Price on Request 1 hour 25 minutes

Web applications are ubiquitous in today's computing world, and many software development tools are available to help with secure web app creation. In this course, examine different software development tools and explore server-side and client-side code. Next, learn how to scan web apps for vulnerabilities using OWASP ZAP and Burp Suite, write secure code, and enable the Metasploitable intentionally vulnerable web app virtual machine. Finally, compare the different types of software testing methodologies, learn the difference between vulnerability scanning and penetration testing, and discover how web application firewalls (WAFs) protect web apps from common attacks. Upon completion, you'll be able to recognize the key components of secure web app creation and the purpose of the Open Web Application Security Project (OWASP).

Perks of Course

Certificate: Yes

CPD Points: 87

Compliance Standards: AICC

OWASP Top 10: Web Application Security

Price on Request 1 hour 35 minutes

Web applications are ubiquitous in today's computing world. In this course, you'll learn about software developer tools that can result in secure web application creation. You'll learn about server-side and client-side code, as well how to scan a web app for vulnerabilities using OWASP ZAP and Burp Suite. Next, you'll explore secure coding using the OWASP ESAPI. Moving on, you'll examine how to enable the Metasploitable intentionally vulnerable web app virtual machine. You'll also learn about different types of software testing methodologies and the difference between vulnerability scanning and penetration testing. Lastly, you'll learn how to deploy a web application firewall in the Microsoft Azure cloud.

Perks of Course

Certificate: Yes

CPD Points: 97

Compliance Standards: AICC

Software Craftsmanship - OWASP Top 10 (Online Courses)

Price on Request

OWASP Top 10: A01:2021-Broken Access Control

Perks of Course

OWASP Top 10: A02:2021-Cryptographic Failures

Perks of Course

OWASP Top 10: A03:2021-Injection

Perks of Course

OWASP Top 10: A04:2021-Insecure Design

Perks of Course

OWASP Top 10: A05:2021-Security Misconfiguration

Perks of Course

OWASP Top 10: A06:2021-Vulnerable & Outdated Components

Perks of Course

OWASP Top 10: A07:2021-Identification & Authentication Failures

Perks of Course

OWASP Top 10: A08:2021-Software & Data Integrity Failures

Perks of Course

OWASP Top 10: A09:2021-Security Logging & Monitoring Failures

Perks of Course

OWASP Top 10: A1 - Injection

Perks of Course

OWASP Top 10: A10 - Insufficient Logging & Monitoring

Perks of Course

OWASP Top 10: A10:2021-Server-Side Request Forgery (SSRF)

Perks of Course

OWASP Top 10: A2 - Broken Authentication

Perks of Course

OWASP Top 10: A3 - Sensitive Data Exposure

Perks of Course

OWASP Top 10: A4 - XML External Entities

Perks of Course

OWASP Top 10: A5 - Broken Access Control

Perks of Course

OWASP Top 10: A6 - Security Misconfiguration

Perks of Course

OWASP Top 10: A7 - Cross-site Scripting

Perks of Course

OWASP Top 10: A8 - Insecure Deserialization

Perks of Course

OWASP Top 10: A9 - Using Components with Known Vulnerabilities

Perks of Course

OWASP Top 10: Discovering & Exploiting Web App Vulnerabilities

Perks of Course

OWASP Top 10: Securing Web Applications

Perks of Course

OWASP Top 10: Web Application Security

Perks of Course