Grootste online IT opleider

Beste klantenservice

Veel e-learning in prijs verlaagd

Na betaling, direct starten

Training: OWASP Top 10

€ 279,00
€ 337,59 Incl. BTW

Bestellen namens een bedrijf?

Duur: 19 uur |

Taal: Engels (US) |

Online toegang: 180 dagen |

In Onbeperkt Leren

Gegevens

OWASP is een internationale organisatie die zich richt op het verbeteren van softwarebeveiliging. In deze online training ga je van start met een introductie over de software ontwikkelingstools die kunnen zorgen voor de ontwikkeling van veilige webapplicaties, waaronder OWASP ZAP, Burp Suite en OWASP ESAPI.

Vervolgens duik je diepgaand in de OWASP top 10 van de meest kritieke beveiligingsrisico’s, namelijk:

  • Injectie
  • Defecte authenticatie
  • Blootstelling gevoelige gegevens
  • XML External Entities
  • Verbroken Toegangscontrole
  • Foutieve beveiligingsconfiguratie
  • Cross-Site Scripting
  • Onveilige deserialisatie
  • Gebruik van componenten met bekende kwetsbaarheden
  • Onvoldoende Logging en Monitoring

Ten slotte ga je met kwetsbaarheden in webapplicaties aan de slag. Zo leer je bijvoorbeeld reconnaissance methoden gebruiken en leer je hoe je aanvallen kan uitvoeren zoals XSS,CSRF en injectie.

Resultaat

Na succesvolle afronding van deze training ben je in staat om de OWASP top 10 kwetsbaarheden in webapplicaties te identificeren.

Voorkennis

Je beschikt over een basiskennis op het gebied van webbeveiliging.

Doelgroep

Webontwikkelaar, Securityspecialist

Inhoud

OWASP Top 10

19 uur

OWASP Top 10: Web Application Security

  • Web applications are ubiquitous in today's computing world. In

  • this course, you'll learn about software developer tools that can
  • result in secure web application creation. You'll learn about
  • server-side and client-side code, as well how to scan a web app for
  • vulnerabilities using OWASP ZAP and Burp Suite. Next, you’ll
  • explore secure coding using the OWASP ESAPI. Moving on, you’ll
  • examine how to enable the Metasploitable intentionally vulnerable
  • web app virtual machine. You'll also learn about different types of
  • software testing methodologies and the difference between
  • vulnerability scanning and penetration testing. Lastly, you'll
  • learn how to deploy a web application firewall in the Microsoft
  • Azure cloud.

OWASP Top 10: A1 - Injection

  • Many web applications accept input from either external data

  • sources or app users. In this course, you'll learn about various
  • types of injection attacks such as SQL and command injections. You
  • will learn how malicious users submit malicious code or commands to
  • a web app for execution by the web server stack. Next, you'll learn
  • how to test a web app for injection vulnerabilities using the OWASP
  • ZAP tool. Next, you’ll set low security for a vulnerable web
  • application tool in order to allow the execution of injection
  • attacks. Next, you'll execute various types of injection attacks
  • against a web application. Lastly, you will learn how to mitigate
  • injection attacks using techniques such as input validation and
  • input sanitization.

OWASP Top 10: A2 - Broken Authentication

  • Hardening user and device authentication can go a long way in

  • securing web applications. In this course, you'll start by learning
  • the difference between authentication and authorization, where
  • authorization follows successful authentication. You'll also learn
  • how authentication and authorization are related to web application
  • security. Next, you'll explore how to hash and encrypt user
  • credentials and harden user accounts through Microsoft Group
  • Policy. You'll then examine how to use freely available tools to
  • crack user credentials in various ways, such as using the John the
  • Ripper tool to pass Linux passwords and the Hydra tool to crack RDP
  • passwords. Lastly, you'll learn how to enable user multi-factor
  • authentication and conditional access policies, as well as how to
  • mitigate weak authentication.

OWASP Top 10: A3 - Sensitive Data Exposure

  • Data is one of the most valuable assets to an organization and

  • must be protected in accordance with applicable laws, regulations,
  • and security standards. In this course, you'll learn about attacks
  • that compromise sensitive data, as well as how to classify
  • sensitive data using a variety of methods. Next, you'll examine how
  • to hash files in Windows and Linux, along with various methods of
  • file encryption for Windows devices. You'll then explore the PKI
  • hierarchy and how to use a certificate to secure a web application
  • with HTTPS. Lastly, you'll learn how to configure IPsec, encrypt
  • cloud storage, and mitigate sensitive data attacks.

OWASP Top 10: A4 - XML External Entities

  • Extensible Markup Language uses tags to describe data and has

  • become the standard information exchange format between dissimilar
  • systems. Many applications use XML to share and manage data. In
  • this course, you'll begin with an XML overview, including document
  • type definitions and how XML differs from HTML. Next, you’ll learn
  • what XML external entity attacks are. Moving on, you'll examine how
  • the OWASP ZAP tool can scan a vulnerable web application and
  • identify weaknesses. Next, you'll explore how to scan a web app for
  • XXE vulnerabilities and execute an XXE attack. Lastly, you'll learn
  • how to mitigate XXE attacks.

OWASP Top 10: A5 - Broken Access Control

  • Resource authorization occurs after successful authentication.

  • Resources include objects such as files, folders, web apps, storage
  • accounts, virtual machines, and so on. In this course, you'll learn
  • about various resource access control models including MAC, DAC,
  • and RBAC. Next, you'll examine how broken access control attacks
  • occur. You'll then explore HTTP methods, as well as how to set file
  • system permissions in Windows and Linux, assign permissions to
  • code, and digitally sign a PowerShell script. Lastly, you'll learn
  • about identify federation, how to execute broken access control
  • attacks, and how to mitigate broken access control attacks.

OWASP Top 10: A6 - Security Misconfiguration

  • Modern on-premises and cloud networks consist of many types of

  • network devices, hosts, and services. Each of these must be
  • configured and monitored to ensure continued compliance with
  • organization security policies. In this course, you'll learn about
  • various types of security misconfigurations, including using
  • default credentials, leaving unnecessary services running, and
  • exposing services unnecessarily to the Internet. Next, you'll
  • explore application container management, including how to pull
  • containers from Docker Hub and then start them. Moving on, you'll
  • examine how containers relate to security, how to harden security
  • settings through Group Policy, and how to manage software updates
  • on-premises and in the cloud.

OWASP Top 10: A7 - Cross-site Scripting

  • Most web apps accept some kind of input, whether from users or

  • through other automated means. All app input must be treated as
  • untrusted and must be vigorously validated to ensure application
  • and data integrity. In this course, you'll learn the difference
  • between Java and JavaScript, as well as what cross-site scripting
  • is and how it can compromise a web site and its visitors. Next,
  • you'll learn how to execute various XSS attacks against an
  • intentionally vulnerable virtual machine, including through web
  • forms. You'll also explore how to use XSS to hijack a user web
  • browser and how to mitigate XSS attacks.

OWASP Top 10: A8 - Insecure Deserialization

  • Object-oriented programming is common when writing scripts, as

  • well as during software development. OOP treats items as objects
  • that have properties and methods, as opposed to treating command
  • output as a simple string. In this course, you'll learn about OOP
  • along with some syntax examples. You'll explore how programming
  • objects become serialized and deserialized and how this can present
  • a security risk to web applications. Next, you'll examine how
  • deserialization works in PowerShell, as well as how to execute a
  • deserialization attack against an intentionally vulnerable web
  • application. Lastly, you'll learn how to prevent deserialization
  • attacks from succeeding.

OWASP Top 10: A9 - Using Components with Known Vulnerabilities

  • Software developers often use existing third-party APIs and

  • software components instead of recreating the wheel, so to speak.
  • This reduces development time and time to market for software
  • products. In this course, you'll learn that only trusted APIs and
  • components should be used, that developers must truly understand
  • how these items work, and that they must be kept up-to-date. Next,
  • you'll learn about the Heartbleed Bug and how to view components in
  • Microsoft Visual Studio. You'll then examine how security must
  • apply to all aspects of Continuous Integration and Continuous
  • Delivery. Lastly, you'll explore how to search the shodan.io web
  • site for vulnerable devices and apps.

OWASP Top 10: A10 - Insufficient Logging & Monitoring

  • Modern web applications can consist of many components, which

  • are often running within application containers. Each component
  • must be monitored to detect intrusions. In this course, you'll
  • learn about various ways monitoring can be enabled in Linux on
  • individual hosts, in Windows, and in cloud computing environments.
  • Next, you'll explore how to forward log entries to a central
  • logging host in Linux and in Windows. You'll then learn how to
  • monitor cloud-based web application performance. Moving on, you’ll
  • examine how to download and configure the Snort IDS by creating IDS
  • rules for Telnet and ICMP network traffic. Lastly, you'll learn how
  • to analyze packet captures for suspicious activity and mitigate
  • monitoring deficiencies.

OWASP Top 10: Discovering & Exploiting Web App Vulnerabilities

  • There are almost two billion web sites in the world today. Many

  • of these sites are not sufficiently protected against attacks. In
  • this course, you'll begin by learning how to install a sample
  • vulnerable web application. Next, you'll explore how to use
  • reconnaissance methods, such as nmap scanning and web app scanning
  • using OWASP ZAP, to discover HTTP hosts and vulnerable
  • applications. You'll learn how to execute attacks including XSS,
  • CSRF, file injection, and denial of service. You'll move on to
  • examine how to capture user keystrokes using a hardware keylogger
  • and capture cleartext HTTP transmissions. Lastly, you'll learn how
  • to forge fake TCP/IP packets and then deploy and secure a
  • cloud-hosted web application.

Final Exam: OWASP Top 10 Mitigations

Final Exam: OWASP Top 10 Mitigations will test your knowledge and application of the topics presented throughout the Skillsoft Aspire Web App Vulnerability Analyst Journey.

Opties bij cursus

Wij bieden, naast de training, in sommige gevallen ook diverse extra leermiddelen aan. Wanneer u zich gaat voorbereiden op een officieel examen dan raden wij aan om ook de extra leermiddelen te gebruiken die beschikbaar zijn bij deze training. Het kan voorkomen dat bij sommige cursussen alleen een examentraining en/of LiveLab beschikbaar is.

Examentraining (proefexamens)

In aanvulling op deze training kunt u een speciale examentraining aanschaffen. De examentraining bevat verschillende proefexamens die het echte examen dicht benaderen. Zowel qua vorm als qua inhoud. Dit is de ultieme manier om te testen of u klaar bent voor het examen. 

LiveLab

Als extra mogelijkheid bij deze training kunt u een LiveLab toevoegen. U voert de opdrachten uit op de echte hardware en/of software die van toepassing zijn op uw Lab. De LiveLabs worden volledig door ons gehost in de cloud. U heeft zelf dus alleen een browser nodig om gebruik te maken van de LiveLabs. In de LiveLab omgeving vindt u de opdrachten waarmee u direct kunt starten. De labomgevingen bestaan uit complete netwerken met bijvoorbeeld clients, servers, routers etc. Dit is de ultieme manier om uitgebreide praktijkervaring op te doen.

Waarom Icttrainingen.nl?

Via ons opleidingsconcept bespaar je tot 80% op trainingen

Start met leren wanneer je wilt. Je bepaalt zelf het gewenste tempo

Spar met medecursisten en profileer je als autoriteit in je vakgebied.

Ontvang na succesvolle afronding van je cursus het certificaat van deelname van Icttrainingen.nl

Krijg inzicht in uitgebreide voortgangsinformatie van jezelf of je medewerkers

Kennis opdoen met interactieve e-learning en uitgebreide praktijkopdrachten door gecertificeerde docenten

Bestelproces

Zodra wij uw order en betaling hebben verwerkt, zetten wij uw trainingen klaar en kunt u aan de slag. Heeft u toch nog vragen over ons orderproces kunt u onderstaande button raadplegen.

lees meer over het orderproces

hoe werkt aanvragen met STAP

Wat is inbegrepen?

Certificaat van deelname ja
Voortgangsbewaking ja
Award Winning E-learning ja
Geschikt voor mobiel ja
Kennis delen Onbeperkte toegang tot onze community met IT professionals
Studieadvies Onze consultants zijn beschikbaar om je te voorzien van studieadvies
Studiemateriaal Gecertificeerde docenten met uitgebreide kennis over de onderwerpen
Service Service via chat, telefoon, e-mail (razendsnel)

Platform

Na bestelling van je training krijg je toegang tot ons innovatieve leerplatform. Hier vind je al je gekochte (of gevolgde) trainingen, kan je eventueel cursisten aanmaken en krijg je toegang tot uitgebreide voortgangsinformatie.

Life Long Learning

Meerdere cursussen volgen? Misschien is ons Life Long Learning concept wel wat voor u

lees meer

Neem contact op

Studieadvies nodig? Neem contact op!


Contact