Course: OWASP Top 10

$109.00
$131.89 incl. vat
ADD_TO_CART_INFO_FOR_BUSINESS

duration: 7 hours |

Language: English (US) |

access duration: 90 days |

In Onbeperkt Leren

Details

In this OWASP training course you get an introduction about the OWASP project and the OWASP top 10. The course is specifically developed in regards to the 10 threats. You will learn to identify these threats at an early stage. This course introduces you to the top 10 based on the .NET Framework.

Result

After completing this course you are familiar with the OWASP Top 10.

Prerequisites

There is no specific knowledge required.

Target audience

Security Specialist

Content

OWASP Top 10

7 hours

Introduction to OWASP and the Top 10

  • start the course
  • describe the history of the OWASP Project
  • describe the OWASP Top 10 list and recognize its patterns in your own applications
  • describe how the A1 exploit works in practice
  • identify what the A1 exploit relies on to work
  • describe how the A2 exploit works in practice
  • identify what the A2 exploit relies on to work
  • describe how the A3 exploit works in practice
  • identify what the A3 exploit relies on to work
  • describe how the A4 exploit works in practice
  • identify what the A4 exploit relies on to work
  • describe how the A5 exploit works in practice
  • identify what the A5 exploit relies on to work
  • describe how the A6 exploit works in practice
  • identify what the A6 exploit relies on to work
  • describe how the A7 exploit works in practice
  • identify what the A7 exploit relies on to work
  • describe how the A8 exploit works in practice
  • identify what the A8 exploit relies on to work
  • describe how the A9 exploit works in practice
  • identify what the A9 exploit relies on to work
  • describe how the A10 exploit works in practice
  • identify what the A10 exploit relies on to work
  • compare authentication and authorization
  • define the Defense in Depth principle
  • identify the OWASP Top 10 exploits in a real-world scenario

OWASP Mitigations for .NET

  • start the course
  • recognize how error message handling can be exploited and how to deal with this
  • recognize how to encrypt relevant sections of the .NET configuration files
  • recognize how to handle security when using NuGet packages
  • describe when and how to use encryption in .NET
  • recognize how asymmetric encryption works in .NET
  • describe how to mitigate against command injection at the base .NET Framework level
  • describe SQL Injection and how to mitigate against it
  • identify the SQL Server authentication models
  • identify mitigations to Insecure Direct Object Reference at the database level
  • describe password hashing and its application
  • describe how inadequately releasing types can lead to Denial of Service
  • describe CORS Preflight requests and how to secure them in ASP.NET Web API
  • recognize where and how to implement authorization in ASP.NET Web API
  • recognize where and how to implement authorization in WCF
  • identify the authentication types in web-hosted .NET projects and configure them in IIS and in configuration files
  • recognize the impacts of various web.config file settings
  • describe SSL/HTTPS security
  • describe how to mitigate web parameter tampering in ASP.NET MVC and JavaScript
  • describe JavaScript behaviors that can lead to security breaches and how to mitigate against them
  • describe how to appropriate encode output into a page to avoid script injection, XSS, and other exploits
  • recognize how the built-in validation capabilities in ASP.NET and ASP.NET MVC protect against attacks
  • describe how session state works in ASP.NET and ASP.NET MVC
  • implement password policies in ASP.NET and ASP.NET MVC
  • describe multi-factor authentication and how it can be implemented in ASP.NET MVC
  • list appropriate approaches to capturing, storing, validating, and resetting user passwords
  • describe the HttpOnly Cookie Flag and how to apply it in ASP.NET and ASP.NET MVC
  • use the Microsoft Anti-cross Site Scripting Library
  • implement authorization in ASP.NET MVC
  • allow your users to authenticate against external login providers like Microsoft, Twitter, Facebook and Google
  • identify mitigations for OWASP Top 10 violations in a given scenario

Course options

We offer several optional training products to enhance your learning experience. If you are planning to use our training course in preperation for an official exam then whe highly recommend using these optional training products to ensure an optimal learning experience. Sometimes there is only a practice exam or/and practice lab available.

Optional practice exam (trial exam)

To supplement this training course you may add a special practice exam. This practice exam comprises a number of trial exams which are very similar to the real exam, both in terms of form and content. This is the ultimate way to test whether you are ready for the exam. 

Optional practice lab

To supplement this training course you may add a special practice lab. You perform the tasks on real hardware and/or software applicable to your Lab. The labs are fully hosted in our cloud. The only thing you need to use our practice labs is a web browser. In the LiveLab environment you will find exercises which you can start immediatelyThe lab enviromentconsist of complete networks containing for example, clients, servers,etc. This is the ultimate way to gain extensive hands-on experience. 

WHY_ICTTRAININGEN

Via ons opleidingsconcept bespaar je tot 80% op trainingen

Start met leren wanneer je wilt. Je bepaalt zelf het gewenste tempo

Spar met medecursisten en profileer je als autoriteit in je vakgebied.

Ontvang na succesvolle afronding van je cursus het officiële certificaat van deelname van Icttrainingen.nl

Krijg inzicht in uitgebreide voortgangsinformatie van jezelf of je medewerkers

Kennis opdoen met interactieve e-learning en uitgebreide praktijkopdrachten door gecertificeerde docenten

Orderproces

Once we have processed your order and payment, we will give you access to your courses. If you still have any questions about our ordering process, please refer to the button below.

frequently asked quesions

What is included?

Certificate of participation Yes
Monitor Progress Yes
Award Winning E-learning Yes
Mobile ready Yes
Sharing knowledge Unlimited access to our IT professionals community
Study advice Our consultants are here for you to advice about your study career and options
Study materials Certified teachers with in depth knowledge about the subject.
Service World's best service

Platform

Na bestelling van je training krijg je toegang tot ons innovatieve leerplatform. Hier vind je al je gekochte (of gevolgde) trainingen, kan je eventueel cursisten aanmaken en krijg je toegang tot uitgebreide voortgangsinformatie.

Life Long Learning

Follow multiple courses? Read more about our Life Long Learning concept

read more

Contact us

Need training advise? Contact us!


contact