PEN300 OWASP Top 10 Exploitation Bootcamp

Course Overview

Hackers routinely exploit web applications, especially as more services move to the cloud, despite the fact companies can easily fix most vulnerabilities within web applications before releasing their code to the wild. The “Web Application Exploitation” course teaches students about the most common web vulnerabilities (OWASP Top 10) in modern web applications, why they often exist, and several methods to test for their existence. Each module has video lecture content introducing exploitation concepts to explain why the vulnerabilities exist, and how hackers exploit them. Each module also includes an immersive hands-on lab component, in which the student has the chance to exploit each vulnerability, using the vulnerable Mutillidae framework. Finally, the course encourages students to engage in a dynamic “capstone lab” designed to test the students’ ability to exploit a novel web application leveraging vulnerabilities identified in the OWASP Top 10. Upon completion of this course, the student will understand how to identify and exploit common vulnerabilities present in modern web applications, and they will gain valuable real-world skills and abilities through a series of challenging hands-on web application exploitation exercises and scenarios. They will understand the underlying issues enabling these vulnerabilities to exist, and the general principles for fixing them in a web application

Objectives

• Define the top ten vulnerabilities that are common to web applications
• Analyze a simple web application to search for the presence of the top ten web vulnerabilities
• Identify techniques to mitigate the presence of the top ten web vulnerabilities

Prerequisite Knowledge

Before taking this course, students should be familiar with:

• Networking applications and protocol analysis
• SQL statements
• Knowledge of Linux command line interface

Estimated Course Length: 9 hours