Web security vulnerabilities are among the trickiest problems tackled by cybersecurity professionals. The Open Web Application Security Project (OWASP) maintains a list of the top 10 web security vulnerabilities that cybersecurity experts should understand and defend against to maintain secure web services. In this video, learn about the top 10 vulnerabilities on the current OWASP list.
- View Offline
- [Narrator] Web security vulnerabilities are among…the trickiest problems tackled…by cyber security professionals.…The Open Web Application Security Project, or OWASP…maintains a list of the top ten web security vulnerabilities…that cyber security experts should understand…and defend against to maintain secure web services.…The current version of the OWASP Top 10 was developed…in 2013 and is currently undergoing revision,…with a new release expected some time in 2017.…
According to OWASP, the Top 10 web security issues…are Injection Attacks,…Broken Authentication and Session Management,…Cross-Site Scripting, Insecure Direct Object References,…Security Misconfigurations, Sensitive Data Exposure,…Missing Function Level Access Controls,…Cross-Site Request Forgery Attacks,…Using Components with Known Vulnerabilities…and Unvalidated Redirects and Forwards.…
Injection Flaws occur when an attacker is able…to insert code into a request sent to a website…and then trick that website into passing the code…along to a back-end server where it is executed.…
Members who take all eight courses in the series will be prepared to take and pass the CISSP exam. Find the companion study books at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
- Understanding security and evaluation models
- Cloud computing and virtualization
- Securing hardware
- Client and server vulnerabilities
- Web security vulnerabilities
- Securing mobile and smart devices
- Understanding encryption
- Key management and public key infrastructure
- Physical security
Skill Level Advanced
Essentials of Cryptography and Network Securitywith Lisa Bock1h 45m Intermediate
CISSP Cert Prep: 2 Asset Securitywith Mike Chapple58m 11s Advanced
1. Security Engineering
2. Cloud Computing and Virtualization
3. Hardware Security
4. Client and Server Vulnerabilities
5. Web Security
6. Mobile Security
7. Smart Device Security
9. Symmetric Cryptography
10. Asymmetric Cryptography
11. Key Management
12. Public Key Infrastructure
13. Cryptanalytic Attacks
14. Physical Security
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.