OWASP, Part 2 of 4: Forgery and Phishing
Interactive

OWASP, Part 2 of 4: Forgery and Phishing

LearnNow Online
Updated Aug 23, 2018
Book a demoTry it for free

Course description

In this course you’ll look at building secure applications from the mindset of the hacker and what a developer can do to avoid the front pages of the latest exploit. You will see examples of Cross-Site Forgery, how a phishing email works, the vulnerabilities of open source components, and also redirects from unvalidated links.

Each LearnNowOnline training course is made up of Modules (typically an hour in length). Within each module there are Topics (typically 15-30 minutes each) and Subtopics (typically 2-5 minutes each). There is a Post Exam for each Module that must be passed with a score of 70% or higher to successfully and fully complete the course.


Prerequisites

This course is for users with experience with developing web applications using C# or other object oriented programming languages.


Meet the expert

Mike Benkovich

Mike Benkovich delivers technical presentations around the U.S. as a consultant, trainer, and former Developer Evangelist for Microsoft. He has worked in a variety of professional roles including architect, project manager, developer, and technical writer. Mike is also an author of two books, published by WROX Press and APress, that show developers how to get the most from their SQL databases. Since appearing in the 1994 Microsoft DevCast, Mike has presented technical information at seminars, conferences, and corporate boardrooms across America.

Video Runtime

40 Minutes

Time to complete

60 Minutes

Course Outline

OWASP Addtional Topics

Cross-Site Request Forgery (15:23)

  • Introduction (00:22)
  • Cross-Site Request Forgery (00:45)
  • OWASP Threat Assessment (01:08)
  • Example (01:17)
  • Phishing Email Sent to User... (00:29)
  • Code Includes CSRF Hack (00:20)
  • CSRF (00:28)
  • Demo: CSRF (06:02)
  • Demo: Preventing CSRF (02:31)
  • Cross-Site Request Forgery (01:42)
  • Summary (00:14)

Vulnerable Components (12:39)

  • Introduction (00:23)
  • Known Vulnerabilities (00:43)
  • Example: Apache CXF & Spring (00:38)
  • OWASP Threat Assessment (01:46)
  • Components Known Vulnerabilities (00:44)
  • Reality of Software Components (01:27)
  • Explained... (00:51)
  • Comps with Known Vulnerabilities (00:38)
  • Demo: Known Vulnerabilities (05:07)
  • Summary (00:18)

Redirects (11:56)

  • Introduction (00:30)
  • Unvalidated Redirects (02:41)
  • Example (00:18)
  • Demo: Unvalidated Redirects (05:55)
  • Demo: Using Validation (01:20)
  • Unvalidated Redirects (00:55)
  • Summary (00:15)
Related learning
Cyber Security Awareness Basics, Part 2 of 2: Protection and MalwareInteractive ⋅ 101 mins
Securing Windows Server 2016, Part 1 of 5: Overview and UsersInteractive ⋅ 269 mins
Penetration Testing with OWASP ZAP, Part 3 of 5: Attack TypesInteractive ⋅ 89 mins
OWASP, Part 4 of 4: Misconfiguration and Data EncryptionInteractive ⋅ 229 mins

Explore more technology skills

IT Software
IT Software
Web Design and Development
Web Design and Development
Data & Analytics
Data & Analytics
Design and Animation
Design and Animation
Gaming and Games Development
Gaming and Games Development
Devops, Networking and Security
Devops, Networking and Security
Programming and Web Development
Programming and Web Development
Computer Science and Engineering
Computer Science and Engineering
;