This course will teach you the fundamental principles of
assessing web systems for commonly-exploited vulnerabilities. The
course explains, in detail, the most common web vulnerabilities as
reported in the 2017 OWASP (Open Web Application Security Project)
Top 10 vulnerabilities report. It also covers a variety of manual
and automated web vulnerability testing tools - such as ZAP (Zed
Attack Proxy) and Arachni. Study of the course can also help to
build the prerequisites to study more advanced IT security courses,
including the Cyber Toa Defensive Network Security course and the
Cyber Toa Cyber Reconnaissance and Recovery course.
On course completion, you will be able to:
- Explain the top 10 most common web exploits and evaluate the
risk they present to your application and organization.
- Use ZAP, Arachi and other testing tools to assess the security
of an existing web.
- Use the OWASP Application Security Verification Standard
(ASVSv3) and the Security Knowledge Framework (SKT) to manually
assess the security of a web application.
- Create a prioritized list of remediation recommendations based
on the results of a web vulnerability assessment.
- Use the WebGoat learning resource to understand an application
with known vulnerabilities.
- Understand the comparative risk to business that web
vulnerabilities pose as compared to other common cybersecurity
The Cyber Toa Web vulnerability assessment course is aimed
at IT professionals with (or seeking) job roles such as IT Security
Analysts, Software Developers, Software Testers, Application
Managers or Web Developers.
Know basic network terminology and functions (such as OSI Model,
Know the fundamentals of modern web technologies (such as HTML5,
CSS, SQL etc)
Understand the basics of server-client interactions.
This course is run in partnership with Cyber Toa - Cyber