OWASP Top 10 - A4:2017 - XML External Entities

Cybrary
Course
Beta

Who should take this course? Our OWASP Top 10 course is designed for an intermediate-level learner, someone who is a seasoned offensive security professional, SOC analyst, or Windows system administrator who wants to know how to exploit and protect against the latest vulnerabilities impacting enterprise systems. What are the prerequisites for this ...

Time
2 hours 7 minutes
Difficulty
Intermediate
CEU/CPE
3
5.0
Share
NEED TO TRAIN YOUR TEAM? LEARN MORE
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Course Content
Module 1: Introduction
Introduction
8m
An Introduction to OWASP
7m
The OWASP Top 10
10m
OWASP Web Security Testing Guide (WSTG)
7m
Using Intercepting Proxies in Web Application Security Testing
11m
Video Demonstration of Using Intercepting Proxies
12m
Module 2: A4:2017-XML External Entities (XXE)

2.1XML External Entities Overview

10m

2.2OWASP Mutillidae: XML External Entities

7m

2.3A4:2017-XML External Entities Scenario - Facebook XXE Vulnerability

10m

2.4Lab: XML External Entities

45m
Course Description

Who should take this course?

Our OWASP Top 10 course is designed for an intermediate-level learner, someone who is a seasoned offensive security professional, SOC analyst, or Windows system administrator who wants to know how to exploit and protect against the latest vulnerabilities impacting enterprise systems.

What are the prerequisites for this course?

You will gain the most benefit from this course if you have a basic understanding of: web applications, programming languages, web browsers, and web application hacking.

Why should I take this course?

The Open Web Application Security Project (OWASP) is a non-profit organization focused on web security. The OWASP Top 10 features the most critical web application security vulnerabilities. Our course gives you the knowledge needed to identify, exploit, and offer remediation suggestions for these vulnerabilities.

What makes this course different from other courses on similar topics?

The multimodal design and ability to take the course in installments is a unique aspect of our course that allows for more self-paced, customizable learning.

This course was developed by Clint Kehr, who is a technical manager for a financial services company’s Responsible Disclosure Team, where he interacts with ethical hackers who find vulnerabilities in the company’s infrastructure. Clint is a former Special Agent with the Department of Justice where he specialized in internet investigations and conducted numerous cases on cyber threat actors on the surface, deep, and dark web, resulting in Clint earning the Attorney General’s Distinguished Service Award. Clint has trained over 1,000 law enforcement officers, prosecutors, and civilians on the dark web and dark market websites. Clint has a master’s degree in intelligence studies from American Military University where he graduated with honors and also has a master’s degree in Information Technology from Carnegie Mellon University where he graduated with highest distinction. As a former Navy Reserve Officer, Clint served in many roles, such as a division officer and department head for commands in the information warfare community

Why should I take this course on Cybrary and not somewhere else?

This course will be released on the Cybrary platform in a series of installments. Along with an introductory module, each of the subsequent 10 modules are being released separately as installments of the course series. The multimodal design and ability to take the course in installments is a unique aspect of our course that allows for more self-paced, customizable learning. Our on-demand format affords you the flexibility to learn at your own pace.