Securing web application is critically important, as web vulnerabilities often provide the initial attack vector to gain access to a target network. Hence, it is critically important to use good programming practices (e.g., the use of prepared statements for database queries) when implementing web applications. This lesson provides an overview of two security vulnerabilities that are often present in web applications – SQL injection and cross-site scripting (XSS). It also covers their mitigation and other techniques to provide defense-in-depth for security.

Exploits of a Mom

Learning Objectives

  • Describe the following vulnerabilities:
    • SQL injection
    • Cross-site scripting (XSS)
  • Identify techniques to prevent SQL injection and XSS

How to Complete this Lesson

  1. Watch Introduction to Information Assurance (IA) (15 minutes)
  2. Sign the acknowledgement regarding offensive cyber techniques (5 minutes)
  3. Watch SQL Injection from the OWASP Appsec Tutorial Series (10 minutes)
  4. Complete the SQL injection exercise (5–10 minutes)
  5. Watch Cross Site Scripting (XSS) from the OWASP Appsec Tutorial Series (10 minutes)
  6. Complete the XSS exercise (5–10 minutes)
  7. Reply to one of your classmates’ posts in the discussion forum (30 minutes)
  8. Continue work on the project website (90 minutes)
    • Complete the implementation of the initial web page
    • Start implementing additional pages

Due

As a reminder, the following is due this lesson: