Securing web applications is critically important, as web vulnerabilities often provide the initial attack vector to gain access to a target network. Hence, it is imperative to use good programming practices (e.g., the use of prepared statements for database queries) when implementing web applications. This lesson provides an overview of two security vulnerabilities that are often present in web applications – SQL injection and cross-site scripting (XSS). It also covers their mitigation and other techniques to provide defense-in-depth for security.

Exploits of a Mom

Learning Objectives

  • Describe the following vulnerabilities:
    • SQL injection
    • Cross-site scripting (XSS)
  • Identify techniques to prevent SQL injection and XSS

How to Complete this Lesson

Complete the following learning activities: (3.25–3.5 hours total)

  1. Sign the acknowledgement regarding offensive cyber techniques (5 minutes)
  2. Watch the following videos fro the OWASP Appsec Tutorial series:
  3. Attend the class meeting (60 minutes)
  4. Complete the following exercises to demonstrate attacks against web applications and how to defend against them:
  5. Take the quiz (10 minutes)
  6. Continue work on the project website (90 minutes)
    • Complete the implementation of the initial web page
    • Start implementing additional pages

Due

As a reminder, the following are due this lesson:

Resources