Securing web applications is critically important, as web vulnerabilities often provide the initial attack vector to gain access to a target network. Hence, it is imperative to use good programming practices (e.g., the use of prepared statements for database queries) when implementing web applications. This lesson provides an overview of two security vulnerabilities that are often present in web applications – SQL injection and cross-site scripting (XSS). It also covers their mitigation and other techniques to provide defense-in-depth for security.

Exploits of a Mom

Learning Objectives

  • Describe the following vulnerabilities:
    • SQL injection
    • Cross-site scripting (XSS)
  • Identify techniques to prevent SQL injection and XSS

How to Complete this Lesson

Complete the following learning activities: (2.75–3.25 hours total)

  1. Sign the acknowledgement regarding offensive cyber techniques (5 minutes)
  2. Watch the following videos fro the OWASP Appsec Tutorial series:
  3. Attend the class meeting (60 minutes)
  4. Complete the following exercises to demonstrate attacks against web applications and how to defend against them:
  5. Start developing the project website (75–90 minutes)
    • Meet with your team to sketch an initial design and to assign development tasks (15–30 minutes)
    • Develop the initial implementation of at least one page for the site (60 minutes)

Resources

« Sessions

REST and JSON »