VU23222 - Expose website security vulnerabilities

TAFE Victoria logo
Unit code: VU23222 | Study level: TAFE
Credit points
N/A
Location
Footscray Nicholson
Industry
Online
St Albans
Prerequisites
N/A
Overview
Enquire

Overview

This unit describes the performance outcomes knowledge and skills required to maintain the security of an organisation’s website by utilising the outcomes of the Open Web Application Security Project (OWASP).
It requires the ability to apply penetration testing tools to determine the vulnerabilities of a web site, assess the vulnerabilities and report to appropriate personnel.This unit applies to individuals working as cyber security technicians either alone or as part of a team.

Assessment

For Melbourne campuses

Assessment tasks will be designed to reinforce & extend knowledge and skill competence within set & controlled parameters in accordance with each units learning outcomes & performance criteria requirements, including the setting of work based practical application tasks designed to provide evidence of competence outcomes, within periodic and scheduled timelines.

Students will be expected to demonstrate the following required skills:
• identify how OWASP outcomes can aid in securing an organisations web site
• use tools to exploit web site vulnerabilities for two (2) scenarios.

Students will also be expected to demonstrate the following knowledge:
• Hypertext Transfer Protocol (HTTP) Structure & Headers & how to secure data
• Open Web Application Security Project (OWASP) - Secure Headers Project
• Website Vulnerabilities
• Structured Query Language (SQL Injection (SQLite)
• Cross Site Scripting (XSS)
• Insecure Direct Object References (IDOR)
• Browser Exploitation Framework (BeEF)
• testing tools for website vulnerabilities: Examples are:
o Nikto
o Directory based (DIRB)
o Burp Suite
o Static Application Security testing (SAST)
o Dynamic Application Security Testing (DAST)
• Open Web Application Security Project (OWASP) - Framework.

Required reading

The qualified trainer and assessor will provide teaching and learning materials as required in the form of workbooks produced by the VU Polytechnic and/or via the VU Polytechnic e-learning system.

As part of a course

This unit is studied as part of the following course(s):

Certificate IV in Cyber Security
22603VIC | Certificate iv | Duration:

Refer to the course page for information on how to apply for the course. VU takes care to ensure the accuracy of this unit information, but reserves the right to change or withdraw courses offered at any time. Please check that unit information is current with the Student Contact Centre.

Search for units, majors & minors