Chapter 5

Application Security and Penetration Testing

The Following CompTIA CASP Exam Objectives Are Covered in This Chapter:

  • 1.6 Explain the importance of application security
    • Web application security design considerations
    • Secure: by design, by default, by deployment
    • Specific application issues
  • XSS
  • Click-jacking
  • Session management
  • Input validation
  • SQL injection
  • Application sandboxing
  • Application security frameworks
  • Standard libraries
  • Industry accepted approaches
  • Secure coding standards
  • Exploits resulting from improper error and exception handling
  • Privilege escalation
  • Improper storage of sensitive data
  • Fuzzing/false injection
  • Secure cookie storage and transmission
  • Client-side processing vs. server-side processing
  • Ajax
  • State management

Get CASP: CompTIA® Advanced Security Practitioner, Study Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial