EdApp by SafetyCulture

Cyber Security Awareness

By EdApp
9 Lessons
Deploy to my team

This course is free and editable. Yours to re-brand and tailor to your needs!

About this course

Learn the basics of the most common cyber attacks and how you can protect yourself.

From the author

Cyber security is one of the most important measures to take when training new or current employees. The importance of continuously training employees on cyber security comes from the rapid advancement of technology in our digital age, meaning that extra measures must be taken to ensure our information and knowledge are up-to-date. This cyber security course is designed to help you protect yourselves and the company against cyber attacks and threats. This 9-part course aims to empower learners with an up-to-date guide based on how to recognise and mitigate any potential cyber threats. The course begins by introducing injection attacks, explaining broken authentication and session mamangement, cross-site scripting, a review of the 3 most common attacks, broken access control, sensitive data exposure, cross-site request forgery, using components with known vulnerabilities, and underprotected APIs.

What you will learn

  • Injection Attacks
  • Broken Access Control
  • Review: The 3 most common attacks
  • Cross-Site Scripting (XSS)
  • Broken Authentication and Session Management
  • Sensitive Data Exposure
  • Cross-Site Request Forgery (CSRF)
  • Using Components with Known Vulnerabilities
  • Underprotected APIs

Cyber Security Awareness Lessons

Click through the microlessons below to preview this course. Each lesson is designed to deliver engaging and effective learning to your team in only minutes.

  1. Injection Attacks
  2. Broken Authentication and Session Management
  3. Cross-Site Scripting (XSS)
  4. Review: The 3 most common attacks
  5. Broken Access Control
  6. Sensitive Data Exposure
  7. Cross-Site Request Forgery (CSRF)
  8. Using Components with Known Vulnerabilities
  9. Underprotected APIs

Like what you see?

This course is free and completely editable. Update the text, add your own slides or re-brand the entire course — with our no-code authoring tool, the sky’s the limit!

Follow the interactions on each screen or click the arrows to navigate between lesson slides.

Cyber Security Awareness course excerpts

Injection Attacks

Learn what an SQL Injection attack is, and why it is one of the most common. In this lesson, you'll also learn ways to protect systems from this very easily exploitable vulnerability.

Cyber Security Awareness Course - Lesson Excerpt

This is our main man Thomas. He's just made his first ever website!

Thomas has basic coding skills, and using simple PHP language, he's written out a simple form attached to a database for people to contact him.

This is Emily. She's very knowledgeable when it comes to security, and sometimes uses her power for mischief. Emily stumbles across Thomas' web page, and realises that he hasn't protected himself from SQL injection attacks...

Emily types a simple command into the form - and voilà!, she's able to see all of Thomas' messages!

What else could Emily get from Thomas' site through this vulnerability? Select all that apply

How can Thomas fix up his site so Emily can't attack it?

Broken Authentication and Session Management

Learn about Broken Authentication and Session Management, one of the most common ways sites open up themselves to attacks on users and their own data.

Cyber Security Awareness Course - Lesson Excerpt

Since we last spoke to Thomas, he's found his niche, and his website has become very popular! Thomas has started to make money from online ads, and wants to keep this separate from his other income.

Thomas decides the best way to do this is sign up for a new bank account online.

The day after he sets it up, he can't get back into it! What's happened to Thomas' money?!

How could this have happened?

Predictable Passwords This is one of the most common ways to get caught out online. Websites should not allow you to use passwords like "12345" or "password", and sites that do open themselves up to vulnerabilities.

Eavesdropping On unencrypted connections, bad actors can use readily available software to see the passwords, usernames and Session IDs transmitted from users to the website.

Impersonation By using a Session ID that is not invalidated at the end of each session, bad actors can impersonate users and gain full access to their accounts.

Cross-Site Scripting (XSS)

Learn about cross site scripting (XSS) vulnerabilities, and how they have worked on some huge sites. Learn what you can do to protect your site from this major vulnerability.

Cyber Security Awareness Course - Lesson Excerpt

Emily's a very knowledgeable internet user, and today, she's decided to look for some vulnerabilities in everyday websites.

Emily has her eyes set on this social media website - how can she cause some mischief?

Using the HTML <script> tag, Emily puts some malicious code in the "Status update" box, which makes the code automatically repost itself. (The real code would be a bit more complicated than the one shown here!)

Which types of websites can be affected by a Cross-Site Scripting (XSS) attack? Select all that apply

Broken Access Control

Learn how Broken Access Control can lead to vulnerabilities in online security.

Cyber Security Awareness Course - Lesson Excerpt

It's been a while now, and Thomas is quite happy with his site as it is. He's got multiple features and plugins installed.

To administer all of these new features, he's created the ability to log in with a browser, and change settings from where ever he is.

Unfortunately, he hasn't set up and tested his access control correctly - leading his site to become vulnerable to attacks.

Some specific Access Control issues that exist include... Insecure Session IDs Path Traversal (going directly to a secure page without passing through access checks) Incorrectly set file permissions Client Side Caching on Public Computers All of these risks can be mitigated by improving the security of access control.

What is the most secure way of giving administrators access to a site?

Sensitive Data Exposure

Learn which sorts of data are vulnerable and important to protect on your website.

Cyber Security Awareness Course - Lesson Excerpt

Our successful friend Thomas has decided to start selling his products online. He decided to accept Credit Cards on his website.

His site stores credit card information in plain text, but the text is destroyed after each order is completed.

After a few weeks, one of Thomas' customers contacts him, and angrily tells Thomas that his Credit Card details had been stolen!

How could Thomas' customer's data have been stolen? Select all that apply

Here are some good questions to ask when reviewing your sensitive data storage... Is any of your data stored in clear text long term, including backups of this data? Is any of this data transmitted in clear text, internally or externally? Are any old / weak cryptographic algorithms used? Are weak crypto keys generated, or is proper key management or rotation missing?

Cross-Site Request Forgery (CSRF)

Learn how this lesser-known cross-site vulnerability can spell danger for some websites.

Cyber Security Awareness Course - Lesson Excerpt

Emily is taking a day off hacking, and is paying her friend for a concert ticket.

She submits a transfer form on her bank's website - but she notices something while poking around. The website doesn't authenticate its requests properly.

Emily sees a way that she can exploit this, so everybody who posts a comment to her website also sends her $100 - as long as they're also logged into her bank's website.

What other types of sites are vulnerable to CSRF? Select all that apply

Using Components with Known Vulnerabilities

Learn how to keep your knowledge of known vulnerabilities up-to-date with some simple tools.

Cyber Security Awareness Course - Lesson Excerpt

Thomas' website has expanded! He's got heaps of features - some of which he didn't code himself.

Some features, like his online shop, are additional plugins that he has installed.

One day, one of Thomas' plugins stops working, and gives him some strange error messages when he tries to fix it.

Underprotected APIs

Learn how underprotected APIs can create unintended vulnerabilities.

Cyber Security Awareness Course - Lesson Excerpt

Thomas is working on his site, which by now, has plenty of plugins.

However, Emily knows some vulnerabilities in Thomas' plugin APIs, and uses her knowledge to cause havoc!

Course media gallery

Cyber Security Awareness


EdApp is an award winning, mobile first microlearning platform with integrated authoring and delivery. EdApp contributes training courses that have been created by the in house instructional design specialists.

Course rating

espetacular, muito bom

tres interessant

Very informative and very interesting

nice, but my english suck, so is really interesting how a this website has parts in english and other parts in spanish haha.

EdApp is easy to use and free for you and your team. No credit card required.

or book a demo with us today