EdApp by SafetyCulture

Cyber Security

7 Lessons
Deploy to my team

This course is free and editable. Yours to re-brand and tailor to your needs!

About this course

Learn the basics of the most common cyber attacks, and how to protect yourself.

Cyber Security Lessons

Click through the microlessons below to preview this course. Each lesson is designed to deliver engaging and effective learning to your team in only minutes.

  1. Injection Attacks
  2. Broken Authentication and Session Management
  3. Cross-Site Scripting (XSS)
  4. Review: The 3 most common attacks
  5. Broken Access Control
  6. Sensitive Data Exposure
  7. Cross-Site Request Forgery (CSRF)

Like what you see?

This course is free and completely editable. Update the text, add your own slides or re-brand the entire course — with our no-code authoring tool, the sky’s the limit!

Follow the interactions on each screen or click the arrows to navigate between lesson slides.

Cyber Security course excerpts

Injection Attacks

Learn what an SQL Injection attack is, and why it is one of the most common. In this lesson, you'll also learn ways to protect systems from this very easily exploitable vulnerability.

Cyber Security Course - Lesson Excerpt

This is our main man Thomas. He's just made his first ever website!

Thomas has basic coding skills, and using simple PHP language, he's written out a simple form attached to a database for people to contact him.

This is Emily. She's very knowledgeable when it comes to security, and sometimes uses her power for mischief. Emily stumbles across Thomas' web page, and realises that he hasn't protected himself from SQL injection attacks...

Emily types a simple command into the form - and voilà!, she's able to see all of Thomas' messages!

What else could Emily get from Thomas' site through this vulnerability? Select all that apply

How can Thomas fix up his site so Emily can't attack it?

Broken Authentication and Session Management

Learn about Broken Authentication and Session Management, one of the most common ways sites open up themselves to attacks on users and their own data.

Cyber Security Course - Lesson Excerpt

Since we last spoke to Thomas, he's found his niche, and his website has become very popular! Thomas has started to make money from online ads, and wants to keep this separate from his other income.

Thomas decides the best way to do this is sign up for a new bank account online.

The day after he sets it up, he can't get back into it! What's happened to Thomas' money?!

How could this have happened?

Predictable Passwords This is one of the most common ways to get caught out online. Websites should not allow you to use passwords like "12345" or "password", and sites that do open themselves up to vulnerabilities.

Eavesdropping On unencrypted connections, bad actors can use readily available software to see the passwords, usernames and Session IDs transmitted from users to the website.

Impersonation By using a Session ID that is not invalidated at the end of each session, bad actors can impersonate users and gain full access to their accounts.

Cross-Site Scripting (XSS)

Learn about cross site scripting (XSS) vulnerabilities, and how they have worked on some huge sites. Learn what you can do to protect your site from this major vulnerability.

Cyber Security Course - Lesson Excerpt

Emily's a very knowledgeable internet user, and today, she's decided to look for some vulnerabilities in everyday websites.

Emily has her eyes set on this social media website - how can she cause some mischief?

Using the HTML `

Which types of websites can be affected by a Cross-Site Scripting (XSS) attack? Select all that apply

Broken Access Control

Learn how Broken Access Control can lead to vulnerabilities in online security.

Cyber Security Course - Lesson Excerpt

It's been a while now, and Thomas is quite happy with his site as it is. He's got multiple features and plugins installed.

To administer all of these new features, he's created the ability to log in with a browser, and change settings from where ever he is.

Unfortunately, he hasn't set up and tested his access control correctly - leading his site to become vulnerable to attacks.

Some specific Access Control issues that exist include... Insecure Session IDs Path Traversal (going directly to a secure page without passing through access checks) Incorrectly set file permissions Client Side Caching on Public Computers All of these risks can be mitigated by improving the security of access control.

What is the most secure way of giving administrators access to a site?

Sensitive Data Exposure

Learn which sorts of data are vulnerable and important to protect on your website.

Cyber Security Course - Lesson Excerpt

Our successful friend Thomas has decided to start selling his products online. He decided to accept Credit Cards on his website.

His site stores credit card information in plain text, but the text is destroyed after each order is completed.

After a few weeks, one of Thomas' customers contacts him, and angrily tells Thomas that his Credit Card details had been stolen!

How could Thomas' customer's data have been stolen? Select all that apply

Here are some good questions to ask when reviewing your sensitive data storage... Is any of your data stored in clear text long term, including backups of this data? Is any of this data transmitted in clear text, internally or externally? Are any old / weak cryptographic algorithms used? Are weak crypto keys generated, or is proper key management or rotation missing?

Cross-Site Request Forgery (CSRF)

Learn how this lesser-known cross-site vulnerability can spell danger for some websites.

Cyber Security Course - Lesson Excerpt

Emily is taking a day off hacking, and is paying her friend for a concert ticket.

She submits a transfer form on her bank's website - but she notices something while poking around. The website doesn't authenticate its requests properly.

Emily sees a way that she can exploit this, so everybody who posts a comment to her website also sends her $100 - as long as they're also logged into her bank's website.

What other types of sites are vulnerable to CSRF? Select all that apply

Course media gallery

Cyber Security

EdApp is easy to use and free for you and your team. No credit card required.

or book a demo with us today