Students will analyze potential indicators associated with vulnerabilities in operating system and web-based attacks.
Standards:
CompTIA Security+ SYO-701 Objective:
2.3 – Explain various types of vulnerabilities
Operating system (OS)-based
Web-based
Structured Query Language injection (SQLi)
Cross-site scripting (XSS)
Guiding Question:
What are some vulnerabilities in operating systems and web applications that can lead to malicious attacks?
Resources:
Lesson 2.3.2 – OS and Web-based Vulnerabilities.pptx and Lab – XSS DVWA.pptx Presentations available on Google Classroom
Assignment:
Review the Lesson 2.3.2 – OS and Web-based Vulnerabilities.pptx presentation, if necessary.
Complete the Lab – XSS DVWA.pptx Activity in class using the materials provided in Google Classroom.
To confirm completion the lab activity, upload a screenshot displaying the Session ID (PHPSESSID) using the XSS (Reflected) Vulnerability attack to today’s Google Classroom post.
Assigned: December 3rd, 2025 Teacher Pacing Due Date: December 4th, 2025
Students will analyze potential indicators associated with vulnerabilities in operating system and web-based attacks.
Standards:
CompTIA Security+ SYO-701 Objective:
2.3 – Explain various types of vulnerabilities
Operating system (OS)-based
Web-based
Structured Query Language injection (SQLi)
Cross-site scripting (XSS)
Guiding Question:
What are some vulnerabilities in operating systems and web applications that can lead to malicious attacks?
Resources:
Lesson 2.3.2 – OS and Web-based Vulnerabilities.pptx and Lab – SQL Injection DVWA.pptx Presentations available on Google Classroom
Assignment:
Read the Lesson 2.3.2 – OS and Web-based Vulnerabilities.pptx presentation, in today’s class.
Complete the Lab – SQL Injection DVWA.pptx Activity in class using the materials provided in Google Classroom.
To confirm completion the lab activity, upload a screenshot displaying the user information from the Victim Website, including the hashed passwords, generated using a successful SQL Injection attack to today’s Google Classroom post.
Assigned: December 2nd, 2025 Teacher Pacing Due Date: December 3rd, 2025
Students will investigate methods to secure applications.
Standards:
CompTIA Security+ SYO-701 Objective:
4.1 – Given a scenario, apply common security techniques to computing
Application security
Input validation
Secure cookies
Static code analysis
Code signing
Sandboxing
Monitoring
Guiding Question:
How are applications secured?
Resources:
Lesson 4.1.4 – Application Security.pptx Presentation and Lesson 4.1.4 – Application Security – Guided Notes – Fall 2025 Form available on Google Classroom
Assignment:
Read through the Lesson 4.1.4 – Application Security.pptx presentation in today’s class.
Complete the Lesson 4.1.4 – Application Security – Guided Notes – Fall 2025 Form using the materials provided.
Assigned: December 1st, 2025 Teacher Pacing Due Date: December 2nd, 2025
Students will analyze potential indicators associated with application attacks.
Standards:
CompTIA Security+ SYO-701 Objective: 2.4 – Given a scenario, analyze indicators of malicious activity
Application Attacks
Injection
Buffer overflow
Forgery
Guiding Question:
What are some common application attacks including replay, privilege escalation and directory traversal and how can you defend against them?
Resources:
Lesson 2.4.12 – Application Attacks Pt 2.pptx and Lab – Buffer Overflow.pptx Presentations available on Google Classroom
Assignment:
Review the Lesson 2.4.12 – Application Attacks Pt 2.pptx presentation, if necessary.
Complete the Lab – Buffer Overflow.pptx Activity in class using the materials provided in Google Classroom.
To confirm completion the lab activity, upload a screenshot displaying the Windows Desktop containing the “document_1” file, the “Malicious” folder and a Wordpad window with the “We have taken over your system” message, demonstrating the Windows 7 system has been successfully compromised to today’s Google Classroom post.
Assigned: November 25th, 2025 Teacher Pacing Due Date: November 26th, 2025
Students will analyze potential indicators associated with application attacks.
Standards:
CompTIA Security+ SYO-701 Objective: 2.4 – Given a scenario, analyze indicators of malicious activity
Application Attacks
Injection
Buffer overflow
Forgery
Guiding Question:
What are some common application attacks including injection, buffer overflow and forgery and how can you defend against them?
Resources:
Lesson 2.4.12 – Application Attacks Part 2.pptx Presentation available on Google Classroom
Assignment:
Read the Lesson 2.4.11 – Application Attacks Part 1.pptx presentation, in today’s class.
Complete the Lab – Command Injection.pptx Activity in class using the materials provided in Google Classroom.
To confirm completion the lab activity, upload a screenshot displaying your Windows system DVWA Command Injection window displaying the passwd file edited with today’s date (as demonstrated in Slide 14 of the Lab presentation) to today’s Google Classroom post.
Assigned: November 24th, 2025 Teacher Pacing Due Date: November 25th, 2025
Students will analyze potential indicators associated with application attacks.
Standards:
CompTIA Security+ SYO-701 Objective: 2.4 – Given a scenario, analyze indicators of malicious activity
Application Attacks
Replay
Privilege escalation
Directory traversal
Guiding Question:
What are some common application attacks including replay, privilege escalation and directory traversal and how can you defend against them?
Resources:
Lesson 2.4.11 – Application Attacks Part 1.pptx and Lab – Directory Traversal.pptx Presentations available on Google Classroom
Assignment:
Review the Lesson 2.4.11 – Application Attacks Part 1.pptx presentation, if necessary.
Complete the Lab – Directory Traversal.pptx Activity in class using the materials provided in Google Classroom.
To confirm completion the lab activity, upload a screenshot displaying your Windows system web browser displaying the “Secret Message” you created (as demonstrated in Slide 15 of the Lab presentation) to today’s Google Classroom post.
Assigned: November 21st, 2025 Teacher Pacing Due Date: November 24th, 2025
Students will analyze potential indicators associated with application attacks.
Standards:
CompTIA Security+ SYO-701 Objective: 2.4 – Given a scenario, analyze indicators of malicious activity
Application Attacks
Replay
Privilege escalation
Directory traversal
Guiding Question:
What are some common application attacks including replay, privilege escalation and directory traversal and how can you defend against them?
Resources:
Lesson 2.4.11 – Application Attacks Part 1.pptx and Lab – Pass the Hash.pptx Presentations available on Google Classroom
Assignment:
Review the Lesson 2.4.11 – Application Attacks Part 1.pptx presentation, if necessary.
Complete the Lab – Pass the Hash.pptx Activity in class using the materials provided in Google Classroom.
To confirm completion the lab activity, upload a screenshot displaying your successful administrative login in the Meterpreter session on the Kali Linux machine to today’s Google Classroom post.
Note: You will need to complete yesterday’s Privilege Escalation lab to locate the Windows Password Hashes for use in this lab!
Assigned: November 20th, 2025 Teacher Pacing Due Date: November 21st, 2025
Students will analyze potential indicators associated with application attacks.
Standards:
CompTIA Security+ SYO-701 Objective: 2.4 – Given a scenario, analyze indicators of malicious activity
Application Attacks
Replay
Privilege escalation
Directory traversal
Guiding Question:
What are some common application attacks including replay, privilege escalation and directory traversal and how can you defend against them?
Resources:
Lesson 2.4.11 – Application Attacks Part 1.pptx Presentation available on Google Classroom
Assignment:
Read the Lesson 2.4.11 – Application Attacks Part 1.pptx presentation in today’s class.
Complete the Lab – Privilege Escalation.pptx Activity in class using the materials provided in Google Classroom.
To confirm completion the lab activity, upload a screenshot displaying your successfully escalated privileges in the Meterpreter session on the Kali Linux machine to today’s Google Classroom post.
Assigned: November 19th, 2025 Teacher Pacing Due Date: November 20th, 2025
