OWASP Top 10 Vulnerabilities
Coming January 2018…
About this Course
Welcome again to the realm of web security, where millions of dollars and people’s lives are on the line. Not every web application has that much on the line, but many do, and it’s your job as the developer or manager to keep your users safe! From protecting static web sites to the most complex of web services and APIs, every web developer should be aware of, and adept at writing secure code and building systems that can stand up to the strongest of malicious users.
What you'll learn
- Broken Authentication
- Broken Access Controls
- Sensitive Data Exposure
- Insecure Direct Object References
- Insecure Components
The OWASP Top 10 Explained
Welcome! In this stage, you will learn why web security matters, what is OWASP, and what is the OWASP Top 10.
Vulnerabilities: Injection, XSS, CSRF
In this stage, we will cover the #1 and #7 vulnerabilities from 2017, and #8 from 2013: Injection (SQL injection and command injection), XSS (Cross-Site Scripting), and CSRF (Cross-Site Request Forgery).
Vulnerabilities: Authentication, Access, and Sensitive Data
In this stage, we will cover the #2, #5, and #3 vulnerabilities: Broken Authentication, Broken Access Controls, and Sensitive Data Exposure.
Vulnerabilities: Configuration, Components, and Logging
In this stage, we will cover the #6, #9, and #10 vulnerabilities: Misconfiguration, Insecure Components, and Insufficient Logging and Monitoring. We will end with where you can turn to next to practice exploiting and securing against the vulnerabilities you’ve learned in a realistic environment.