Introduction to OWASP and the Top 10

This course is included in our On-demand training solution.

Overview

The Open Web Application Security (OWASP) Project is an initiative to track and report on the most prevalent and most dangerous web application exploits. This course introduces the OWASP project and its Top 10 list and then examines each one in action and shows how to identify each of these Top 10 threats. This course is one of a series in the SkillSoft learning path that covers the OWASP Top 10.

Target Audience

Developers wanting to learn about the OWASP Top 10.

Prerequisites

None

Expected Duration

90 min.

Course Objectives

Course Introduction

Introduction to the OWASP Project

  • describe the history of the OWASP Project
  • Introduction to the OWASP Top 10

  • describe the OWASP Top 10 list and recognize its patterns in your own applications
  • A1 Injection In Action

  • describe how the A1 exploit works in practice
  • A1 Injection – How It Works

  • identify what the A1 exploit relies on to work
  • A2 Broken Authentication/Session Management In Action

  • describe how the A2 exploit works in practice
  • A2 Broken Authentication/Session – How It Works

  • identify what the A2 exploit relies on to work
  • A3 Cross Site Scripting In Action

  • describe how the A3 exploit works in practice
  • A3 Cross Site Scripting In Action – How It Works

  • identify what the A3 exploit relies on to work
  • A4 Insecure Direct Object References In Action

  • describe how the A4 exploit works in practice
  • A4 Insecure Direct Object References – How It Works

  • identify what the A4 exploit relies on to work
  • A5 Security Misconfiguration In Action

  • describe how the A5 exploit works in practice
  • A5 Security Misconfiguration – How It Works

  • identify what the A5 exploit relies on to work
  • A6 Sensitive Data Exposure In Action

  • describe how the A6 exploit works in practice
  • A6 Sensitive Data Exposure – How It Works

  • identify what the A6 exploit relies on to work
  • A7 Missing Function Level Access Control In Action

  • describe how the A7 exploit works in practice
  • A7 Missing Function Level Access Control – How It Works

  • identify what the A7 exploit relies on to work
  • A8 Cross Site Request Forgery In Action

  • describe how the A8 exploit works in practice
  • A8 Cross Site Request Forgery – How It Works

  • identify what the A8 exploit relies on to work
  • A9 Using Components with Known Exploits In Action

  • describe how the A9 exploit works in practice
  • A9 Using Components with Known Exploits – How It Works

  • identify what the A9 exploit relies on to work
  • A10 Unvalidated Redirects and Forwards In Action

  • describe how the A10 exploit works in practice
  • A10 Unvalidated Redirects and Forwards – How It Works

  • identify what the A10 exploit relies on to work
  • Authentication versus Authorization

  • compare authentication and authorization
  • Defense in Depth

  • define the Defense in Depth principle
  • Exercise: Identify Top 10 Threats

    SUBSCRIPTION COST



     

    NEED HELP OR NOT SURE?