OWASP Top 10 Training

Web Application Security Fundamentals (OWASP Top 10) Training

Course Overview

This course focuses on common web security attack vectors, how attackers exploit them, and how to prevent the exploits. It also introduces the Open Web Application Security Project (OWASP) as an industry standard security resource. Students will learn through hands-on labs how to exploit web security vulnerabilities. This  course is for web developers, quality assurance specialists, security auditors, presales consultants.

What You Will Learn

  • Common web application security issues and the techniques that can help mitigate or prevent them
  • Web application components and their vulnerabilities
  • OWASP Top 10 (2013/2017) web application security attack classifications:
    • Injection (SQL Injection, LDAP Injection, Template Injection)
    • Broken authentication and session management
    • Cross-site scripting (XSS)
    • Insecure direct object references (IDOR)
    • Security misconfiguration
    • Sensitive data exposure
    • Missing function level access control
    • Cross-site request forgery (CSRF)
    • Using components with known vulnerabilities
    • Unvalidated redirects and forwards
    • Insecure deserialization
    • XXE vulnerabilities
    • Server-Side Request Forgery (SSRF)
  • Use vulnerability  and threat modeling to implement web application security throughout the software development life cycle (SDLC)

Prerequisites

  • Basic knowledge of networking, HTTP protocol, Cookies

Booking This Course

Please contact us. We can provide the bespoke training course curriculum and flexible delivery based upon your requirements