The OWASP Top 10 Training course covers vulnerabilities, attacks, and mitigations for the 2017 Open Web Application Project. The course consists of theory, instructor-led demonstrations of exploitations, and hands-on labs. The objective of the training is to hone the student's ability to recognize security vulnerabilities when conducting their own assessments, building applications, or developing security programs.
Highlights:
- 14 Modules with 2 hours 40 minutes of instruction
- 13 Assessment Tests
- Instructor-Led Demonstrations of exploitations against vulnerabilities
- 14 Student Labs
- Downloadable Materials and Virtual Machines
- Certificate of Completion
- 16 CEUs
- 90 Days Access
Target Student
Software developers, testers, and architects who design and develop
software in various programming languages and platforms including desktop, web, mobile, and cloud, and who want to improve their ability to deliver secure software.
Course Outline
Module 1: OWASP Top 10 Overview
- About OWASP
- What is the OWASP Top 10?
- OWASP Terms
Module 1 Assessment
Module 2: Application Security Risks
- Application Risks
- OWASP Risk Rating Methodology
Module 2 Assessment
Module 3: Lab Setup
- Software Considerations
- Networking
- Lab Setup Demonstration
Module 3 Assessment
Module 4: A1 – Injection
- Injection Overview
- Injection Prevention
- Injection Exploitation Demonstration
- Student Lab
Module 4 Assessment
Module 5: A2 – Broken Authentication
- Broken Authentication Overview
- Broken Authentication Prevention
- Broken Authentication Exploitation Demonstration
- Student Lab
Module 5 Assessment
Module 6: A3 – Sensitive Data Exposure
- Sensitive Data Exposure Overview
- Sensitive Data Exposure Prevention
- Sensitive Data Exposure Demonstration
- Student Lab
Module 6 Assessment
Module 7: A4 – XML External Entity Injection
- XML External Entity Injection Overview
- XML External Entity Injection Prevention
- XML External Entity Injection Demonstration
- Student Lab
Module 7 Assessment
Module 8: A5 – Broken Access Control
- Broken Access Control Overview
- Broken Access Control Prevention
- Broken Access Control Exploitation Demonstration
- Student Lab
Module 8 Assessment
Module 9: A6 - Security Misconfiguration
- Security Misconfiguration Overview
- Security Misconfiguration Prevention
- Security Misconfiguration Exploitation Demonstration
- Student Lab
Module 9 Assessment
Module 10: A7 – Cross-Site Scripting
- Cross-Site Scripting Overview
- Cross-Site Scripting Prevention
- Cross-Site Scripting Exploitation Demonstration
- Student Lab
Module 10 Assessment
Module 11: A8 – Insecure Deserialization
- Insecure Deserialization Overview
- Insecure Deserialization Prevention
- Insecure Deserialization Exploitation Demonstration
- Student Lab
Module 11 Assessment
Module 12: A9 – Using Components with Known Vulnerabilities
- Using Components with Known Vulnerabilities Overview
- Using Components with Known Vulnerabilities Prevention
- Using Components with Known Vulnerabilities Exploitation Demonstration
- Student Lab
Module 12 Assessment
Module 13: A10 – Insufficient Logging & Monitoring
- Insufficient Logging & Monitoring Overview
- Insufficient Logging & Monitoring Prevention
- Insufficient Logging & Monitoring Exploitation Demonstration
- Student Lab
Module 13 Assessment
Module 14: Course Summary
Appendix: Additional Labs
- Practical Exercises Walkthrough