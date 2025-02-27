This course focuses on the most important security defects found in web applications, covering all issues in the latest OWASP Top 10 list. Each topic describes a vulnerability and provides guidance for remediation. This course also provides demonstrations and practical hands-on exercises where students learn what impact these security issues can have on web applications.

What is the OWASP Top 10?

Taxonomies provide a common vocabulary for professionals to use when discussing software security vulnerabilities. The OWASP Top Ten list is the most widely used taxonomy for web application security. The OWASP Top Ten covers the most critical web application security defects. It is created by security experts from around the world who have shared their expertise to produce this list.

OWASP Top 10

This is the main section and covers the 10 most critical web application security risks, as defined in the latest OWASP Top 10:

A01 Broken Access Control Authentication vs. authorization, privilege escalation, tampering

A02 Cryptographic Failures Failures related to cryptography often leading to sensitive data exposure or system compromise

A03 Injection Dangers of mixing data with code Cross-Site Scripting resulting from unencoded, unvalidated, and untrusted user-supplied data

A04 Insecure Design Risks related to design flaws Adding the required controls to your system to build a solid foundation for the rest of your application stack since security holes can exist in your application even before you write a single line of code

A05 Security Misconfiguration Misconfigured servers, lack of knowledge on installed features Specific type of Server-Side Request Forgery (SSRF) attack

A06 Vulnerable and Outdated Components Why and how does this happen?

A07 Identification and Authentication Failures Broken authentication and session management

A08 Software and Data Integrity Failures Regarding assumptions related to software updates, critical data, and CI/CD pipelines without verifying integrity Causes of deserialized vulnerabilities

A09 Security Logging and Monitoring Failures Secure logging and monitoring

A10 Server-Side Request Forgery (SSRF) Dangers of remote resources specified by user input Labs and Demos



This course includes a variety of labs and demos for students to practice their skills.