close search bar

Sorry, not available in this language yet

close language selection

OWASP Top 10

Course Description

The OWASP Top 10 is a valuable tool for understanding some of the major risks in web applications today from an attacker's perspective. This course highlights the lessons of the 2021 OWASP Top 10.

Learning Objectives

  • Discuss the role of security in the software development life cycle and how best to create secure applications
  • Recognize how these software security defects are exploited
  • Discuss discovery methods for these issues
  • Implement the practices that help prevent the most common mistakes to ensure more secure software


Delivery Format: eLearning

Duration: 1 ½ Hours 

Level: Beginner

Intended Audience:

  • Architects
  • Back-End Developers
  • Enterprise Developers
  • Front-End Developers
  • Mobile Developers

Prerequisites: None

Course Outline


  • Introduction to the OWASP Top 10

Broken Access Control

  • Access Control Introduction
  • Function-Level Access Control Introduction
  • Strategies
  • Insecure Direct Object References: In a Nutshell
  • Giving Your Friends Admin Access to Any Business Page on Facebook

Cryptographic Failures

  • Handling Sensitive Data Securely
  • Real-Life Cryptography Failures


  • SQL Injection
  • Command Injection
  • Cross-Site Scripting
  • Injection Attacks Are Still an Issue!

Insecure Design

  • Security Requirements
  • Secure Design
  • Threat Modeling
  • Example: Meltdown and Spectres

Security Misconfiguration

  • Protection
  • Accidental Leaks

Vulnerable and Outdated Components

  • Securing Third-Party Software Components
  • An Upstream Bug

Identification and Authentication Failures

  • Authentication Overview
  • Session Security Overview
  • Session Security Considerations
  • Authentication Security
  • Zoom Authentication Issues
  • Authentication Solutions: Build Versus Buy

Software and Data Integrity Failures

  • Software Integrity
  • Insecure Deserialization
  • Security in the Software Supply Chain

Security Logging and Monitoring Failures

  • Insufficient Logging and Monitoring
  • Logging and Monitoring Best Practices
  • Logging Technologies
  • Security Logging Interfaces

Server-Side Request Forgery (SSRF)

  • Capital One Attack
  • Technical Vulnerability
  • Attacks and Exploits Defense


Developer Security Training

Equip development teams with the skills and education to write secure code and fix issues faster