Introduction
- Introduction to the OWASP Top 10
Broken Access Control
- Access Control Introduction
- Function-Level Access Control Introduction
- Strategies
- Insecure Direct Object References: In a Nutshell
- Giving Your Friends Admin Access to Any Business Page on Facebook
Cryptographic Failures
- Handling Sensitive Data Securely
- Real-Life Cryptography Failures
Injection
- SQL Injection
- Command Injection
- Cross-Site Scripting
- Injection Attacks Are Still an Issue!
Insecure Design
- Security Requirements
- Secure Design
- Threat Modeling
- Example: Meltdown and Spectres
Security Misconfiguration
- Protection
- Accidental Leaks
Vulnerable and Outdated Components
- Securing Third-Party Software Components
- An Upstream Bug
Identification and Authentication Failures
- Authentication Overview
- Session Security Overview
- Session Security Considerations
- Authentication Security
- Zoom Authentication Issues
- Authentication Solutions: Build Versus Buy
Software and Data Integrity Failures
- Software Integrity
- Insecure Deserialization
- Security in the Software Supply Chain
Security Logging and Monitoring Failures
- Insufficient Logging and Monitoring
- Logging and Monitoring Best Practices
- Logging Technologies
- Security Logging Interfaces
Server-Side Request Forgery (SSRF)
- Capital One Attack
- Technical Vulnerability
- Attacks and Exploits Defense