Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.


OWASP Top 10 Vulnerabilities Course

via Treehouse


Welcome again to the realm of web security, where millions of dollars and people’s lives are on the line. Not every web application has that much on the line, but many do, and it’s your job as the developer or manager to keep your users safe! From protecting static web sites to the most complex of web services and APIs, every web developer should be aware of, and adept at writing secure code and building systems that can stand up to the strongest of malicious users.

In this course, we will build on earlier courses in basic web security by diving into the OWASP Top 10 for Node.js and JavaScript. The OWASP Top 10 is a trusted knowledge framework covering the top 10 major web security vulnerabilities, as well as providing information on how to mitigate them. Throughout this course, we will explore each vulnerability in general and in the scope of how they occur in JavaScript (as the frontend) and Node.js (as the backend).

What you'll learn

  • Injection
  • Broken Authentication
  • XSS
  • CSRF
  • Broken Access Controls
  • Sensitive Data Exposure
  • Insecure Direct Object References
  • Misconfiguration
  • Insecure Components
  • Redirects


The OWASP Top 10 Explained

Welcome! In this stage, you will learn why web security matters, what is OWASP, and what is the OWASP Top 10.

Chevron 4 steps
  • Why We Should Care About Web Security


  • What is OWASP?


  • What is the OWASP Top 10, and Why Trust It?


  • OWASP Top 10 Review

    5 questions

Vulnerabilities: Injection, XSS, CSRF

In this stage, we will cover the #1 and #7 vulnerabilities from 2017, and #8 from 2013: Injection (SQL injection and command injection), XSS (Cross-Site Scripting), and CSRF (Cross-Site Request Forgery).

Chevron 6 steps
  • Injection


  • Command Injection

    7 questions

  • XSS: How It Works


  • XSS: Demonstration and Prevention


  • CSRF


  • XSS and CSRF Review

    7 questions

Vulnerabilities: Authentication, Access, and Sensitive Data

In this stage, we will cover the #2, #5, and #3 vulnerabilities: Broken Authentication, Broken Access Controls, and Sensitive Data Exposure.

Chevron 5 steps
  • Broken Authentication and Session Management


  • Broken Access Controls


  • Session Management and Access Controls

    6 questions

  • Sensitive Data Exposure


  • SSL/TLS, and Exposing Sensitive Data

    5 questions

Vulnerabilities: Configuration, Components, and Logging

In this stage, we will cover the #6, #9, and #10 vulnerabilities: Misconfiguration, Insecure Components, and Insufficient Logging and Monitoring. We will end with where you can turn to next to practice exploiting and securing against the vulnerabilities you’ve learned in a realistic environment.

Chevron 6 steps
  • Misconfiguration


  • Security Misconfiguration

    6 questions

  • Insecure Components


  • Insufficient Logging and Monitoring


  • Next Steps


  • Insecure Components and Insufficient Monitoring

    5 questions

Taught by

Jared Smith

Related Courses


Start your review of OWASP Top 10 Vulnerabilities Course

Never Stop Learning!

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free