Overview
This course covers the learning outcomes and goals of understanding common web application vulnerabilities as outlined in the OWASP Top 10 List. Participants will learn about injection attacks, broken authentication, sensitive data exposure, XML external entities, broken access control, security misconfiguration, cross-site scripting, insecure deserialization, known vulnerable components, and insufficient logging and monitoring. The teaching method involves reviewing the 2017 OWASP Top 10 list, discussing vulnerabilities, and exploring practical mitigations for these issues. The intended audience for this course includes security practitioners, developers, and individuals interested in web application security.
Syllabus
Intro
Introductions
Web Security Threats
How was the 2017 List Produced?
What Changed from 2013 to 2017?
#1 Injection Attacks
Broken Authentication
Sensitive Data Exposure
XML External Entities (XXE)
Broken Access Control
Security Misconfiguration
#7 Cross Site Scripting
#8 Insecure Deserialisation
known Vulnerable Components
Insufficient Logging and Monitoring
Taught by
ACCU Conference