• Classroom
  • Online, Instructor-Led

OWASP 2021 refers to the latest edition of the Open Web Application Security Project (OWASP) Top Ten list, which identifies the most critical web application security risks. It is a valuable resource as it provides organizations with insights into prevalent vulnerabilities, helping them prioritize their security efforts and fortify their applications against potential attacks.

Exploring the OWASP Top 10 is a two day engaging course that provides you with the skills to protect data and maintain user trust across various digital projects. From identifying and eliminating bugs to managing unvalidated data, you'll delve into a myriad of vulnerabilities such as Broken Access Control, Cryptographic Failures, and the complexities of Server-Side Request Forgeries (SSRF). Throughout the course you’ll explore the realm of software integrity, proper handling of authentication data, and the importance of robust security logging and monitoring systems. You'll also examine the challenges of 'Shifting Left' in software development processes and explore the intricacies of handling software and data integrity failures. These encompass using trusted repositories, protecting software development resources, and issues related to Continuous Integration/Continuous deployment (CI/CD) pipelines.

This course is led by a seasoned web application security expert who shares practical insights, best practices, and real-life experiences, adding invaluable depth to your learning journey. Through engaging demonstrations and activities, you'll apply your newfound knowledge to real-world scenarios, enhancing your ability to analyze and mitigate security risks while maintaining privacy and ethical standards. You'll also gain practical experience with innovative tools and strategies, working through labs mirroring real-world situations, such as dissecting high-profile case studies like SolarWinds and Capital One.

By the end of this course, you'll have a robust understanding of the OWASP Top Ten, secure software development principles, and a broadened view of web application security. Armed with these skills, you'll be well-prepared to help your organization navigate the challenging landscape of cybersecurity.

Learning Objectives

  • Learn to execute bug hunting and hacking activities in a manner that respects privacy and system integrity.
  • Develop the ability to recognize and effectively utilize defect/bug reporting systems within your organization.
  • Gain insights into common mistakes made during bug hunting and vulnerability testing and learn strategies to avoid them.
  • Delve into the principles and terminology of defensive coding, including understanding the phases and objectives of a typical exploit, to build more secure applications.
  • Recognize the value of a layered, in-depth defense strategy in cybersecurity, enhancing your capacity to build robust and resilient systems.
  • Understand the potential origins of untrusted data and the risks they pose.
  • Learn about the vulnerabilities associated with authentication and authorization, and how to detect, attack, and implement defenses.
  • Familiarize yourself with the risks involved in XML processing, file uploads, and server-side interpreters, and learn how to mitigate these risks.

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):