Exploring the OWASP Top 10

OWASP 2021 refers to the latest edition of the Open Web Application Security Project (OWASP) Top Ten list, which identifies the most critical web application security risks. It is a valuable resource as it provides organizations with insights into prevalent vulnerabilities, helping them prioritize their security efforts and fortify their applications against potential attacks.

Exploring the OWASP Top 10 is a two day engaging course that provides you with the skills to protect data and maintain user trust across various digital projects. From identifying and eliminating bugs to managing unvalidated data, you'll delve into a myriad of vulnerabilities such as Broken Access Control, Cryptographic Failures, and the complexities of Server-Side Request Forgeries (SSRF). Throughout the course you’ll explore the realm of software integrity, proper handling of authentication data, and the importance of robust security logging and monitoring systems. You'll also examine the challenges of 'Shifting Left' in software development processes and explore the intricacies of handling software and data integrity failures. These encompass using trusted repositories, protecting software development resources, and issues related to Continuous Integration/Continuous deployment (CI/CD) pipelines.

This course is led by a seasoned web application security expert who shares practical insights, best practices, and real-life experiences, adding invaluable depth to your learning journey. Through engaging demonstrations and activities, you'll apply your newfound knowledge to real-world scenarios, enhancing your ability to analyze and mitigate security risks while maintaining privacy and ethical standards. You'll also gain practical experience with innovative tools and strategies, working through labs mirroring real-world situations, such as dissecting high-profile case studies like SolarWinds and Capital One.

By the end of this course, you'll have a robust understanding of the OWASP Top Ten, secure software development principles, and a broadened view of web application security. Armed with these skills, you'll be well-prepared to help your organization navigate the challenging landscape of cybersecurity.

Course Overview

Overall Proficiency Level

1 - Basic

Course Prerequisites

Real-world programming experience is highly recommended for code reviews, but not required.

Training Purpose

Management Development

Skill Development

Specific Audience

All

Delivery Method

Classroom

Online, Instructor-Led

Course Locations

8890 McGaw Road
Suite 200
Columbia, MD 21045

625 W Adams Street
Chicago, IL 60661

5908 Headquarters Drive
Suite 400
Plano, TX 75024

201 N Franklin St
Floor 37
Tampa, FL 33602

40 E. Rio Salado Parkway
Suite 200
Tempe, AZ 85281

Course Location Map

Your Location
Providers
Courses
Course and Provider Quantity

Classroom
Online, Instructor-Led

Learning Objectives

Learn to execute bug hunting and hacking activities in a manner that respects privacy and system integrity.
Develop the ability to recognize and effectively utilize defect/bug reporting systems within your organization.
Gain insights into common mistakes made during bug hunting and vulnerability testing and learn strategies to avoid them.
Delve into the principles and terminology of defensive coding, including understanding the phases and objectives of a typical exploit, to build more secure applications.
Recognize the value of a layered, in-depth defense strategy in cybersecurity, enhancing your capacity to build robust and resilient systems.
Understand the potential origins of untrusted data and the risks they pose.
Learn about the vulnerabilities associated with authentication and authorization, and how to detect, attack, and implement defenses.
Familiarize yourself with the risks involved in XML processing, file uploads, and server-side interpreters, and learn how to mitigate these risks.

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Competency Areas

Operational Technology (OT) Security

Work Roles

Feedback

If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.

Last Published Date: September 3, 2024