OWASP Top 10

7 H 53 M

Just you? Training a whole team? There's an ITProTV plan that fits.

Start Training Today
  • Course Overview
    • Course Overview
  • Broken Access Control
    • Exploit: Broken Access Control
    • Fix: Broken Access Control
    • Verify: Broken Access Control
  • Cryptographic Failures
    • Exploit: Cryptographic Failures
    • Fix: Cryptographic Failures
    • Verify: Cryptographic Failures
  • Injection
    • Exploit: Injection
    • Fix: Injection
    • Verify: Injection
  • Insecure Design
    • Exploit: Insecure Design
    • Fix: Insecure Design
    • Verify: Insecure Design
  • Security Misconfiguration
    • Exploit: Security Misconfiguration
    • Fix: Security Misconfiguration
    • Verify: Security Misconfiguration
  • Vulnerable and Outdated Components
    • Exploit: Vulnerable and Outdated Components
    • Fix: Vulnerable and Outdated Components
    • Verify: Vulnerable and Outdated Components
  • Identification and Authentication Failures
    • Exploit: Identification and Authentication Failures
    • Fix: Identification and Authentication Failures
    • Verify: Identification and Authentication Failures
  • Software and Data Integrity Failures
    • Exploit: Software and Data Integrity Failures
    • Fix: Software and Data Integrity Failures
    • Verify: Software and Data Integrity Failures
  • Security Logging and Monitoring Failures
    • Exploit: Security Logging and Monitoring Failures
    • Fix: Security Logging and Monitoring Failures
    • Verify: Security Logging and Monitoring Failures
  • Server-Side Request Forgery
    • Exploit: Server-Side Request Forgery
    • Fix: Server-Side Request Forgery
    • Verify: Server-Side Request Forgery

Course Overview

4 M

itprotv course thumbnailitprotv course thumbnailitprotv course thumbnail
  • Episode Description
  • Transcript

This course is designed to teach you about the 2021 version of the OWASP Top 10 Web Application Vulnerabilities. The OWASP Top 10 is a list of the most critical security risks to web applications, and it is widely used by organizations to improve their web application security. This course will cover each of the OWASP Top 10 vulnerabilities in detail, including: What the vulnerability is Explanations of how it could be exploited Real-world examples of how the vulnerability has been exploited Possible detections and fixes of the vulnerability The course will also include demonstrations of each vulnerability so that you can see how they work in practice. Additionally, the course will explore possible fixes and/or mitigations for each vulnerability. By the end of this course, you will have a good understanding of the OWASP Top 10 Web Application Vulnerabilities and how to protect your web applications from them.

WEBVTT >> Hey there everyone and welcome to our OWASP Top Series for 2021. We're glad to have you, like give you a little overview of what this series is going to be about, what you can expect, who the heck we are and a little bit of that action. Let's start off with who are we? Well, I'll be your host for this series. My name is Daniel Lowry. I'm a subject matter expert in cyber security for ACI learning. I also am going to be hosting. I'm going to be trying to driving this show. I have have credentials in cyber security such as Pentest Plus and Sysa Plus from CompTIA. I also have a first responder certification and various other industry certifications and experiences around cyber security. So I'll be lending some of my expertise to this as well, but also joining us will be our actual subject matter for this episode or this series, which is Justin >> Denison. Hi, Justin Denison here. I've got, so approaching, sometimes I forget how long it is. It's been around 10 years of various development experiences. I have certifications in various cloud technologies, AWS, some Cisco things. I've worked in not only application development, but also working with security teams to do pseudo-pin tests. Being like back and forth, I've helped them evaluate applications and designed and architected various cloud systems that security was the number one paramount decision. I'll be showing you how to think about it from a developer mindset with a security first attitude. Awesome. So Justin, when it comes to this course, the good folks out there, they probably want to know what's in it for me. What is this course about? What am I going to get? What's the big takeaway? So the big takeaway is being able to identify some of these things that maybe you don't know are actually issues. And then providing you with methodologies to go, all right, I don't want that to happen again. I want to make my web applications, my computer applications, whatever I'm developing, I want them to be as secure as can be. Because I can confirm, one of the better feelings I've had as a developer is when I've been pen tested and then the security team praised me. They're like, you know, all these things you had one, you're not going to be perfect. But then there in our discussion, they're like, it's so refreshing to have a developer that thinks about these things first. And it just makes everybody's life a little easier. So that's what you're going to get out of it. A way of thinking about these as you approach new development projects. Awesome. So the next question is going to be, what are the core schools like if >> I'm starting this from finished, I kind of wanted to give an outline of what's going to happen. What's the structure of this course? Could you kind of give us a elevator pitch of what's going to happen in this? >> All right, here I go. I'm going to give you the pitch for every one of the top 10 chunks. We're going to go a three episode arc. We're going to do an exploit episode, a fixed episode, and then a verification episode to kind of put it all together. What went wrong? How do we fix it if it does go wrong? And then we're making sure that we actually fixed it and how to think about preventing it in the future. For each one of those, you will get that in spades. >> Well, Justin, I'm really looking forward to this. I love security. Justin and I have worked for a while together and we have a lot of fun making these types of series for you good folks out there. And I really enjoy working with Justin and talking security and just giving that information out there to anybody that's wanting to listen and increase their own security. Justin, why are you excited about this course? I'm excited because I see so many of these things >> that people just getting started or I also have some personal vested interests. Like I've had loved ones get compromised or, hey, I'm using this insecure thing or I'm not doing these practices. And by drawing awareness to this, I'm hoping to make security and developers work better together, but also just really up everyone's game and make the world--this is a little cliche-- but make it a little safer out there. Hey, nothing wrong with that, right? We all want a little bit better security out there. And hopefully by the end of this series, you will have an understanding of the OWASP Top 10 in a way that you will be able to implement in a practical and pragmatic way and increase your security for your web applications. That sounds like something that interests you. Well, we look forward to seeing you in the upcoming episodes.