OWASP top 10 Web Application Security for Absolute Beginners
What you’ll learn
Be confident in explaining the OWASP top 10 during an interview
Explain all OWASP top 10 threats short and impactful to get attention of managers
Explain the impact per threat for your business
Understand how the OWASP top 10 threats can be executed by attackers
Understand how the OWASP top 10 threats may be mitigated
Explain ‘Injection’ to your mom
Explain ‘Insecure Deserialisation’ to your non technical friends
Understand best practices such as Defense in Depth and STRIDE
Requirements
Interest in understanding of the concepts
No coding or programming experience needed
Open mind and a willingness to learn
Description
****ALWAYS UPDATED WITH NEW LESSONS****+ Get instant access to course slides!+ Get instant access to additional technical resources to scan your websiteUnderstand impact, Explain Vulnerabilities, And Make More MoneyWithin 1,5 hour you will be able to explain web application security without having to code. For your convenience: I’ve combined the OWASP 2017 and OWASP 2013 top 10 list into a single list of 10 common web application security threats.I’ve updated the course with the new threats added in 2021.I will teach you the 10 most common threats identified by the Open Web Application Security Project (OWASP). This course will jumpstart your security career! Overview1) Understand the OWASP top 10, 2) Explain impact per security threat, 3) Understand these threats can be executed by attackers / pentesters / hackers 4) Explain how these security threats can be mitigated You will be able to understand the above-mentioned points without having to understand code. How is that possible?The threats are explained conceptually, since the implementation of a threat may differ per situation. Therefore, having a general understanding of the security threats, its implications and potential solutions will provide you with the essential knowledge to mitigate the impact of these web application security threats. Hence, no security coding or security testing experience needed.Content (the course is updated continuously thus this list will grow!)InjectionBroken Authentication and Session ManagementCross-Site ScriptingBroken Access ControlSecurity MisconfigurationSensitive Data ExposureInsufficient Attack ProtectionCross-Site Request ForgeryUsing Components with Known VulnerabilitiesUnderprotected APIsXML External Entities (XXE)Insecure DeserialisationInsufficient logging and monitoringCryptographic FailuresInsecure Design Software and Data Integrity Failures Server-Side Request Forgery My Promise to YouI’m a full time security consultant and online teacher. I’ll be here for you every step of the way. If you have any questions about the course content or anything related to this topic, you can send me a direct message.What makes me qualified to teach you?My name is Soerin and I’ve been consulting and teaching information security over a decade. I teach over 36,000 students online, 2.000 offline and have accumulated hundreds of 5-star reviews like these:”I really like this format of short videos followed by a couple of questions, it is certainly my favorite way to learn.” Camilla from Brazil “Really great structure, I love the “What is it?” -> “what is the impact?” -> “prevention tactics” aspect of it because it allows for a much more easy to follow course.” Jason from USA”Great resources and very time-efficient. No extra unnecessary stuff, just the main points!” Emma from UKI have a 30-day 100% money back guarantee, so if you aren’t happy with your purchase, I will refund your course – no questions asked!I can’t wait to see you in the course!Enroll now, and I’ll help you in your journey understanding Web Application Security better than ever before!Cheers,Soerin
Overview
Section 1: OWASP Top 10 Most Critical Web Application Security Risks
Lecture 1 Introduction OWASP top 10 (2017)
Lecture 2 UPDATED – OWASP top 10 (2021)
Lecture 3 Injection
Lecture 4 Broken Authentication and Session management
Lecture 5 Cross-Site Scripting (XSS)
Lecture 6 Broken Access Control
Lecture 7 Security Misconfiguration
Lecture 8 Sensitive Data Exposure
Lecture 9 Insufficient Attack Protection
Lecture 10 Cross-Site Request Forgery (CSRF)
Lecture 11 Using Components with Known Vulnerabilities
Lecture 12 Underprotected APIs
Section 2: Finalised top 10 in 2017
Lecture 13 XML external entities – OWASP A4:2017
Lecture 14 Insecure deserialization – OWASP A8:2017
Lecture 15 Insufficient logging and monitoring – OWASP A10:2017
Section 3: New in 2021
Lecture 16 Cryptographic Failures – OWASP A02:2021
Lecture 17 Insecure Design – OWASP A04:2021
Lecture 18 Software and Data Integrity Failures – OWASP A08:2021
Lecture 19 Server-Side Request Forgery – OWASP A10:2021
Section 4: Extra tips!
Lecture 20 Defense in depth
Lecture 21 STRIDE
Lecture 22 Secure development processes
Section 5: Even more additional videos!
Lecture 23 How can you test whether you website uses the latest security protocols?
Lecture 24 Where can I (legally) test my hacking skills for free?
Lecture 25 What are insecure direct object references?
Lecture 26 Like this course? Check Out My Software Quality Course!
(Project) managers that lead software projects,Software architects that want to explain the OWASP top 10 to product owners,Software engineers that want to advance their career,Anyone interested in the basics of web application security, explained in layman’s terms,Pentesters / Red team that need foundational understanding,Recruiters that want to challenge software engineers,Product Owners that care about their product
Course Information:
Udemy | English | 1h 27m | 429.46 MB
Created by: Soerin Bipat
You Can See More Courses in the IT & Software >> Greetings from CourseDown.com