Since 2003, OWASP has released the Top 10 Most Critical Web Application Security Risks list. It has been the basis of much development and consternation, but do you really understand what each of these issues and their corresponding controls mean? As a developer, do you know how to prevent these issues? As a security professional, do you truly know what they are and how to evaluate their effectiveness?
In this course, Secure Ideas will walk attendees through the various items in the latest OWASP Top 10 and corresponding controls. Students will leverage modern applications to explore how the vulnerabilities work and how to find them in their own applications.
- What is the Top 10
- Update Process
- Past Versions
- Why It Matters
- OWASP Top 10
- A01:2021 – Broken Access Control
- A02:2021 – Cryptographic Failures
- A03:2021 – Injection
- A04:2021 – Insecure Design
- A05:2021 – Security Misconfiguration
- A06:2021 – Vulnerable and Outdated Components
- A07:2021 – Identification and Authentication Failures
- A08:2021 – Software and Data Integrity Failures
- A09:2021 – Security Logging and Monitoring Failures
- A10:2021 – Server-Side Request Forgery (SSRF)
- Summary of Proactive Controls
WHO SHOULD TAKE THIS COURSE
Any developers and or security professionals with responsibilities related to application security, including both offensive and defensive roles.
TRAINER & AUTHOR
Kevin Johnson is the Chief Executive Officer of Secure Ideas. Kevin has a long history in the IT field including system administration, network architecture and application development. He has been involved in building incident response and forensic teams, architecting security solutions for large enterprises, and penetration testing everything from government agencies to Fortune 100 companies. In addition, Kevin is a faculty member at IANS and was an instructor and author for the SANS Institute.