OWASP TOP 10 w/ Kevin Johnson

Instructor: Kevin Johnson
Course Length: 12-Hours
Format: Live Online or On-Demand

View Live Online Class Schedule
Register for On-Demand Training

Since 2003, OWASP has released the Top 10 Most Critical Web Application Security Risks list. It has been the basis of much development and consternation, but do you really understand what each of these issues and their corresponding controls mean? As a developer, do you know how to prevent these issues? As a security professional, do you truly know what they are and how to evaluate their effectiveness?

In this course, Secure Ideas will walk attendees through the various items in the latest OWASP Top 10 and corresponding controls. Students will leverage modern applications to explore how the vulnerabilities work and how to find them in their own applications.

Topics/Agenda

  • Introduction
  • What is the Top 10
    • Update Process
    • Past Versions
    • Why It Matters
  • OWASP Top 10
    • A01:2021 – Broken Access Control
    • A02:2021 – Cryptographic Failures
    • A03:2021 – Injection
    • A04:2021 – Insecure Design
    • A05:2021 – Security Misconfiguration
    • A06:2021 – Vulnerable and Outdated Components
    • A07:2021 – Identification and Authentication Failures
    • A08:2021 – Software and Data Integrity Failures
    • A09:2021 – Security Logging and Monitoring Failures
    • A10:2021 – Server-Side Request Forgery (SSRF)
  • Summary of Proactive Controls

WHO SHOULD TAKE THIS COURSE

Any developers and or security professionals with responsibilities related to application security, including both offensive and defensive roles.

Prerequisites

None

Live Online

Learn via live stream from instructors that are in the field utilizing the techniques they teach. Classes are split into four training days that are each four hours long. Live Online training includes six months access to dedicated class channels in the Antisyphon Discord server, six months access to live class recordings, a certificate of participation, and 12 months complimentary access to the Antisyphon Cyber Range.

On-Demand

Learn at your own pace with access to course content, lectures, and demos in the Antisyphon On-demand learning platform. Most courses are offered with lifetime access to the course and content updates. All On-demand courses include content update alerts, access to dedicated support channels in the Antisyphon Discord server, a certificate of participation, and 12 months complimentary access to the Antisyphon Cyber Range.

Live Online w/ On-Demand Bundle

This is the best of both worlds! Attend the live online class at its next scheduled interval and gain access to the online training modules in the Antisyphon On-demand training platform. Bundle also includes six months access to dedicated class channels in the Antisyphon Discord server, six months access to live class recordings, a certificate of participation, and 12 months complimentary access to the Antisyphon Cyber Range.

Kevin Johnson
Kevin Johnson is the Chief Executive Officer of Secure Ideas. Kevin has a long history in the IT field including system administration, network architecture and application development. He has been involved in building incident response and forensic teams, architecting security solutions for large enterprises, and penetration testing everything from government agencies to Fortune 100 companies. In addition, Kevin is a faculty member at IANS and was an instructor and author for the SANS Institute.

COURSE SCHEDULE

Check back for future dates and times!