OWASP Top 10 Vulnerabilities Course (How To)
Offered By: Treehouse
Course Description
Overview
Welcome again to the realm of web security, where millions of dollars and people’s lives are on the line. Not every web application has that much on the line, but many do, and it’s your job as the developer or manager to keep your users safe! From protecting static web sites to the most complex of web services and APIs, every web developer should be aware of, and adept at writing secure code and building systems that can stand up to the strongest of malicious users.
In this course, we will build on earlier courses in basic web security by diving into the OWASP Top 10 for Node.js and JavaScript. The OWASP Top 10 is a trusted knowledge framework covering the top 10 major web security vulnerabilities, as well as providing information on how to mitigate them. Throughout this course, we will explore each vulnerability in general and in the scope of how they occur in JavaScript (as the frontend) and Node.js (as the backend).
What you'll learn
- Injection
- Broken Authentication
- XSS
- CSRF
- Broken Access Controls
- Sensitive Data Exposure
- Insecure Direct Object References
- Misconfiguration
- Insecure Components
- Redirects
Syllabus
The OWASP Top 10 Explained
Welcome! In this stage, you will learn why web security matters, what is OWASP, and what is the OWASP Top 10.
Chevron 4 steps-
Why We Should Care About Web Security
2:46
-
What is OWASP?
1:23
-
What is the OWASP Top 10, and Why Trust It?
2:17
-
OWASP Top 10 Review
5 questions
Vulnerabilities: Injection, XSS, CSRF
In this stage, we will cover the #1 and #7 vulnerabilities from 2017, and #8 from 2013: Injection (SQL injection and command injection), XSS (Cross-Site Scripting), and CSRF (Cross-Site Request Forgery).
Chevron 6 steps-
Injection
10:55
-
Command Injection
7 questions
-
XSS: How It Works
4:31
-
XSS: Demonstration and Prevention
5:36
-
CSRF
7:44
-
XSS and CSRF Review
7 questions
Vulnerabilities: Authentication, Access, and Sensitive Data
In this stage, we will cover the #2, #5, and #3 vulnerabilities: Broken Authentication, Broken Access Controls, and Sensitive Data Exposure.
Chevron 5 steps-
Broken Authentication and Session Management
9:53
-
Broken Access Controls
8:03
-
Session Management and Access Controls
6 questions
-
Sensitive Data Exposure
9:00
-
SSL/TLS, and Exposing Sensitive Data
5 questions
Vulnerabilities: Configuration, Components, and Logging
In this stage, we will cover the #6, #9, and #10 vulnerabilities: Misconfiguration, Insecure Components, and Insufficient Logging and Monitoring. We will end with where you can turn to next to practice exploiting and securing against the vulnerabilities you’ve learned in a realistic environment.
Chevron 6 steps-
Misconfiguration
5:47
-
Security Misconfiguration
6 questions
-
Insecure Components
4:41
-
Insufficient Logging and Monitoring
2:36
-
Next Steps
2:04
-
Insecure Components and Insufficient Monitoring
5 questions
Taught by
Jared Smith
Related Courses
Learn Admin Fundamentals in Marketing CloudSalesforce via Trailhead Basic Cryptography and Programming with Crypto API
University of Colorado System via Coursera User Authentication & Authorization in Express
Codecademy Introduction to Web Authentication
World Wide Web Consortium (W3C) via edX Escudo Digital: Ciberseguridad para Protección de Datos y Sistemas
Universidad Anáhuac via edX