YoVDO

OWASP Top 10 Vulnerabilities Course (How To)

Offered By: Treehouse

Tags

Web Security Courses Javascript Courses Node.Js Courses Cross-Site Scripting (XSS) Courses Cross-Site Request Forgery (CSRF) Courses Access Control Courses Injection Vulnerabilities Courses

Course Description

Overview

Welcome again to the realm of web security, where millions of dollars and people’s lives are on the line. Not every web application has that much on the line, but many do, and it’s your job as the developer or manager to keep your users safe! From protecting static web sites to the most complex of web services and APIs, every web developer should be aware of, and adept at writing secure code and building systems that can stand up to the strongest of malicious users.

In this course, we will build on earlier courses in basic web security by diving into the OWASP Top 10 for Node.js and JavaScript. The OWASP Top 10 is a trusted knowledge framework covering the top 10 major web security vulnerabilities, as well as providing information on how to mitigate them. Throughout this course, we will explore each vulnerability in general and in the scope of how they occur in JavaScript (as the frontend) and Node.js (as the backend).

What you'll learn

  • Injection
  • Broken Authentication
  • XSS
  • CSRF
  • Broken Access Controls
  • Sensitive Data Exposure
  • Insecure Direct Object References
  • Misconfiguration
  • Insecure Components
  • Redirects

Syllabus

The OWASP Top 10 Explained

Welcome! In this stage, you will learn why web security matters, what is OWASP, and what is the OWASP Top 10.

Chevron 4 steps
  • Why We Should Care About Web Security

    2:46

  • What is OWASP?

    1:23

  • What is the OWASP Top 10, and Why Trust It?

    2:17

  • OWASP Top 10 Review

    5 questions

Vulnerabilities: Injection, XSS, CSRF

In this stage, we will cover the #1 and #7 vulnerabilities from 2017, and #8 from 2013: Injection (SQL injection and command injection), XSS (Cross-Site Scripting), and CSRF (Cross-Site Request Forgery).

Chevron 6 steps
  • Injection

    10:55

  • Command Injection

    7 questions

  • XSS: How It Works

    4:31

  • XSS: Demonstration and Prevention

    5:36

  • CSRF

    7:44

  • XSS and CSRF Review

    7 questions

Vulnerabilities: Authentication, Access, and Sensitive Data

In this stage, we will cover the #2, #5, and #3 vulnerabilities: Broken Authentication, Broken Access Controls, and Sensitive Data Exposure.

Chevron 5 steps
  • Broken Authentication and Session Management

    9:53

  • Broken Access Controls

    8:03

  • Session Management and Access Controls

    6 questions

  • Sensitive Data Exposure

    9:00

  • SSL/TLS, and Exposing Sensitive Data

    5 questions

Vulnerabilities: Configuration, Components, and Logging

In this stage, we will cover the #6, #9, and #10 vulnerabilities: Misconfiguration, Insecure Components, and Insufficient Logging and Monitoring. We will end with where you can turn to next to practice exploiting and securing against the vulnerabilities you’ve learned in a realistic environment.

Chevron 6 steps
  • Misconfiguration

    5:47

  • Security Misconfiguration

    6 questions

  • Insecure Components

    4:41

  • Insufficient Logging and Monitoring

    2:36

  • Next Steps

    2:04

  • Insecure Components and Insufficient Monitoring

    5 questions


Taught by

Jared Smith

Related Courses

Learn Admin Fundamentals in Marketing Cloud
Salesforce via Trailhead
Basic Cryptography and Programming with Crypto API
University of Colorado System via Coursera
User Authentication & Authorization in Express
Codecademy
Introduction to Web Authentication
World Wide Web Consortium (W3C) via edX
Escudo Digital: Ciberseguridad para Protección de Datos y Sistemas
Universidad Anáhuac via edX