Overview What You Will Learn Curriculum Instructor

Course Overview

Unless you try to exploit a vulnerability yourself, no reading will give you the required know-how to fully understand the impact and look for and avoid such weaknesses in your applications.

To become a better professional, you should have a great understanding of the most critical web application security risks. This is mandatory for IT students, job seekers, software developers, testers, and application managers.

The OWASP Top 10 “is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications”.

This course follows a hands-on approach: you’ll exploit at least ten vulnerabilities in a deliberately vulnerable web application. In each session, we will review and briefly discuss a single OWASP Top 10 risk, and then you’ll be guided to search and exploit that weakness in the target application. Since you’ll have access to the web application source code, you’ll be able to spot the vulnerable source code and fix it.

After completing this course, you’ll be comfortable answering security-related questions in your next job interview or bringing security into your organization and into the Software Development Life Cycle (SDLC).

What You Will Learn

  • How to use the OWASP Top 10 to ensure your applications minimize the security risks in the list
  • How Web Applications are built and delivered on top of the HTTP protocol
  • Threat agents, attack vectors, and impact of the ten most critical web application security risks
  • Identify and mitigate the ten most critical security risks by reviewing vulnerable source code
  • Common exploitation techniques used to test software security

Program Curriculum

  • Welcome
  • Introduction to the OWASP Top 10
  • How the World Wide Web Works
  • $7 Million Cybersecurity Scholarship by EC-Council
  • Chapter 1 Quiz

  • Threat Analysis
  • Exploitation
  • Mitigation
  • SQL Injection in OWASP Juice Shop: Exploitation & Mitigation - Lab
  • Chapter 2 Quiz

  • Threat Analysis
  • Exploitation
  • Mitigation
  • Assessing Security Vulnerabilities in OWASP Juice Shop - Lab
  • Chapter 3 Quiz

  • Threat Analysis
  • Exploitation
  • Mitigation
  • Analyze and Secure Sensitive Data Handling in Web Applications - Lab
  • Chapter 4 Quiz

  • Threat Analysis
  • Exploitation
  • Mitigation
  • Secure XML Processing Against XXE Vulnerabilities - Lab
  • Chapter 5 Quiz

  • Threat Analysis
  • Exploitation
  • Mitigation
  • Analyze and Exploit API Vulnerabilities in OWASP Juice Shop
  • Chapter 6 Quiz

  • Threat Analysis
  • Exploitation
  • Mitigation
  • Exploiting Web Vulnerabilities in Juice Shop - Lab
  • Chapter 7 Quiz

  • Threat Analysis
  • Exploitation
  • Mitigation
  • Investigate & Exploit Vulnerabilities in Web Application Security - Lab
  • Chapter 8 Quiz

  • Threat Analysis
  • Exploitation
  • Mitigation
  • Chapter 9 Quiz

  • Threat Analysis
  • Exploitation
  • Mitigation
  • Analyzing and Exploiting JWT Vulnerabilities in Web Applications - Lab
  • Chapter 10 Quiz

  • Threat Analysis
  • Exploitation
  • Mitigation
  • Chapter 11 Quiz

  • OWASP Top 10 – 2021​

  • Threat Analysis​
  • Exploitation​
  • Mitigation​
  • Evaluate Server-Side Processing & Input Validation in Juice Shop - Lab
Load more modules

Instructor

Paulo Silva

Paulo Silva holds a bachelor’s degree in computer science and a master in Innovation and Technological Entrepreneurship. With more than 15 years professional experience as software developer, in the last 6 years he has been completely focused on security. Nowadays he is an independent senior security researcher, collaborating with several organizations to find and fix security weaknesses in their systems. Since 2010 Paulo is OWASP’s volunteer contributing to several projects such as the OWASP Top 10 and OWASP API Security Top 10 in which he is the main contributor. He’s also the OWASP Go Secure Coding Practices project leader. Used to attend security conferences all over the world, Paulo is frequently invited to deliver awareness and security training in the academia. He has also authored several security articles and secure programming guides.

Join over 1 Million professionals from the most renowned Companies in the world!

certificate

Fastest Way to Level Up Your Cybersecurity Skills

Invest in your future with flexible subscription plans that give you access to the world’s largest online cybersecurity course library. Whether you're exploring cybersecurity courses for beginners or advancing your expertise,
access in-demand courses, practical labs, and CTF challenges designed to support continuous learning.

Monthly Plans
Annual Plans
Save 20% with our annual plans!

Pro

Build your cybersecurity skills with 900+ bite-sized courses and curated learning paths designed for continuous learning.

$ 69.00
Billed monthly or $599.00 billed annually
Get Started Now
Start your 7-day trial for $1

What is included

  • 880+ Premium Short Courses
  • 70+ Structured Learning Paths
  • Validation of Completion with all courses and learning paths
  • New Courses added every month
Early Access Offer

Pro +

Develop real-world cybersecurity skills through hands-on labs and CTF challenges designed for practical learning.

$ 79.00
Billed monthly or $699.00 billed annually
Get Started Now
Start your 7-day trial for $1

Everything in Pro, Plus:

  • 1600+ Hands-on lab exercises with guided instructions
  • 150+ CTF Challenges with detailed walkthroughs
  • New Hands-on Labs and Challenges added every month

Related Courses

  • Bootstrap 4 Quick Website Bootstrap Components Course
    Short Course

    Bootstrap 4 Quick Website Bootstrap Components Course

    Software Development

    Explore the basics of Bootstrap and learn to create a website...

    $49.99

    Beginner

    1 hr 30 m

  • CCNA - Understanding Routers and Switches
    Short Course

    CCNA - Understanding Routers and Switches

    Security Architecture and Operations

    A comprehensive guide to understanding the in-depth functioni...

    $49.99

    Intermediate

    2 hr 0 m

  • The Complete Full-Stack JavaScript Course
    Short Course

    The Complete Full-Stack JavaScript Course

    Software Development

    Learn full-stack web development using JavaScript (ReactJS, N...

    $79.99

    Beginner

    24 hr 17 m

  • React.JS for Ecommerce: Building a Store with React.JS
    Short Course

    React.JS for Ecommerce: Building a Store with React.JS

    DevSecOps

    From React.js Fundamentals to Crafting an Online Storefront

    $49.99

    Advanced

    3 hr 30 m

  • CISSP Certification Domains 5, 6, 7, and 8 Video Training
    Short Course

    CISSP Certification Domains 5, 6, 7, and 8 Video Training

    Cybersecurity

    This course is ideal for individuals who desire to pass the I...

    $69.99

    Intermediate

    6 hr 30 m

  • Helm 3 - Package Manager for Kubernetes
    Short Course

    Helm 3 - Package Manager for Kubernetes

    Software Development

    A must tool for every DevOps engineer

    $49.99

    Intermediate

    1 hr 27 m

  • Learn Ethical Hacking by Hacking Real Websites Legally
    Short Course

    Learn Ethical Hacking by Hacking Real Websites Legally

    Vulnerability Assessment and Pentesting

    Fun way to learn ethical hacking by playing online hacking ga...

    $69.99

    Beginner

    4 hr 18 m

  • Mastering Ansible Playbooks: Debugging and Security
    Short Course

    Mastering Ansible Playbooks: Debugging and Security

    Software Development

    Securing and Automating Linux and Windows Systems with Advanc...

    $99.99

    Advanced

    5 hr 34 m

1 50
View all