Course description
In this course, the student will get an overview of the OWASP Top 10 2021. The OWASP® (“Open Worldwide Application Security Project”) Foundation first published the OWASP Top 10 list in 2003. Since then, the list has been updated in 2004, 2007, 2010, 2013, and 2017. The most recent update was published in 2021. Security threats and related risks that make the list at any point are identified by their rank on the list and the year of the list.
The OWASP Top 10 list provides information about the top 10 security threats and related risks software developers need to know and think about as they build their applications. The security threats and related risks are primarily focused on web applications, but since the beginning, the Top 10 list has been helping many software developers understand and counter the most critical security threats and related risks in many kinds of applications.
This course covers an introduction to the history of the top ten. as well as Broken access Controls, cryptographic failures, and Injection.
Prerequisites
The student is encouraged to watch the OWASP Top 10 2017 Update before this course as it will give a good foundation for the changes in the OWASP Top 10 2021.
This course assumes some experience with web development and a basic understanding of application security.
Meet the expert
Robert Hurlbut is a software security architect and trainer. He is a Microsoft MVP for Developer Security / Visual Studio and Development Technologies and he holds the (ISC)2 CSSLP security certification. Robert has 30 years of industry experience in secure coding, software architecture, and software development and has served as a project manager, director of software development, chief software architect, and application security champion for several companies. He speaks at user groups, national and international conferences, and provides training for many clients.
Course outline
Module 1
Get Started (20:55)
- Introduction (00:08)
- About this Course (01:00)
- Previous Courses (01:21)
- OWASP History (03:31)
- OWASP Process (05:02)
- OWASP Format (03:07)
- Changes over Time (04:26)
- TOP TEN Website (02:08)
- Summary (00:08)
Broken Access Control (12:23)
- Introduction (00:08)
- A1 Broken Access Control (02:48)
- Attack Scenarios (02:45)
- Am I Vulnerable (02:08)
- Broken Access Control Refernce (01:27)
- Application Security Verification Standard (03:06)
- Summary (00:00)
Cryptographic Failures (33:11)
- Introduction (00:08)
- A2 Cryptogrpahic Failures (02:06)
- How To Prevent (02:06)
- Example Attacks (03:47)
- OWASP Refernce (03:45)
- Secure Salt (02:32)
- Salted Passwords (09:25)
- ASPNET Users (04:58)
- Encryption Choices (04:19)
- Summary (00:00)
Injection (39:07)
- Introduction (00:08)
- A3 Injection (13:22)
- Cross Site Scripting (03:31)
- Prevent Scripting (03:03)
- Persistent Scripting (03:40)
- SQL Injection (05:44)
- Stopping Injection (04:02)
- LINQ to SQL (01:41)
- URL SQL Injection (03:52)
- Summary (00:00)