Learn your way! Get started

OWASP Top 10 2021 Part 2

with expert Robert Hurlbut


Watch trailer


Course at a glance

Included in these subscriptions:

  • Dev & IT Pro Video
  • Dev & IT Pro Power Pack

Release date 8/14/2023
Level Intermediate
Runtime 1h 20m
Closed captioning N/A
Transcript N/A
eBooks / courseware N/A
Hands-on labs N/A
Sample code Included
Exams Included


Enterprise Solutions

Need reporting, custom learning tracks, or SCORM? Learn More



Course description

In this course, the student will get an overview of the OWASP Top 10 2021. The OWASP® (“Open Worldwide Application Security Project”) Foundation first published the OWASP Top 10 list in 2003. Since then, the list has been updated in 2004, 2007, 2010, 2013, and 2017. The most recent update was published in 2021. Security threats and related risks that make the list at any point are identified by their rank on the list and the year of the list. The OWASP Top 10 list provides information about the top 10 security threats and related risks software developers need to know and think about as they build their applications. The security threats and related risks are primarily focused on web applications, but since the beginning, the Top 10 list has been helping many software developers understand and counter the most critical security threats and related risks in many kinds of applications. This course covers Insecure Design, Security Misconfiguration and Vulnerable and Outdated Components.

Prerequisites

The student is encouraged to watch the OWASP Top 10 2017 Update before this course as it will give a good foundation for the changes in the OWASP Top 10 2021. This course assumes some experience with web development and a basic understanding of application security.

Meet the expert

Robert Hurlbut is a software security architect and trainer. He is a Microsoft MVP for Developer Security / Visual Studio and Development Technologies and he holds the (ISC)2 CSSLP security certification. Robert has 30 years of industry experience in secure coding, software architecture, and software development and has served as a project manager, director of software development, chief software architect, and application security champion for several companies. He speaks at user groups, national and international conferences, and provides training for many clients.

Course outline



Module 2

Insecure Design (38:17)
  • Introduction (00:08)
  • A4 Insecure Design (03:47)
  • How to Prevent (02:57)
  • Example Attacks (04:29)
  • Demo: Threat Modeling Manifesto (13:50)
  • Demo: OWASP Threat Dragon (13:05)
  • Summary (00:00)
Security Misconfiguration (27:51)
  • Introduction (00:08)
  • A5 Security Misconfiguration (02:09)
  • How to Prevent (03:13)
  • Example Attacks (05:20)
  • Demo: Security Misconfiguration (03:16)
  • Demo: Exception Handling (04:02)
  • Demo: Custom Errors (06:32)
  • Demo: Error Settings (03:07)
  • Summary (00:00)
Vulnerable and Outdated Components (14:04)
  • Introduction (00:08)
  • A6 Vulnerable and Outdated Components (02:52)
  • How to Prevent (01:59)
  • Example Attack Scenarios (02:17)
  • Demo: Known Vulnerabilities (03:08)
  • Demo: OWASP Dependency Check (03:39)
  • Summary (00:00)