Course description
In this course, the student will get an overview of the OWASP Top 10 2021. The OWASP® (“Open Worldwide Application Security Project”) Foundation first published the OWASP Top 10 list in 2003. Since then, the list has been updated in 2004, 2007, 2010, 2013, and 2017. The most recent update was published in 2021. Security threats and related risks that make the list at any point are identified by their rank on the list and the year of the list.
The OWASP Top 10 list provides information about the top 10 security threats and related risks software developers need to know and think about as they build their applications. The security threats and related risks are primarily focused on web applications, but since the beginning, the Top 10 list has been helping many software developers understand and counter the most critical security threats and related risks in many kinds of applications.
This course covers Security Logging and Monitoring Failures, Server Side Request Forgery and conclusion.
Prerequisites
The student is encouraged to watch the OWASP Top 10 2017 Update before this course as it will give a good foundation for the changes in the OWASP Top 10 2021.
This course assumes some experience with web development and a basic understanding of application security.
Meet the expert
Robert Hurlbut is a software security architect and trainer. He is a Microsoft MVP for Developer Security / Visual Studio and Development Technologies and he holds the (ISC)2 CSSLP security certification. Robert has 30 years of industry experience in secure coding, software architecture, and software development and has served as a project manager, director of software development, chief software architect, and application security champion for several companies. He speaks at user groups, national and international conferences, and provides training for many clients.
Course outline
Module 4
Security Logging and Monitoring Failures (13:05)
- Introduction (00:08)
- A9 Security Logging and Monitoring Failures (03:34)
- How to Prevent (04:43)
- Example Attacks (03:39)
- References (00:59)
- Summary (00:00)
Server Side Request Forgery (18:16)
- Introduction (00:08)
- A10 Server-Side Request Forgery (04:45)
- How to Prevent (03:31)
- Example Attacks (04:17)
- Demo: SSRF Attack (05:32)
- Summary (00:00)
Next Steps (06:46)
- Introduction (00:08)
- A11 Next Steps (01:27)
- Code Quality (01:03)
- Denial of Service (01:38)
- Memory Management Errors (01:14)
- General Recommendations (01:15)
- Summary (00:00)
Conclusion (04:32)
- Introduction (00:08)
- Conclusion (01:29)
- Starting Place (01:45)
- Resources (01:02)
- Summary (00:08)