OWASP Top 10: #5 Security Misconfiguration and #6 Vulnerable and Outdated Components

Focused View

Caroline Wong

33:33

15 View

01 - Introduction

01 - 2021 OWASP Top 10.mp4

01:05

02 - OWASP Top 10 series.mp4

00:43

02 - 1. Security Misconfiguration

01 - What is security misconfiguration.mp4

03:12

02 - Example #1 2020 SolarWinds data breach.mp4

03:47

03 - Example #2 State of Pentesting Report.mp4

02:20

04 - Prevention technique #1 Repeatable hardening.mp4

03:16

05 - Prevention technique #2 Minimal platform.mp4

03:07

06 - Prevention technique #3 Configuration review.mp4

02:54

03 - 2. Insecure Design

01 - What are vulnerable and outdated components.mp4

01:44

02 - Real-world example #1 Equifax breach 2017.mp4

02:04

03 - Real-world example #2 Target breach 2013.mp4

01:50

04 - Prevention technique #1 Remove unnecessary features.mp4

01:55

05 - Prevention technique #2 Continuous inventory management.mp4

02:05

06 - Prevention technique #3 Leverage virtual patching.mp4

02:36

04 - Conclusion

01 - Explore more of the OWASP Top 10.mp4

00:55

Description

Security vulnerabilities should be top of mind when it comes to safely accessing web applications within an organization. There’s always something that can go wrong if you’re not careful, but how do you prepare for a possible attack? In this course, instructor and application security expert Caroline Wong gives you an overview of two of the most common vulnerabilities listed on the 2021 Open Web Application Security Project (OWASP) Top 10 List: security misconfiguration and vulnerable and outdated components.

Explore the fundamentals of security misconfiguration and vulnerable and outdated components to build your understanding of how each vulnerability works and find out what you can do to defend yourself against an attack, drawing from real-life examples along the way. Discover the latest, most effective prevention techniques to keep your web applications safe and secure.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Anti-Money Laundering

Caroline Wong

Instructor's Courses

I am a strategic leader with strong communications skills, cybersecurity knowledge, and deep experience delivering global programs. My practical information security knowledge stems from broad experience as a Cigital consultant, a Symantec product manager, and day-to-day leadership roles at eBay and Zynga. I authored the popular textbook Security Metrics: A Beginner's Guide. My writing is also featured in Epic Failures in DevSecOps Vol. 1, CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, Cybersecurity Career Guide: Who Works in Cybersecurity, How We Got Started, Why We Need You, and IT Security Metrics: A Practical Framework for Measuring Security & Protecting Data. I host the Humans of InfoSec Podcast: https://soundcloud.com/humans-of-infosec Speaking engagements include: • Global AppSec DC (2019) • RSA USA (2019, 2018, 2017, 2014, 2013, 2011, 2010) • Developer Week (2019, 2018) • Source Phoenix-Mesa (2018) • SnowFROC (2018) • IoT Tech Expo NA (2017) • DevOps Enterprise Summit (2017) • DevSecCon Boston (2017) • BSidesLV (2017) • OWASP AppSec Cali (2018, 2017, 2016) • O'Reilly Security NY (2016) • CIO Asia (2012) • Metricon 7.0 (2012) • Security Development Conference (2012) • ISC2 Security Congress (2011) • ITWeb Security Summit (2011) • RSA Europe (2010)

Linkedin Learning

View courses Linkedin Learning

LinkedIn Learning is an American online learning provider. It provides video courses taught by industry experts in software, creative, and business skills. It is a subsidiary of LinkedIn. All the courses on LinkedIn fall into four categories: Business, Creative, Technology and Certifications. It was founded in 1995 by Lynda Weinman as Lynda.com before being acquired by LinkedIn in 2015. Microsoft acquired LinkedIn in December 2016.