Companies Home Search Profile
TrainingHub TrainingHub

OWASP top 10 Web Application Security for Absolute Beginners

Focused View

Soerin Bipat

1:27:28

7 View
  • 1 - ASVS-checklist-en.xlsx
  • 1 - Injection.html
  • 1 - Introduction OWASP top 10 2017.mp4
    01:22
  • 1 - OWASP-Application-Security-Verification-Standard-4.0.3-en.pdf
  • 1 - OWASP-Top-10-2017-en.pdf
  • 2 - Broken Authentication and Session management.html
  • 2 - OWASP-course-v1.4.pdf
  • 2 - UPDATED OWASP top 10 2021.mp4
    00:52
  • 2 - WAS.pdf
  • 2 - owasp-course-resources-urls.zip
  • 3 - A-novel-technique-to-prevent-SQL-injection-and-cross-site-scripting-attacks.pdf
  • 3 - CrossSite Scripting XSS.html
  • 3 - Defeating-SQL-Injection.pdf
  • 3 - Injection.mp4
    03:31
  • 3 - OWASP-Top-10-2017-Release-Candidate1-English.pdf
  • 3 - You-shall-not-pass-Mitigating-SQL-Injection-Attacks-on-Legacy-Web-Applications.pdf
  • 4 - Broken Authentication and Session management.mp4
    04:11
  • 4 - Root-Cause-Analysis-of-Session-Management-and-Broken-Authentication-Vulnerabilities.docx
  • 5 - CrossSite Scripting XSS.mp4
    03:13
  • 5 - Cross-Site-Scripting-Prevention-OWASP-Cheat-Sheet-Series.pdf
  • 5 - Cross-site-scripting-links.docx
  • 5 - OWASP has a cheatsheet that you can use to reduce the likelihood ofXSS attacks.txt
  • 5 - Security Misconfiguration.html
  • 6 - Broken Access Control.mp4
    03:22
  • 6 - Broken-Access-Control-OWASP-Foundation.pdf
  • 6 - Broken-Access-Control-links.docx
  • 6 - Sensitive data exposure.html
  • 7 - CIS-Benchmarks.pdf
  • 7 - Insufficient attack protection.html
  • 7 - Security Misconfiguration.mp4
    04:59
  • 7 - Security-misconfiguration-links.docx
  • 8 - CrossSite Request Forgery.html
  • 8 - Sensitive Data Exposure.mp4
    05:00
  • 8 - Sensitive-data-exposure-links.docx
  • 8 - robotex.zip
  • 9 - Insufficient Attack Protection.mp4
    02:19
  • 9 - Insufficient-attact-protection-links.docx
  • 9 - Threat-Modeling-OWASP-Cheat-Sheet-Series.pdf
  • 9 - Using component with known vulnerabilities.html
  • 10 - CrossSite Request Forgery CSRF.mp4
    04:14
  • 10 - Cross-Site-Request-Forgery-CSRF-OWASP-Foundation.pdf
  • 10 - Robust-defenses-for-cross-site-request-forgery.pdf
  • 10 - Underprotected APIs.html
  • 11 - A06-Vulnerable-and-Outdated-Components-OWASP-Top-10-2021.pdf
  • 11 - Using Components with Known Vulnerabilities.mp4
    05:30
  • 11 - Using-components-with-known-vulnerabilities-links.docx
  • 11 - free-resource.zip
  • 12 - AUTHENTICATION-AND-AUTHORIZATION-IN-MICROSERVICE-BASED-SYSTEMS-SURVEY-OF-ARCHITECTURE-PATTERNS.pdf
  • 12 - SECURING-MICROSERVICES-AND-MICROSERVICE-ARCHITECTURES-A-SYSTEMATIC-MAPPING-STUDY.pdf
  • 12 - Underprotected APIs.mp4
    04:28
  • 12 - Underprotected-APIs-links.docx
  • 12 - microservices-API-security.pdf
  • 12 - rest-en-api-security.zip
  • 11 - XML external entities.html
  • 12 - Insecure deserialization.html
  • 13 - Insufficient logging and monitoring.html
  • 13 - XML external entities OWASP A42017.mp4
    03:49
  • 13 - xxe-resources.zip
  • 14 - Insecure deserialization OWASP A82017.mp4
    03:46
  • 14 - insecure-deserialization-resource.zip
  • 15 - 2008DBIR.pdf
  • 15 - 2009DBIR.pdf
  • 15 - 2010DBIR.pdf
  • 15 - 2011DBIR.pdf
  • 15 - 2012DBIR.pdf
  • 15 - 2013DBIR.pdf
  • 15 - 2014DBIR.pdf
  • 15 - 2015DBIR.pdf
  • 15 - 2017-dbir.pdf
  • 15 - 2018DBIR.pdf
  • 15 - 2019-data-breach-investigations-report.pdf
  • 15 - 2020-data-breach-investigations-report.pdf
  • 15 - 2021DBIR.pdf
  • 15 - 2022-data-breach-investigations-report-dbir.pdf
  • 15 - 2023-data-breach-investigations-report-dbir.pdf
  • 15 - DBIR-2016-Report.pdf
  • 15 - Insufficient logging and monitoring OWASP A102017.mp4
    05:26
  • 15 - insufficient-logging-and-monitoring.zip
  • 16 - Comparative-Analysis-of-Cryptographic-Key-Management-Systems.pdf
  • 16 - CryptSDLC-Embedding-Cryptographic-Engineering-into-Secure-Software-Development-Lifecycle.pdf
  • 16 - Cryptographic Failures OWASP A022021.mp4
    02:16
  • 16 - Organizational-Practices-in-Cryptographic-Development-and-Testing.pdf
  • 17 - BakingTimer-Privacy-Analysis-of-Server-Side-Request-Processing-Time.pdf
  • 17 - Design-Methodologies-for-Securing-Cyber-Physical-Systems.pdf
  • 17 - Insecure Design OWASP A042021.mp4
    03:07
  • 17 - The-Application-of-a-New-Secure-Software-Development-Life-Cycle-S-SDLC-with-Agile-Methodologies.pdf
  • 18 - Software and Data Integrity Failures OWASP A082021.mp4
    03:37
  • 19 - Preventing-Server-Side-Request-Forgery-Attacks.pdf
  • 19 - ServerSide Request Forgery OWASP A102021.mp4
    02:26
  • 19 - server-side-request-forgery.zip
  • 20 - Defense in depth.mp4
    04:30
  • 20 - NCCIC-ICS-CERT-Defense-in-Depth-2016-S508C.pdf
  • 20 - defense-in-depth.zip
  • 20 - defense-in-depth-revisited-one-column.pdf
  • 21 - A-Modeling-Framework-for-Data-Protection-by-Design.pdf
  • 21 - STRIDE.mp4
    03:03
  • 21 - STRIDE-links.docx
  • 21 - Threat-Anlaysis-Stride-Model.xlsx
  • 21 - stride-and-linddun.zip
  • 22 - Comparison-of-SDL-and-Touchpoints.pdf
  • 22 - OWASP-Cheatsheets-Book.pdf
  • 22 - On-the-secure-software-development-process-CLASP-SDL-and-Touchpoints-compared.pdf
  • 22 - Secure development processes.mp4
    05:09
  • 22 - Secure-development-process-links.docx
  • 22 - Software-Security-in-Practice.pdf
  • 22 - Software-security-building-security-in.pdf
  • 22 - secure-software-development-process-resources.zip
  • 23 - How can you test whether you website uses the latest security protocols.mp4
    01:14
  • 23 - SSLLabs-link.docx
  • 23 - free-resources.zip
  • 24 - Test-hacking-skill-free-link.docx
  • 24 - Where can I legally test my hacking skills for free.mp4
    01:12
  • 24 - test-hacking-skills-for-free.zip
  • 25 - Insecure-Direct-Object-Reference-Prevention-OWASP-Cheat-Sheet-Series.pdf
  • 25 - What are insecure direct object references.mp4
    02:15
  • 26 - Like this course Check Out My Software Quality Course.mp4
    02:37

    • Description

    Learn OWASP top 10 risks! Jumpstart your cyber security career; increase earnings! Cyber Security | CISO | Ransomware

    What You'll Learn?

    • Be confident in explaining the OWASP top 10 during an interview
    • Explain all OWASP top 10 threats short and impactful to get attention of managers
    • Explain the impact per threat for your business
    • Understand how the OWASP top 10 threats can be executed by attackers
    • Understand how the OWASP top 10 threats may be mitigated
    • Explain 'Injection' to your mom/dad
    • Explain 'Insecure Deserialisation' to your non technical friends
    • Understand best practices such as Defense in Depth and STRIDE
    • CISO level understanding of OWASP

    Who is this for?

  • (Project) managers that lead software projects
  • Software architects that want to explain the OWASP top 10 to product owners
  • Software engineers that want to advance their career
  • Anyone interested in the basics of web application security, explained in layman’s terms
  • Pentesters / Red team that need foundational understanding
  • Recruiters that want to challenge software engineers
  • Product Owners that care about their product

    • What You Need to Know?

  • Interest in understanding of the concepts
  • No coding or programming experience needed
  • Open mind and a willingness to learn

    • More details

    Description

    + Get instant access to course slides!
    + Get instant access to FREE resources to scan your website
    + Easy to understand how-to videos!
    + Access to instructor if you ever get stuck!

    Within 1,5 hour you will be able to explain web application security without having to code. For your convenience:

    • I've combined the OWASP 2017 and OWASP 2013 top 10 list into a single list of 10 common web application security threats.

    • I've updated the course with the latest threats added by OWASP in 2021.

    I will teach you the most common threats identified by the Open Web Application Security Project (OWASP). This course will jumpstart your cyber security career!
     
    Overview
    1) Understand the OWASP top 10,
    2) Explain impact per security threat, 
    3) Understand these threats can be executed by attackers / pentesters / hackers
    4) Explain how these security threats can be mitigated 

    You will be able to understand the above-mentioned points without having to understand code. When implemented properly, it will decrease the impact of ransomware.

    How is that possible?
    The threats are explained conceptually, since the implementation of a threat may differ per situation. Therefore, having a general understanding of the security threats, its implications and potential solutions will provide you with the essential knowledge to mitigate the impact of these web application security threats. Hence, no security coding or security testing experience needed.

    Content (the course is updated continuously thus this list will grow!)

    • Injection

    • Broken Authentication and Session Management

    • Cross-Site Scripting

    • Broken Access Control

    • Security Misconfiguration

    • Sensitive Data Exposure

    • Insufficient Attack Protection

    • Cross-Site Request Forgery

    • Using Components with Known Vulnerabilities

    • Underprotected APIs

    • XML External Entities (XXE)

    • Insecure Deserialisation

    • Insufficient logging and monitoring

    • Cryptographic Failures

    • Insecure Design

    • Software and Data Integrity Failures 

    • Server-Side Request Forgery

    My Promise to You

    I'm a full time CISO / cyber security consultant and online teacher. I'll be here for you every step of the way. If you have any questions about the course content or anything related to this topic, you can send me a direct message.

    What makes me qualified to teach you?

    My name is Soerin and I've been a cyber security consultant and teacher of cyber security for over a decade. I teach over 90,000 students online, 2.000 offline and have accumulated hundreds of 5-star reviews like these:

    • "I really like this format of short videos followed by a couple of questions, it is certainly my favorite way to learn." Camilla from Brazil

    • "Really great structure, I love the "What is it?" -> "what is the impact?" -> "prevention tactics" aspect of it because it allows for a much more easy to follow course." Jason from USA

    • "Great resources and very time-efficient. No extra unnecessary stuff, just the main points!"  Emma from UK

    Besides experience as a Chief Information Security Officer (CISO) at several large Dutch organisations I hold the following certifications:

    • Togaf Foundation

    • Certified Information Systems Auditor (CISA)

    • ISO 27001 Lead Auditor

    • ISO 27001 Lead Implementer

    • Leading Scaled Agile Framework

    • Certified Information Systems Security Professional (CISSP)

    • Certified Information Privacy Professional (CIPP / Europe)

    • Certified SCRUM Master

    • Certified Secure Software Lifecycle professional (CSSLP)

    • Azure Fundamentals (AZ-900)

    • PRINCE 2 foundation

    • International Software Testing Qualifications Board (ISTQB)


    I have a 30-day 100% money back guarantee, so if you aren't happy with your purchase, I will refund your course - no questions asked!


    I can't wait to see you in the course!
    Keep learning about Cyber Security to prevent Ransomware from the perspective of a CISO!
    Enrol now, and I'll help you in your journey understanding Web Application Security better than ever before!

    Cheers,
    Soerin

    Who this course is for:

    • (Project) managers that lead software projects
    • Software architects that want to explain the OWASP top 10 to product owners
    • Software engineers that want to advance their career
    • Anyone interested in the basics of web application security, explained in layman’s terms
    • Pentesters / Red team that need foundational understanding
    • Recruiters that want to challenge software engineers
    • Product Owners that care about their product

    User Reviews
    Rating
    0
    0
    0
    0
    0
    average 0
    Total votes0
    Focused display
    Category

    Web App Development

    Network Security

    Soerin Bipat
    Soerin Bipat
    Instructor's Courses
    Soerin is a dedicated PhD candidate with 15+ years experience as information technology consultant. He specialises in teaching university students and clients in a wide range of topics (e.g. information security, research, software engineering, project management and statistics). He loves to read business related books, watch anime, and to work out. Your success in every way is important to me!
    Udemy
    Udemy
    View courses Udemy
    Students take courses primarily to improve job-related skills.Some courses generate credit toward technical certification. Udemy has made a special effort to attract corporate trainers seeking to create coursework for employees of their company.
    • language english
    • Training sessions 26
    • duration 1:27:28
    • English subtitles has
    • Release Date 2024/03/10

    Courses related to Web App Development

    Vite js bundler : Build fast modern Webapp ( 2023 )
    Udemy Gaurav Soni
    Gaurav Soni
    Vite js bundler : Build fast modern Webapp ( 2023 )
    3:46:31
    10/07/2023
    OAuth2 and OIDC demystified: with hands-on using Keycloak
    Udemy
    OAuth2 and OIDC demystified: with hands-on using Keycloak
    44:24
    01/19/2025
    Full Stack Web Development Project
    Udemy Vishal soni
    Vishal soni
    Full Stack Web Development Project
    8:50:30
    12/13/2023

    Courses related to Network Security

    Subtitle
    Detecting Anomalies and Events with Packetbeat
    Pluralsight Owen Dubiel
    Owen Dubiel
    Detecting Anomalies and Events with Packetbeat
    36:36
    English subtitles
    05/13/2023
    CrowdStrike: For SOC Analysts
    Udemy Hailie Shaw
    Hailie Shaw
    CrowdStrike: For SOC Analysts
    5:16:02
    09/06/2023
    Subtitle
    Security Operations and Administration for SSCP®
    Pluralsight Kevin Henry
    Kevin Henry
    Security Operations and Administration for SSCP®
    4:12:22
    English subtitles
    12/08/2022