Overview

Established in 2001, the Open Web Application Security Project (OWASP) offers free security tools and resources to help organizations protect critical apps. Cybrary’s OWASP training course covers the organization’s popular “Top 10” risk assessment.

Course Content

Module 12: Course Summary

Course Description

This course will cover the OWASP Top 10 (2017). The OWASP (Open Web Application Security Project) foundation was formed back in the early 2000?s to support the OWASP project. The main goal is to improve application security by providing an open community, where organizations and individuals can collaborate. In this course, we will cover the following from the 2017 version of the OWASP Top Ten list: A1: Injection A2: Broken Authentication A3: Sensitive Data Exposure A4: XML External Entities (XXE) A5: Broken Access Control A6: Security Misconfiguration A7: Cross-Site Scripting (XSS) A8: Insecure Deserialization A9: Using Components with Known Vulnerabilities A10: Insufficient Logging & Monitoring

What is OWASP Training?

OWASP was created to help organizations and IT pros better manage the emerging impact of application security risks. With companies now using hundreds or thousands of unique applications per day — often deployed without approval by “shadow IT” users — it’s critical for technology experts to understand the current risk landscape and prepare to meet emerging threats.

Cybrary’s OWASP security training focuses on the project’s regularly-updated “Top 10” risks list, providing infosec pros with the knowledge they need to identify and combat critical IT concerns.

How Do I Learn OWASP?

OWASP itself covers a broad array of security topics including software assurance, development, testing, code review and application security verification. The Top 10 list offers an ideal starting point for OWASP training since it provides actionable knowledge to help IT pros defend against current organizational threats.

The course is recommended for infosec pros with at least two years in a security-related position. As part of a plan to improve existing operational security or for IT professionals to improve their job outlook, OWASP training is ideal.

What’s Covered in OWASP Security Training?

Cybrary’s OWASP offering covers the most recent Top 10 risk assessment, which was released in 2017. These risks include:

  • Injection — Injection flaws such as SQL, NoSQL, OS and LDAP allow attackers to gain privileged access by sending untrusted data as part of a common query. Learn to identity and remediate injection risks with our OWASP offering.
  • Broken Authentication — Improper authentication lets attackers gain access to network services or spoof user accounts. Training from Cybrary helps IT pros find and eliminate authentication issues.
  • Sensitive Data Exposure — Web apps and third-party APIs don’t always protect data in transit or at rest. Improved knowledge of encryption and obfuscation reduces the chance of a critical data breach.
  • Broken Access Control — Permissions and restrictions are essential to ensure corporate application access is effectively gated and controlled. Improper deployment and enforcement, however, can lead to serious security issues. Our OWASP coursework helps IT pros identify access concerns before they put users (and data) at risk.
  • Security Misconfiguration — The most commonly-seen issue on OWASP’s Top 10, security misconfiguration is often the result of limited (or absent) infosec policy. Learn how to create and implement effective security controls, schedule regular upgrades and assess current configurations.
  • Cross-Site Scripting (XSS) — Still one of the most popular threat vectors, XSS attacks occur whenever apps use untrusted data in a new web page without proper permission. Cybrary’s OWASP training can help IT pros recognize and mitigate common XSS risks.
  • Insecure Deserialization — Deserialization flaws can lead to remote code, replay, injection and privilege escalation attacks. Learn to spot these flaws before they cause serious harm.
  • Using Components with Known Vulnerabilities — Given the sheer number of apps now used by organizations, it makes no sense to build applications from the ground up. The solution? Open-source and third-party APIs and other components that permit common functions. The risk? Known (and unknown) vulnerabilities that can compromise privileged applications to cause data loss or server takeover. Cybrary training helps infosec experts balance speed and security in enterprise application deployment.
  • Insufficient Logging and Monitoring — What you don’t know can hurt you. Insufficient or absent logging and monitoring makes it easier for attackers to gain application footholds, exploit key services and maintain network persistence. Reduce the time to detection and improve remediation with OWASP security training.

How Do I Complete OWASP Certification?

As noted by the OWASP website, the organization does not offer any formal certification options. Knowledge of Top 10 risks and how to mitigate them, however, is valuable across industries and corporate infrastructures.

That’s why successful completion of Cybrary’s OWASP training course includes an OWASP Certificate of Completion, in turn providing tangible proof of improved skills and knowledge and empowering long-term IT career progression.

Even better? Cybrary is committed to free IT training for everyone, everywhere — and that includes our OWASP Top 10 2017 course. Need even more in-depth coursework? Become an Insider Pro and get access to more than 700 apps including virtual labs, practice tests and capture-the-flag challenges along with guided mentor support and industry certification preparation.