This Course is part of a Career Path: Become a Penetration Tester
Module 2: Injection
Module 3: Broken Authentication
Module 4: Sensitive Data Exposure
Module 5: XML External Entities
Module 6: Broken Access Control
Module 7: Security Misconfiguration
Module 8: Cross-Site Scripting (XSS)
Module 9: Insecure Deserialization
Module 10: Using Components with Known Vulnerabilities
Module 11: Insufficient Logging & Monitoring
LEARN MORE. ACHIEVE MORE.
LEARN MORE. ACHIEVE MORE.
This course will cover the OWASP Top 10 (2017). The OWASP (Open Web Application Security Project) foundation was formed back in the early 2000's to support the OWASP project. The main goal is to improve application security by providing an open community, where organizations and individuals can collaborate.
What is OWASP Training?
OWASP was created to help organizations and IT professionals better manage the emerging impact of application security risks. With companies now using hundreds or thousands of unique applications per day — often deployed without approval by “shadow IT” users — it’s critical for technology experts to understand the current risk landscape and prepare to meet emerging threats.
Cybrary’s OWASP security training focuses on the project’s regularly-updated “Top 10” risks list, providing infosec professionals with the knowledge they need to identify and combat critical IT concerns.
How Do I Learn OWASP?
OWASP itself covers a broad array of security topics including software assurance, development, testing, code review, and application security verification. The Top 10 list offers an ideal starting point for OWASP training since it provides actionable knowledge to help IT professionals defend against current organizational threats.
What’s Covered in OWASP Security Training?
Cybrary’s OWASP offering covers the top 10 security risks, which was released in 2017. These risks include:
- Injection — Injection flaws such as SQL, NoSQL, OS and LDAP allow attackers to gain privileged access by sending untrusted data as part of a common query. Learn to identity and remediate injection risks with our OWASP offering.
- Broken Authentication — Improper authentication lets attackers gain access to network services or spoof user accounts. Training from Cybrary helps IT pros find and eliminate authentication issues.
- Sensitive Data Exposure — Web apps and third-party APIs don’t always protect data in transit or at rest. Improved knowledge of encryption and obfuscation reduces the chance of a critical data breach.
- Broken Access Control — Permissions and restrictions are essential to ensure corporate application access is effectively gated and controlled. Improper deployment and enforcement, however, can lead to serious security issues. Our OWASP coursework helps IT pros identify access concerns before they put users (and data) at risk.
- Security Misconfiguration — The most commonly-seen issue on OWASP’s Top 10, security misconfiguration is often the result of limited (or absent) infosec policy. Learn how to create and implement effective security controls, schedule regular upgrades and assess current configurations.
- Cross-Site Scripting (XSS) — Still one of the most popular threat vectors, XSS attacks occur whenever apps use untrusted data in a new web page without proper permission. Cybrary’s OWASP training can help IT pros recognize and mitigate common XSS risks.
- Insecure Deserialization — Deserialization flaws can lead to remote code, replay, injection and privilege escalation attacks. Learn to spot these flaws before they cause serious harm.
- Using Components with Known Vulnerabilities — Given the sheer number of apps now used by organizations, it makes no sense to build applications from the ground up. The solution? Open-source and third-party APIs and other components that permit common functions. The risk? Known (and unknown) vulnerabilities that can compromise privileged applications to cause data loss or server takeover. Cybrary training helps infosec experts balance speed and security in enterprise application deployment.
- Insufficient Logging and Monitoring — What you don’t know can hurt you. Insufficient or absent logging and monitoring makes it easier for attackers to gain application footholds, exploit key services and maintain network persistence. Reduce the time to detection and improve remediation with OWASP security training.
How Do I Complete OWASP Certification?
The OWASP organization does not offer any formal certification options. Knowledge of Top 10 risks and how to mitigate them is valuable across industries and corporate infrastructures.
Upon completing this course, you will receive a certificate of the completion providing tangible proof of improved skills and knowledge and empowering long-term IT career progression.
Need even more in-depth coursework? Become an Insider Pro and get access to more than 700 apps including virtual labs, practice tests, and capture-the-flag challenges along with guided mentor support and industry certification preparation.
Certificate of Completion
Complete this entire course to earn a OWASP Certificate of Completion
See the full benefits of our immersive learning experience with interactive courses and guided career paths.