OWASP Top 10 2017 Update
Interactive

OWASP Top 10 2017 Update

LearnNow Online
Updated Aug 23, 2018

Course description

The Open Web Application Security Project focuses on improving the security of software .The OWASP Top 10 is a powerful awareness document for web application security and represents a broad consensus about the most critical security risks to web applications. This course discusses the updates to the Top 10 and how threats have changed.

Each LearnNowOnline training course is made up of Modules (typically an hour in length). Within each module there are Topics (typically 15-30 minutes each) and Subtopics (typically 2-5 minutes each). There is a Post Exam for each Module that must be passed with a score of 70% or higher to successfully and fully complete the course.


Prerequisites

It would be helpful to have watched the previous OWASP courses as man of the threats still exist: OWASP, Part 1: Avoiding Hacker Tricks - OWASP, Part 2: Forgery and Phishing - OWASP, Part 3: Threats and Session Security - OWASP, Part 4: Misconfiguration and Data Encryption


Meet the expert

Robert Hurlbut

Robert Hurlbut is a software security architect and trainer. He is a Microsoft MVP for Developer Security / Visual Studio and Development Technologies and he holds the (ISC)2 CSSLP security certification. Robert has 30 years of industry experience in secure coding, software architecture, and software development and has served as a project manager, director of software development, chief software architect, and application security champion for several companies. He speaks at user groups, national and international conferences, and provides training for many clients.

Video Runtime

85 Minutes

Time to complete

148 Minutes

Course Outline

OWASP 2017 Update

Objectives and Overview (02:57)

  • Introduction (00:29)
  • About This Course (00:29)
  • Previous Courses (00:45)
  • Related Courses (00:26)
  • Outline (00:39)
  • Summary (00:08)

History (08:47)

  • Introduction (00:08)
  • OWASP Top 10 2017: History (00:09)
  • OWASP Top 10 (01:01)
  • Web Application Security Risks (02:01)
  • Why Revisited (02:29)
  • OWASP Top 10 2017: History (02:49)
  • Summary (00:08)

Process (08:04)

  • Introduction (00:08)
  • OWASP Top 10 2017: Process (00:07)
  • New Approaches to the OWASP Top 10 2017 (02:08)
  • Changes to OWASP Top 10: 2013 to 2017 (05:31)
  • Summary (00:08)

Finding OWASP (03:19)

  • Introduction (00:08)
  • Demo: Finding OWASP (01:50)
  • Demo: OWASP Wiki (00:59)
  • Summary (00:21)

XML External Entities (09:38)

  • Introduction (00:23)
  • A4: XML External Entities (01:55)
  • Examples (02:40)
  • Remote Code Execution (01:49)
  • Revealing Files (01:18)
  • How to Prevent XXE (01:22)
  • Summary (00:08)

XXE Demo (15:05)

  • Introduction (00:08)
  • XXE Demo (06:26)
  • Unsafe XDocument (05:04)
  • Java XXE (03:17)
  • Summary (00:08)

XML XXE DOTNET Demo (05:42)

  • Introduction (00:08)
  • XML XXE Demo (02:24)
  • XML Bomb (02:54)
  • Summary (00:16)

Insecure Deserialization (09:55)

  • Introduction (00:21)
  • A8: Insecure Deserialization (03:48)
  • Examples (03:04)
  • How to Prevent Insecure Deserialization (02:32)
  • Summary (00:08)

Insecure Deserialize Demo (08:50)

  • Introduction (00:08)
  • Insecure Deserialize Demo (03:52)
  • Solutions (04:27)
  • Summary (00:23)

Insufficient Logging and Monitoring (08:02)

  • Introduction (00:19)
  • A10: Insufficient Logging and Monitoring (03:21)
  • Example Attack Scenarios (02:00)
  • How to Prevent (02:02)
  • Summary (00:18)

The Future of OWASP (04:50)

  • Introduction (00:11)
  • Future OWASP Top 10 (00:49)
  • OWASP Top 10: A Starting Place (00:59)
  • Other OWASP Resources (02:37)
  • Summary (00:12)