DES 721: OWASP Top Ten - Threats and Mitigations
This course introduces students to OWASP and the Top 10 Project, and covers in detail each of the OWASP Top 10 Web Application Vulnerabilities. The instructor will provide examples and demonstrations of the vulnerabilities and exploits, and describe remediation techniques and best practices to avoid them. Specific examples include the usage of built-in and 3rd party functions, and libraries for Java and .NET.
The class will utilize "Super Secure Bank," a vulnerable web application developed by our experts to demonstrate and teach web application security issues. Student will have the opportunity to see the vulnerabilities in action, and personally perform live exploits against the application to reinforce the principles introduced.
If the one-day option is selected, each OWASP Top 10 vulnerability will be covered, but will not include hands-on labs.
If the two-day option is selected, labs for most of the OWASP Top 10 are included.
Particular focus will be placed upon the most common and serious OWASP Top 10 vulnerabilities, including:
- Cross-Site Scripting (XSS)
- SQL Injection (SQLi)
- Cross-Site Request Forgery (CSRF)
- Broken Authentication & Session Management
Introduction to Web Application Security
This module provides an overview of the OWASP and what the OWASP Top 10 means from a development perspective.
Testing Web Applications with a Proxy
The instructor will introduce Burp Web Proxy and discuss how it can be effectively leveraged to test common web applications. Topics include:
- Obtaining, installing and running Burp
- How to configure the environment/applications for Burp
- Fundamental usage of the proxy
OWASP Top 10 in Detail
For each Top 10 vulnerability, the instructor will describe the risk and impact, and how to detect and remediate the vulnerability.