Course Catalog / Subject / OWASP Web

OWASP Web

These courses are aimed to educate developers, designers, architects, managers, and organizations about the consequences of OWASP 2021 Top 10 most common and most important web application security weaknesses. Organizations that address these flaws greatly reduce the risk of web applications being compromised, courses also provide testing strategies to identify the flaws in web applications. As part of our customer success program, we can help suggest courses that meet multiple compliance mandates and reduce off the bench time. Download our compliance mapping to preview a list of language-specific courses that cover OWASP Top Ten vulnerabilities.

View All Courses Download Course Catalog

COD 108 – Software Operations and Maintenance

Course Catalog / Subject / OWASP Web

OWASP Web

AWA 101 – Fundamentals of Application Security

AWA 102 – Secure Software Concepts

COD 104 – Designing Secure Software

COD 105 – Secure Software Development

COD 106 – The Importance of Software Integration and Testing

COD 107 – Secure Software Deployment

COD 108 – Software Operations and Maintenance

COD 215 – Mitigating .NET Application Vulnerabilities (NEW)

COD 246 – PCI DSS Requirement 3: Protecting Stored Cardholder Data

COD 247 – PCI DSS Requirement 4: Encrypting Transmission of Cardholder Data

COD 248 – PCI DSS Requirement 6: Develop and Maintain Secure Systems and Applications

COD 249 – PCI DSS Requirement 11: Regularly Test Security Systems and Processes

COD 256 – Creating Secure Ruby on Rails Foundations

COD 288 – Java Public Key Cryptography

COD 309 – Securing ASP.NET MVC Applications (UPDATED)

DES 233 – Mitigating OWASP 2021 Identification and Authentication Failures

DES 234 – Mitigating OWASP 2021 Cryptographic Failures

DES 235 – Mitigating OWASP 2021 Insecure Design

DES 236 – Mitigating OWASP 2021 Broken Access Control

DES 237 – Mitigating OWASP 2021 Security Misconfiguration

DES 238 – Mitigating OWASP 2021 Server-Side Request Forgery (SSRF)

DES 239 – Mitigating OWASP 2021 Software and Data Integrity Failures

DES 240 – Mitigating OWASP 2021 Vulnerable and Outdated Components

DES 241 – Mitigating OWASP 2021 Security Logging and Monitoring Failures

ENG 320 – Using Software Composition Analysis (SCA) to Secure Open-Source Components

LAB 111 – Identifying Server-Side Request Forgery

LAB 113 – Identifying Cryptographic Failures

LAB 114 – Identifying Cookie Tampering

LAB 115 – Identifying Reflective XSS

LAB 116 – Identifying Forceful Browsing

LAB 117 – Identifying Hidden Form Field

LAB 118 – Identifying Weak File Upload Validation

LAB 119 – Identifying Persistent XSS

LAB 120 – Identifying XML Injection

LAB 121 – Identifying Vulnerable and Outdate Components

LAB 124 – Identifying Horizontal Privilege Escalation

LAB 125 – Identifying Buffer Overflow

LAB 126 – Identifying Information Leakage

LAB 127 – Identifying Security Logging and Monitoring Failures

LAB 128 – Identifying Unverified Password Change

LAB 129 – Identifying Error Message Containing Sensitive Information

LAB 130 – Identifying Generation of Predictable Numbers or Identifiers

LAB 131 – Identifying Improper Restriction of XML External Entity Reference

LAB 133 – Identifying Exposure of Sensitive Information Through Environmental Variables

LAB 134 – Identifying Plaintext Storage of a Password

LAB 135 – Identifying URL Redirection to Untrusted Site

LAB 136 – Identifying Improper Neutralization of Script in Attributes in a Web Page

LAB 137 – Identifying Improper Authorization

LAB 138 – Identifying Authorization Bypass Through User-Controlled Key

LAB 139 – Identifying Use of a Key Past its Expiration Date

LAB 211 – Defending Java Applications Against Credentials in Code Medium

LAB 212 – Defending Python Applications Against Credentials in Code Medium

LAB 213 – Defending Node.js Applications Against Credentials in Code Medium

LAB 214 – Defending C# Applications Against Credentials in Code Medium

LAB 215 – Defending Java Applications Against Business Logic Error for Input Validation

LAB 216 – Defending Python Applications Against Business Logic Error for Input Validation

LAB 217 – Defending Node.js Applications Against Business Logic Error for Input Validation

LAB 218 – Defending C# Applications Against Business Logic Error for Input Validation

LAB 220 – Defending Against Hard-Coded Secrets

LAB 221 – Defending C# Applications Against SQL Injection

LAB 222 – Defending Python Applications Against SQL Injection

LAB 223 – Defending Node.js Applications Against SQL Injection

LAB 224 – Defending Java Applications Against Forceful Browsing

LAB 225 – Defending Python Applications Against Forceful Browsing

LAB 226 – Defending Node.js Applications Against Forceful Browsing

LAB 227 – Defending C# Applications Against Forceful Browsing

LAB 228 – Defending Java Applications Against Weak AES ECB Mode Encryption

LAB 229 – Defending Java Applications Against Weak PRNG

LAB 230 – Defending Java Applications Against XSS

LAB 231 – Defending Python Applications Against XSS

LAB 232 – Defending C# Applications Against XSS

LAB 233 – Defending Node.js Applications Against XSS

LAB 234 – Defending Java Applications Against Parameter Tampering

LAB 235 – Defending Java Applications Against Plaintext Password Storage

LAB 236 – Defending Java Applications Against Sensitive Information in Error Messages

LAB 237 – Defending Java Applications Against SQL Injection

LAB 238 – Defending C# Applications Against Weak AES ECB Mode Encryption

LAB 239 – Defending C# Applications Against Weak PRNG