Test your OWASP knowledge and earn credit.

Test your OWASP knowledge and earn credit.

Why is OWASP important? There is a frequent question we get from each of our client organizations at least twice a year and that is, “Does your organization adhere to the OWASP Top 10 and is it part of your software development life cycle (SDLC)?”

OWASP

Well, currently, there are no certification exams and no formal training available so how do you prove it? We decided to compile a short 10 question quiz that will allow anyone to learn about the OWASP Top 10 and test their knowledge after each brief segment. If you need credit, save your results.

You will need to create a free account to access the training material.

Enjoy!

We offer this resource freely to everyone. We do ask you to check out our other Proactive Cyber Security services too.

OWASP Top 10 Threats and Mitigations with Bonus Courseware

Module Overview

The OWASP Top 10 defines and describes the most common and severe web application threats that developers face. We have also included bonus sections which go beyond the current OWASP Top 10.

As a developer, you need to understand these threats and take precautionary measures at every stage of product development to mitigate them.

Topics covered in this review

Security Principles

  • Threat 1: Injection
  • Threat 2: Broken Authentication
  • Threat 3: Sensitive Data Exposure
  • Threat 4: XML External Entities (XXE)
  • Threat 5: -Broken Access Control
  • Threat 6: Security Misconfiguration
  • Threat 7: Cross-Site Scripting (XSS)
  • Threat 8: -Insecure Deserialization
  • Threat 9: Using Components with Known Vulnerabilities
  • Threat 10: Insufficient Logging and Monitoring

Bonus Section

  • Threat 11: Unvalidated Redirects and Forwards
  • Threat 12: Insecure Cryptographic Storage
  • Threat 13: Failure to Restrict URL Access
  • Threat 14: Insufficient Transport Layer Protection
  • Threat 15: Cross-Site Request Forgery (CSRF)

Module Objectives

After completing this course, you will be able to:

  • Explain the key security principles related to the OWASP top 10 and Bonus Course-ware.
  • Identify and explain the ten threats in the OWASP Top 10 and Bonus Course-ware.
  • Explain mitigation techniques for the 10 identified threats and Bonus Course-ware.

Security Principles

Let’s look at three key security principles related to the OWASP Top 10 threats. During this course, you will learn about the concepts associated with each of the Top 10 threats and Bonus Course-ware. Additionally, you will learn about the techniques that you can use to mitigate each threat.

Input is Evil

Much of security is related to input and a user’s ability to interact with and control that input. You should always mistrust and question user input everywhere that it is accepted in your application. Always remember that any input you receive could be malicious and you need to validate it before you trust it.

TOCTOU

Time of Check versus Time of Use, or TOCTOU describes the temporality of computing. Although it is convenient to think of a computer program as a series of instructions, starting at a method and going sequentially until it reaches its completion, remember that this interpretation is only an abstraction. Even though you might check input, state, or data at one point in time, an attacker may be able to control some aspect of the program between the time that the resource is checked and the time that the resource is used, which can lead to illegitimate access to the resource.

Dynamic Threat Environment

Finally, remember that the world is constantly changing and chaotic, with new threats developing and manifesting every single day. A system that was secure in the past may not be secure against new threats. You need to have a consistent and reproducible plan to handle evolving threats.