OWASP Top 10 Web Application Security Risks for SPRING BOOT By Troy Hunt This course introduces the OWASP Top 10 Most Critical Web Application Security Risks including how to demonstrate and mitigate them in SPRING BOOT.
Description Web applications today are being hacked with alarming regularity by hacktivists, online criminals, and nation states.
Very frequently, it is the same prevalent security risks being exploited which is why the Open Web Application Security Project (OWASP) developed their list of Top 10 Most Critical Web Application Security Risks to help developers build more secure software.
This course helps developers apply the Top 10 in SPRING BOOT using both web forms and MVC by walking through an overview of the risk, demonstrating how it can be exploited in .NET and then delving into the various approaches available to mitigate it by applying security in depth. Unless you try to exploit a vulnerability yourself, no reading will give you the required know-how to fully understand the impact and look for and avoid such weaknesses in your applications.
To become a better professional, you should have a great understanding of the most critical web application security risks. This is mandatory for IT students, job seekers, software developers, testers, and application managers.
The OWASP Top 10 “is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications”.
This course follows a hands-on approach: you’ll exploit at least ten vulnerabilities in a deliberately vulnerable web application. In each session, we will review and briefly discuss a single OWASP Top 10 risk and then you’ll be guided to search and exploit that weakness in the target application. Since you’ll have access to the web application source code, you’ll be able to spot the vulnerable source code and fix it.
After completing this course, you’ll be comfortable to answer security-related questions in your next job interview or bring security into your organization and into the Software Development Life Cycle (SDLC).
Course FAQ Who is OWASP? OWASP is the Open Web Application Security Project - a global nonprofit organization whose focus is on improving web security.
What is the OWASP Top 10? OWASP publishes a Top Ten list of the current most vulnerable security risks posed to web applications.
Is my web app vulnerable? Something to remember is that nobody is safe from determined attackers - but don't let yourself be a low-hanging fruit.
What will I learn in this course? While the OWASP Top 10 is technology agnostic, in this guide, we will be looking specifically at SPRING BOOT security.
What prerequisites are needed? You will need a working knowledge of the .NET platform as this course is designed to show you how to locate and how to implement security in SPRING BOOT web applications.
Who is this course for? This course is aimed at developers who want to protect their web apps from common security exploits.
Threat Analysis 00:02:37 Exploitation 00:04:48 Mitigation
Description Course Overview
Chapter 1: World Wide Web Fundamentals
Chapter 2: Injection Flaws
Chapter 3: Broken Authentication
Chapter 4: Sensitive Data Exposure
Chapter 5: XML External Entities
Chapter 6: Broken Access Control
Chapter 7: Security Misconfiguration
Chapter 8: Cross-Site Scripting (XSS)
Chapter 9: Insecure Deserialization
Chapter 10: Using Components with Known Vulnerabilities
Chapter 11: Insufficient Logging & Monitoring