Synopsys Enters into Definitive Agreement for Sale of Application Security (Software Integrity Group) Learn More

close search bar

Sorry, not available in this language yet

close language selection

OWASP Top 10

Course Description

The OWASP Top 10 is a valuable tool for understanding some of the major risks in web applications today from an attacker's perspective. This course highlights the lessons of the 2021 OWASP Top 10.

Learning Objectives

  • Discuss the role of security in the software development life cycle and how best to create secure applications
  • Recognize how these software security defects are exploited
  • Discuss discovery methods for these issues
  • Implement the practices that help prevent the most common mistakes to ensure more secure software


Delivery Format: eLearning

Duration: 1 ½ Hours 

Level: Beginner

Intended Audience:

  • Architects
  • Back-End Developers
  • Enterprise Developers
  • Front-End Developers
  • Mobile Developers

Prerequisites: None

Course Outline


  • Introduction to the OWASP Top 10

Broken Access Control

  • Access Control Introduction
  • Function-Level Access Control Introduction
  • Strategies
  • Insecure Direct Object References: In a Nutshell
  • Giving Your Friends Admin Access to Any Business Page on Facebook

Cryptographic Failures

  • Handling Sensitive Data Securely
  • Real-Life Cryptography Failures


  • SQL Injection
  • Command Injection
  • Cross-Site Scripting
  • Injection Attacks Are Still an Issue!

Insecure Design

  • Security Requirements
  • Secure Design
  • Threat Modeling
  • Example: Meltdown and Spectres

Security Misconfiguration

  • Protection
  • Accidental Leaks

Vulnerable and Outdated Components

  • Securing Third-Party Software Components
  • An Upstream Bug

Identification and Authentication Failures

  • Authentication Overview
  • Session Security Overview
  • Session Security Considerations
  • Authentication Security
  • Zoom Authentication Issues
  • Authentication Solutions: Build Versus Buy

Software and Data Integrity Failures

  • Software Integrity
  • Insecure Deserialization
  • Security in the Software Supply Chain

Security Logging and Monitoring Failures

  • Insufficient Logging and Monitoring
  • Logging and Monitoring Best Practices
  • Logging Technologies
  • Security Logging Interfaces

Server-Side Request Forgery (SSRF)

  • Capital One Attack
  • Technical Vulnerability
  • Attacks and Exploits Defense


Developer Security Training

Equip development teams with the skills and education to write secure code and fix issues faster