John Wagnon

As web applications continue to grow in number and popularity, it becomes increasingly important to understand the security risks that are present in these applications. These risks include things like Injection Attacks, Security Misconfiguration, Broken Authentication, XML Attacks, Cross-Site Scripting and many more! In this path, you will learn how the Top Ten list is created, and you will gain a solid understand of each security risk. While the information in the OWASP Top Ten is technical and can be difficult to understand at times, John does a great job of clearly explaining each topic in a very easy-to-understand way. He uses a mix of slides, pictures, videos, real-world examples and demos to help you understand the material. As you progress through each course, you will have the knowledge necessary to know if your web application is vulnerable to any of these risks, and you will understand how to protect yourself from attackers who want to exploit these vulnerabilities.

We will then examine Vulnerable and Outdated Components, Identification and Authentication Failures, Software and Data Integrity Failures, Security Logging and Monitoring Failures, and Server-Side Request Forgery (SSRF). After we complete our look at the current OWASP Top Ten, we will examine three very relevant security risks that were merged into larger topics in the OWASP Top Ten 2021 list. It’s still important to know the details of how these risks work. We will explore XML External Entities (XXE), Cross-Site Scripting (XSS) and Insecure Deserialization.