OWASP top 10: Web Application Security for beginners

  • CategoryOther
  • TypeTutorials
  • LanguageEnglish
  • Total size294.6 MB
  • Uploaded Bytutsnode
  • Downloads78
  • Last checkedAug. 12th '22
  • Date uploadedAug. 11th '22
  • Seeders 38
  • Leechers11

Infohash : 2B5781145A904C07DD3D2E1BDF238BF86BD86FA0


Description

[UPDATED in 2021]
Within 1,5 hour you will understand web application security without having to code. This course will jumpstart your security career.

I will teach you the 10 most common threats identified by the Open Web Application Security Project (OWASP). At the end of the course you will learn:

1) what the OWASP top 10 threats and are,
2) the impact per security threat for your business
3) how these security threats can be executed by attackers / pentesters / hackers
4) how these security threats can be mitigated

You will able to understand the above-mentioned points without having to understand code…
For your convenience I’ve combined the OWASP 2017 and OWASP 2013 top 10 list into a single list of 10 common web application security threats.

How is that possible?
The threats are explained conceptually, since the implementation of a threat may differ per situation. Therefore, having a general understanding of the security threats, its implications and potential solutions will provide you with the essential knowledge to mitigate the impact of these web application security threats. Hence, no security coding or security testing experience needed.

So, after following this course am I able to develop code-based solutions for the top 10 threats?
No. This course will teach you the basic concepts behind the 10 most common web application security threats so that you can critically question and discuss these security issues with software/operational engineers.

Uhm, after following this course I’m a full-fledged security expert, right?
Depends on the knowledge of the person that is judging your expertise. Most likely this won’t be the case.

What!?! Why should I enroll?
Only enroll when you are new to secure coding, secure web development and want a complete beginners’ perspective on web application security. This course is specifically developed for:

– (Project) managers that lead software projects, but have no clue how software engineers could mitigate potential security issues
– Recruiters hiring software engineers
– Software engineers that want to refresh their knowledge on web application security and secure coding principles
– Beginning red team, blue team, yellow and purple team members, hackers, or penetration testers
– Anyone interested in the basics of web application security or OWASP top 10 explained in layman’s terms

Ok, but there is already a lot of information on OWASP available on the web. So, what’s in it for me?
I thought you would never ask! This course differentiate itself from existing available information because:
– Existing OWASP documentation is technical and therefore difficult to comprehend (I’ll include some examples of technical documents as a resources that you may download).
– Unlike most other courses, you may actually claim 1 Continuing Professional Education (CPE) after finishing this course completely
– I’ll update this course with new videos on request or as significant security issues surface that have important implications for managers. Thus, over time this course may become your one-stop security education!
– I’ve included lots of documents that explain detailed mitigation strategies. Please note that these documents contain code and are therefore more suited for people that are implementing or testing security fixes.
– I’ve included lots of links to websites that provide comprehensive background information.
– That’s not it, there is more…

BONUS Material:
– Defense in depth. This is one of the basic security principles.
– Basic explanation of STRIDE (spoofing, tampering, repudiation, information disclosure, denial of service, elevation of privilege). I’ve also added privacy by design resources in this course. This means both security by design and privacy by design!
– Overview of a secure software development process. Build security into you delivery process
– Frequently asked questions. Ask a security question and I’ll answer it with a video.

Why include bonus material, is the main course not exciting enough?
Again, excellent question! Getting security right goes well beyond web application security. With the bonus material, I would like to inform you about the complementary measures that should be taken into account.

I’m fully convinced of the benefits, but I don’t see why I should learn all this from you.
True, let me explain by giving you an overview of my experience:
– Chief Information Security Officer (present). Managing Security, Privacy and Quality professionals. Responsible for implementing and maintaining a well balanced organisational risk posture;
– Security and privacy operations manager (2 years). Acting as a security liaison on strategic accounts, I monitor the security of 2500+ workstations, 500+ servers and 10+ firewalls and routers, report on the operational security status of European and Dutch law and integrate intelligence results from AVDS, Check Point, Nagios, Nessus, Palo Alto Traps,SCCM, SCEP, SEP, SCOM and SIEM;
– Parttime PhD Candidate (7 years – present). I read the science, you’ll get the knowledge! What more do you want?
– Software quality consultant (6,5 years). I’ve advised many managers of large / small IT projects on various software related aspects;
– IT auditor (1 year). I have closely worked with accountants and audited large governmental IT projects;
– Quality assurance engineer (3 years). I have implemented large IT systems for large companies.

You can find more details on LinkedIn on or my profile.

Go ahead and click the enroll button, and I’ll see you in lesson 1!

Cheers,
Soerin
Who this course is for:

(Project) managers that lead software projects
Recruiters hiring software engineers
Software engineers
Anyone interested in the basics of web application security, explained in layman’s terms

Requirements

Interest in (software) security
Pen and paper
Open mind and a willingness to learn

Last Updated 7/2022

Files:

OWASP top 10 Web Application Security for beginners [TutsNode.net] - OWASP top 10 Web Application Security for beginners 02 - Finalised top 10 in 2017
  • 003 Insufficient logging and monitoring - OWASP A102017.mp4 (23.7 MB)
  • 001 XML external entities - OWASP A42017.mp4 (9.0 MB)
  • 002 Insecure deserialization - OWASP A82017.mp4 (8.5 MB)
04 - Extra tips!
  • 002 Threat-Anlaysis-Stride-Model.xlsx (42.0 KB)
  • 001 Defense in depth.mp4 (16.6 MB)
  • 001 defense-in-depth-revisited-one-column.pdf (51.4 KB)
  • 002 STRIDE-links.docx (14.2 KB)
  • 003 Secure-development-process-links.docx (14.1 KB)
  • 003 Secure development processes.mp4 (13.4 MB)
  • 001 NCCIC-ICS-CERT-Defense-in-Depth-2016-S508C.pdf (7.3 MB)
  • 002 STRIDE.mp4 (6.4 MB)
  • 002 A-Modeling-Framework-for-Data-Protection-by-Design.pdf (1.8 MB)
  • 003 On-the-secure-software-development-process-CLASP-SDL-and-Touchpoints-compared.pdf (1.6 MB)
  • 003 Software-Security-in-Practice.pdf (1.6 MB)
  • 003 OWASP-Cheatsheets-Book.pdf (1.1 MB)
  • 003 Comparison-of-SDL-and-Touchpoints.pdf (441.7 KB)
  • 003 Software-security-building-security-in.pdf (385.5 KB)
01 - OWASP Top 10 Most Critical Web Application Security Risks
  • external-assets-links.txt (0.2 KB)
  • 007 Security Misconfiguration.mp4 (22.2 MB)
  • 001 ASVS-checklist-en.xlsx (67.0 KB)
  • 006 Broken-Access-Control-links.docx (38.0 KB)
  • 011 Using Components with Known Vulnerabilities.mp4 (14.6 MB)
  • 009 Insufficient-attact-protection-links.docx (15.6 KB)
  • 012 Underprotected-APIs-links.docx (14.2 KB)
  • 001 Introduction OWASP top 10 (2017).mp4 (14.2 MB)
  • 003 Injection.mp4 (13.8 MB)
  • 004 Root-Cause-Analysis-of-Session-Management-and-Broken-Authentication-Vulnerabilities.docx (122.2 KB)
  • 011 Using-components-with-known-vulnerabilities-links.docx (14.0 KB)
  • 007 Security-misconfiguration-links.docx (13.8 KB)
  • 008 Sensitive-data-exposure-links.docx (13.8 KB)
  • 005 Cross-site-scripting-links.docx (13.7 KB)
  • 008 Sensitive Data Exposure.mp4 (12.8 MB)
  • 010 Cross-Site Request Forgery (CSRF).mp4 (11.1 MB)
  • 012 Underprotected APIs.mp4 (10.4 MB)
  • 004 Broken Authentication and Session management.mp4 (10.3 MB)
  • 006 Broken Access Control.mp4 (8.2 MB)
  • 005 Cross-Site Scripting (XSS).mp4 (8.1 MB)
  • 007 Holistic-Web-Application-Security-Visualization-for-Multi-Project-and-Multi-Phase-Dynamic-Application-Security-Test-Results.pdf (6.1 MB)
  • 009 Insufficient Attack Protection.mp4 (5.7 MB)
  • 003 A-novel-technique-to-prevent-SQL-injection-and-cross-site-scripting-attacks.pdf (3.1 MB)
  • 010 Robust-defenses-for-cross-site-request-forgery.pdf (3.0 MB)
  • 002 UPDATED - OWASP top 10 (2021).mp4 (2.0 MB)
  • 003 OWASP-Top-10-2017-Release-Candidate1-English.pdf (1.1 MB)
  • 012 microservices-API-security.pdf (1.1 MB)
  • 012 SECURING-MICROSERVICES-AND-MICROSERVICE-ARCHITECTURES-A-SYSTEMATIC-MAPPING-STUDY.pdf (1.1 MB)
  • 003 Defeating-SQL-Injection.pdf (1.1 MB)
  • 001 OWASP-Application-Security-Verification-Standard-4.0-en.pdf (1.0 MB)
  • 012 AUTHENTICATION-AND-AUTHORIZATION-IN-MICROSERVICE-BASED-SYSTEMS-SURVEY-OF-ARCHITECTURE-PATTERNS.pdf (973.1 KB)
  • 003 You-shall-not-pass-Mitigating-SQL-Injection-Attacks-on-Legacy-Web-Applications.pdf (676.9 KB)
  • 002 WAS.pdf (368.9 KB)
05 - Frequently Asked Questions
  • 002 Test-hacking-skill-free-link.docx (31.3 KB)
  • 001 SSLLabs-link.docx (29.0 KB)
  • 003 What are insecure direct object references.mp4 (4.7 MB)
  • 001 How can you test whether you website uses the latest security protocols.mp4 (2.8 MB)
  • 002 Where can I (legally) test my hacking skills for free.mp4 (2.8 MB)
03 - New in 2021
  • 003 Software and Data Integrity Failures - OWASP A082021.mp4 (9.8 MB)
  • 002 Insecure Design - OWASP A042021.mp4 (6.6 MB)
  • 004 Server-Side Request Forgery - OWASP A102021.mp4 (5.6 MB)
  • 001 Cryptographic Failures - OWASP A022021.mp4 (4.6 MB)
  • 002 The-Application-of-a-New-Secure-Software-Development-Life-Cycle-S-SDLC-with-Agile-Methodologies.pdf (2.1 MB)
  • 002 Design-Methodologies-for-Securing-Cyber-Physical-Systems.pdf (1.5 MB)
  • 001 CryptSDLC-Embedding-Cryptographic-Engineering-into-Secure-Software-Development-Lifecycle.pdf (815.9 KB)
  • 002 BakingTimer-Privacy-Analysis-of-Server-Side-Request-Processing-Time.pdf (629.8 KB)
  • 004 Preventing-Server-Side-Request-Forgery-Attacks.pdf (552.6 KB)
  • 001 Organizational-Practices-in-Cryptographic-Development-and-Testing.pdf (425.1 KB)
  • 001 Comparative-Analysis-of-Cryptographic-Key-Management-Systems.pdf (396.1 KB)
  • TutsNode.com.txt (0.1 KB)
  • [TGx]Downloaded from torrentgalaxy.to .txt (0.6 KB)
  • .pad
    • 0 (2.5 KB)
    • 1 (10.2 KB)
    • 2 (4.7 KB)
    • 3 (3.3 KB)
    • 4 (8.3 KB)
    • 5 (6.5 KB)
    • 6 (87.9 KB)
    • 7 (163.6 KB)
    • 8 (166.3 KB)
    • 9 (125.0 KB)
    • 10 (219.5 KB)
    • 11 (214.2 KB)
    • 12 (210.9 KB)
    • 13 (228.9 KB)
    • 14 (1.6 KB)
    • 15 (167.7 KB)
    • 16 (247.5 KB)
    • 17 (122.2 KB)
    • 18 (142.2 KB)
    • 19 (140.2 KB)
    • 20 (45.9 KB)
    • 21 (185.8 KB)
    • 22 (79.5 KB)
    • 23 (167.5 KB)
    • 24 (156.1 KB)
    • 25 (49.0 KB)
    • 26 (220.7 KB)
    • 27 (232.8 KB)
    • 28 (186.2 KB)
    • 29 (50.9 KB)
    • 30 (197.5 KB)
    • 31 (109.1 KB)
    • 32 (139.0 KB)
    • 33 (10.8 KB)
    • 34 (113.6 KB)
    • 35 (144.1 KB)
    • 36 (146.3 KB)
    • 37 (153.5 KB)
    • 38 (166.2 KB)
    • 39 (240.7 KB)
    • 40 (50.9 KB)
    • Code:

      • udp://open.stealth.si:80/announce
      • udp://tracker.tiny-vps.com:6969/announce
      • udp://fasttracker.foreverpirates.co:6969/announce
      • udp://tracker.opentrackr.org:1337/announce
      • udp://explodie.org:6969/announce
      • udp://tracker.cyberia.is:6969/announce
      • udp://ipv4.tracker.harry.lu:80/announce
      • udp://tracker.uw0.xyz:6969/announce
      • udp://opentracker.i2p.rocks:6969/announce
      • udp://tracker.birkenwald.de:6969/announce
      • udp://tracker.torrent.eu.org:451/announce
      • udp://tracker.moeking.me:6969/announce
      • udp://tracker.dler.org:6969/announce
      • udp://9.rarbg.me:2970/announce