Free OWASP Top 10 CBT

Language agnostic. Complete at your own pace.
Real exploit concepts around web application threats, vulnerabilities & strategies to mitigate them.

1 Day Training

1 Day Training

Basic Technical Background Knowledge Prerequisite

Basic Technical Background Knowledge Prerequisite

Managers, Leaders, CTO/CIOs

Managers, Leaders, CTO/CIOs

Instructor Led<br />CBT / Remote<br /> Training Available

Instructor Led
CBT / Remote
Training Available

Course Overview

Developers and security analysts are increasingly becoming involved in application security initiatives. Managers need to understand both the technical nature of their teams' involvement with security initiatives as well as the business case for performing activities.

This class arms managers with the knowledge necessary to make effective, risk-based decisions about application projects that balance business needs with security requirements. Security Compass brings extensive enterprise security assessment and prioritization experience to its highly successful training platform in this class.

Learning Objectives

  • Articulate the Return on Investment and perform tradeoff analysis on various application security review findings by risk
  • Understand attacks that hackers use to break into applications
  • Understand common activities used by organizations to secure their applications



  • Application security vs. traditional security

1. Authentication

  • Factors of Authentication
  • User Enumeration
  • Password Reset
  • Brute Force
  • Password Sniffing

2. Session Management

  • Session hijacking
  • Content caching

3. Data Validation

  • Input validation overview
  • Cross-site scripting (XSS)
  • Cross-site request forgery (CSRF)
  • SQL injection
  • Data encoding issues
  • Parameter manipulation
  • XML attacks

4. Secure Software Development

  • Secure SDLC
  • Security requirements
  • Application security standards and guidelines
  • Secure design & architecture
  • Threat modeling
  • Secure development
  • Source code review, manual vs. static analysis
  • Secure testing
  • Secure quality assurance
  • Secure deployment
  • Web application firewalls
  • Enterprise activities
  • Training and awareness
  • Remediation tracking

5. Building a Business Case

  • Costs of application security activities
  • Prioritizing multiple applications

Download Datasheet

Download Datasheet

Security Compass training courses are offered using a variety of delivery methods. Download the data sheet to learn more.

Public Classes

Security Compass offers this course as a public class. Contact us for a schedule of all our upcoming public training classes.