Free OWASP Top 10 CBT

Language agnostic. Complete at your own pace.
Real exploit concepts around web application threats, vulnerabilities & strategies to mitigate them.

3 Day Training

3 Day Training

PCI DSS<br />6.3.7 & 6.5<br />Compliant

PCI DSS
6.3.7 & 6.5
Compliant

All Staff

All Staff

Instructor Led<br />CBT / Remote<br /> Training Available

Instructor Led
CBT / Remote
Training Available

Course Overview

This course will help students learn key concepts in web application security, the vulnerabilities that exist and how hackers exploit modern day applications for their own gain.

Students will be well versed in describing common attacks and will be able to express how these scenarios could affect their own business applications.

This course covers compliance requirements for PCI DSS 6.3.7 and 6.5.

Learning Objectives

  • Express software defects, including the OWASP Top 10 vulnerabilities and how they relate to your business.
  • Understand today's threats to connected applications and express the necessary concepts to defend your business against them.
  • Hands on experience in our TrueLabs to see first-hand how hackers attack systems
  • Cover topics in PCI DSS 6.3.7 and 6.5

Outline

Introduction

  • What is information security?
  • Software security trends

1. Authentication

  • Authentication 101
  • Factors of authentication
  • Authentication weaknesses

2. Authorization and Access Control

  • Authorization 101
  • Horizontal & vertical privilege escalation
  • Access controls common techniques

3. Session Management

  • Session 101
  • Hijacking sessions
  • Session ID weaknesses
  • CSRF
  • Session management best practices

4. Data Validation

  • Methods of validation
  • Cross-site scripting
  • SQL injection
  • Data encoding issues
  • Parameter manipulation

5. Cryptography

  • Basics of cryptography
  • Random numbers
  • Hashing of data
  • About SSL and weak encryption

6. Misc Topics in Security

  • Leakage and error handling
  • Accountability
  • 3rd party code
  • File references

Download Datasheet

Download Datasheet

Security Compass training courses are offered using a variety of delivery methods. Download the data sheet to learn more.

Public Classes

Security Compass offers this course as a public class. Contact us for a schedule of all our upcoming public training classes.