Learn your way! Get started

OWASP, Part 3: Threats and Session Security

with expert Don Kiely

Watch trailer

OWASP, Part 3: Threats and Session Security Trailer

Course at a glance

Included in these subscriptions:

  • Dev & IT Pro Video
  • Dev & IT Pro Power Pack
  • Power Pack Plus

Release date Release date 10/21/2015
Level Level Intermediate
Runtime Runtime 1h 38m
Platform Platform Major browsers on Windows Major browsers on Windows Major browsers on Mac OSX Major browsers on Mac OSX Mobile Devices Mobile Devices
Closed captioning Closed captioning Included
Transcript Transcript Included
eBooks / courseware eBooks / courseware N/A
Hands-on labs Hands-on labs N/A
Sample code Sample code Included
Exams Exams Included

Enterprise Solutions
Enterprise Solutions

Need reporting, custom learning tracks, or SCORM? Learn More

Course description

In this course, we’ll review and address some of the OWASP Top Ten threats. As hackers continue finding new ways to exploit systems we thought were secure, it’s imperative that application developers continue taking their coding approach and skills to all new levels. In this course we’ll look at building secure applications from the mindset of the hacker, and what a developer can do to avoid the news headlines as the latest security breach. You’ll also learn how both Authentication and Session Management can be exploited along with ways to minimize these threats.


This course is for users with experience with developing web applications using C# or other object oriented programming languages.

Meet the expert

Don Kiely Don Kiely is a featured instructor on many of our SQL Server and Visual Studio courses. He is a nationally recognized author, instructor, and consultant, specializing in Microsoft technologies. Don has many years of teaching experience, is the author or co-author of several programming books, and has spoken at many industry conferences and user groups. In addition, Don is a consultant for a variety of companies that develop distributed applications for public and private organizations.

Course outline

Understanding Threats

OWASP Overview (09:32)
  • Introduction (01:41)
  • OWASP (03:04)
  • Demo: OWASP Wiki (04:18)
  • Summary (00:28)
Top Ten Threats (27:15)
  • Introduction (00:35)
  • OWASP Top 10 List (03:08)
  • 2013 Top Ten List (07:07)
  • ASVS (01:13)
  • 2013 Top 10 List - 1st Course (00:35)
  • 2013 Top 10 List - This Course (00:09)
  • Application Security Risks (02:35)
  • Demo: Top 10 (04:41)
  • Demo: Top 10 Wiki (05:39)
  • Summary (01:27)

Session Security

Authentication & Session Threats (30:38)
  • Introduction (02:43)
  • Broken Authentication (01:28)
  • Demo: Broken Auth Wiki (03:30)
  • Demo: Am I Vulnerable? (05:15)
  • ASVS (02:30)
  • Demo: ASVS (03:17)
  • Demo: Verification Requirements (06:00)
  • Session Management Verification (05:25)
  • Summary (00:25)
Threat Examples (30:38)
  • Introduction (00:33)
  • Sample Application (00:54)
  • Demo: WebForms Application (05:08)
  • Demo: WebForms App Cont. (03:21)
  • Demo: Cookies (05:13)
  • Demo: Cookieless Sessions (05:00)
  • Demo: Identity System (05:11)
  • Demo: Authentication Verification (04:43)
  • Summary (00:32)