Learn your way! Get started

OWASP Top 10 2017 Update

with expert Robert Hurlbut


Watch trailer


Course at a glance

Included in these subscriptions:

  • Dev & IT Pro Video
  • Dev & IT Pro Power Pack

Release date 7/26/2018
Level Intermediate
Runtime 1h 25m
Closed captioning N/A
Transcript N/A
eBooks / courseware N/A
Hands-on labs N/A
Sample code Included
Exams Included


Enterprise Solutions

Need reporting, custom learning tracks, or SCORM? Learn More



Course description

The Open Web Application Security Project focuses on improving the security of software .The OWASP Top 10 is a powerful awareness document for web application security and represents a broad consensus about the most critical security risks to web applications. This course discusses the updates to the Top 10 and how threats have changed.

Prerequisites

It would be helpful to have watched the previous OWASP courses as man of the threats still exist: OWASP, Part 1: Avoiding Hacker Tricks - OWASP, Part 2: Forgery and Phishing - OWASP, Part 3: Threats and Session Security - OWASP, Part 4: Misconfiguration and Data Encryption

Meet the expert

Robert Hurlbut is a software security architect and trainer. He is a Microsoft MVP for Developer Security / Visual Studio and Development Technologies and he holds the (ISC)2 CSSLP security certification. Robert has 30 years of industry experience in secure coding, software architecture, and software development and has served as a project manager, director of software development, chief software architect, and application security champion for several companies. He speaks at user groups, national and international conferences, and provides training for many clients.

Course outline



OWASP 2017 Update

Objectives and Overview (02:57)
  • Introduction (00:29)
  • About This Course (00:29)
  • Previous Courses (00:45)
  • Related Courses (00:26)
  • Outline (00:39)
  • Summary (00:08)
History (08:47)
  • Introduction (00:08)
  • OWASP Top 10 2017: History (00:09)
  • OWASP Top 10 (01:01)
  • Web Application Security Risks (02:01)
  • Why Revisited (02:29)
  • OWASP Top 10 2017: History (02:49)
  • Summary (00:08)
Process (08:04)
  • Introduction (00:08)
  • OWASP Top 10 2017: Process (00:07)
  • New Approaches to the OWASP Top 10 2017 (02:08)
  • Changes to OWASP Top 10: 2013 to 2017 (05:31)
  • Summary (00:08)
Finding OWASP (03:19)
  • Introduction (00:08)
  • Demo: Finding OWASP (01:50)
  • Demo: OWASP Wiki (00:59)
  • Summary (00:21)
XML External Entities (09:38)
  • Introduction (00:23)
  • A4: XML External Entities (01:55)
  • Examples (02:40)
  • Remote Code Execution (01:49)
  • Revealing Files (01:18)
  • How to Prevent XXE (01:22)
  • Summary (00:08)
XXE Demo (15:05)
  • Introduction (00:08)
  • XXE Demo (06:26)
  • Unsafe XDocument (05:04)
  • Java XXE (03:17)
  • Summary (00:08)
XML XXE DOTNET Demo (05:42)
  • Introduction (00:08)
  • XML XXE Demo (02:24)
  • XML Bomb (02:54)
  • Summary (00:16)
Insecure Deserialization (09:55)
  • Introduction (00:21)
  • A8: Insecure Deserialization (03:48)
  • Examples (03:04)
  • How to Prevent Insecure Deserialization (02:32)
  • Summary (00:08)
Insecure Deserialize Demo (08:50)
  • Introduction (00:08)
  • Insecure Deserialize Demo (03:52)
  • Solutions (04:27)
  • Summary (00:23)
Insufficient Logging and Monitoring (08:02)
  • Introduction (00:19)
  • A10: Insufficient Logging and Monitoring (03:21)
  • Example Attack Scenarios (02:00)
  • How to Prevent (02:02)
  • Summary (00:18)
The Future of OWASP (04:50)
  • Introduction (00:11)
  • Future OWASP Top 10 (00:49)
  • OWASP Top 10: A Starting Place (00:59)
  • Other OWASP Resources (02:37)
  • Summary (00:12)