Learn your way! Get started

OWASP Top 10 2021 Part 3

with expert Robert Hurlbut


Watch trailer


Course at a glance

Included in these subscriptions:

  • Dev & IT Pro Video
  • Dev & IT Pro Power Pack

Release date 8/14/2023
Level Intermediate
Runtime 0h 38m
Closed captioning N/A
Transcript N/A
eBooks / courseware N/A
Hands-on labs N/A
Sample code Included
Exams Included


Enterprise Solutions

Need reporting, custom learning tracks, or SCORM? Learn More



Course description

In this course, the student will get an overview of the OWASP Top 10 2021. The OWASP® (“Open Worldwide Application Security Project”) Foundation first published the OWASP Top 10 list in 2003. Since then, the list has been updated in 2004, 2007, 2010, 2013, and 2017. The most recent update was published in 2021. Security threats and related risks that make the list at any point are identified by their rank on the list and the year of the list. The OWASP Top 10 list provides information about the top 10 security threats and related risks software developers need to know and think about as they build their applications. The security threats and related risks are primarily focused on web applications, but since the beginning, the Top 10 list has been helping many software developers understand and counter the most critical security threats and related risks in many kinds of applications. This course covers Identification and Authentication Failures and Software and Data Integrity Failures.

Prerequisites

The student is encouraged to watch the OWASP Top 10 2017 Update before this course as it will give a good foundation for the changes in the OWASP Top 10 2021. This course assumes some experience with web development and a basic understanding of application security.

Meet the expert

Robert Hurlbut is a software security architect and trainer. He is a Microsoft MVP for Developer Security / Visual Studio and Development Technologies and he holds the (ISC)2 CSSLP security certification. Robert has 30 years of industry experience in secure coding, software architecture, and software development and has served as a project manager, director of software development, chief software architect, and application security champion for several companies. He speaks at user groups, national and international conferences, and provides training for many clients.

Course outline



Module 3

Identification and Authentication Failures (21:33)
  • Introduction (00:08)
  • A7 Identification and Authentication Failures (04:36)
  • How to Prevent (03:51)
  • Example Attacks (05:03)
  • Demo: Verification Requirements (03:18)
  • Demo: Authentication Verification (04:36)
  • Summary (00:00)
Software and Data Integrity Failures (17:14)
  • Introduction (00:08)
  • A8 Software and Data Integrity Failures (02:06)
  • How to Prevent (02:12)
  • Example Attacks (05:38)
  • References (01:16)
  • Demo: Signing Code (03:12)
  • Demo: Insecure Deserialization (02:41)
  • Summary (00:00)