Provided by


This course aims to teach learners about the OWASP top 10 in bite size modules, we will look at the OWASP top 10 vulnerabilities and mitigations available to any development environment.

It is important to understand that this is the baseline set of security standards. Remembering that this knowledge can be reused across technology stacks.
  • Injection
  • Broken Authentication
  • Sensitive Data Exposure
  • XML External Entities (XXE)
  • Broken Access Controls
  • Security Misconfigurations
  • Cross-Site Scripting
  • Insecure Deserialization
  • Using Components with Known Vulnerabilities
  • Insufficient Logging and Monitoring

Experience with Linux command line is advantageous however it is not essential as the instructor will guide the delegates through each task.

Delegates will learn how to

Delegates will learn how to;
  • Identify the OWASP Top 10 Vulnerabilities
  • Recognise and explain how these vulnerabilities could be exploited
  • Outline potential impact and consequences of web-based attacks
  • Describe baseline mitigation steps and techniques to prevent common web and application-based attacks
  • Explore discovery methods for critical security issues
  • Identify practices to prevent the most common mistakes and lead to more secure software

OWASP Top Ten Overview
Our 101 course takes the learner through the OWASP Top Ten. Each issue is introduced, practical examples are given using our application security labs to show the potential impact, whilst countermeasures and secure coding techniques are discussed. We cover the following topics;

A1 - Injection
A2 - Broken Authentication
A3 - Sensitive Data Exposure
A4 - XML External Entities (XXE)
A5 - Broken Access Control
A6 - Security Misconfiguration
A7 - Cross-Site Scripting (XSS)
A8 - Insecure Deserialization
A9 - Using Components with Known Vulnerabilities
A10 - Insufficient Logging & Monitoring

In this short 101 course you will be introduced to the OWASP Top Ten labs, providing a live demonstration of some of the OWASP Top Ten vulnerabilities.

Delegates can also try some of the exploits in these specific labs.
  • Injection
  • Broken Authentication
  • Security Misconfiguration
  • Cross Site Scripting (XSS)
  • Cross Site Request Forgery (CSRF)

Related article

The Cyber Pulse is QA's new portal to free Cyber content, including on-demand webinars, articles written by leading experts,