• EC-council logo

Advanced Cyber Security Training: OWASP Top 10 and Web Application Fundamentals

Identify web application risks using the OWASP Top 10 and learn how to increase your software security.

  • Duration

    3 weeks
  • Weekly study

    2 hours

Examine the importance of software security and risks to web applications

It can be difficult to fully understand software vulnerabilities if you only read about them, which is why this 2-week course allows you to take a practical approach to software security.

On this course, you’ll develop your understanding of the most critical risks to web application security and learn first-hand how to exploit these vulnerabilities.

This practice-orientated course will help you become more security aware and teach you how to avoid these weaknesses in your own applications.

Understand the OWASP Top 10 and how to use them to minimise risk

The OWASP Top 10 is a standard awareness document about the largest risks to web applications. You’ll begin by reviewing and discussing each risk and learn how to exploit them to see the vulnerability in action.

You’ll learn how to use a deliberately vulnerable web application where you will exploit at least ten vulnerabilities.You’ll be able to identify and mitigate these critical security risks by reviewing vulnerable source code and learning how to fix it.

Learn the common exploitation techniques used to test software security

By putting into practice the common exploitation techniques used to test software security, you’ll gain a full understanding of the impacts of security breaches. This includes XXE (XML External Entities), XSS (Cross-Site Scripting) and Insecure Deserialization.

You’ll also examine the various threat agents to your software security and how to prevent them from conducting damaging activities.

By the end of the course, you’ll be comfortable increasing security in your organisation and the Software Development Lifecycle (SDLC).

Syllabus

  • Week 1

    Getting Started with OWASP

    • Welcome to OWASP Top 10 and Web Applications Fundamentals

      The following steps will introduce your educator and what to expect in the coming week.

    • World Wide Web Fundamentals

      In this activity, you will learn about the structure of the World Wide Web (WWW) and about the OWASP project, which was designed to help increase security when using the WWW.

    • Injection Flaws

      Now you will learn about injection flaws and how injection threats can be used to gain access to your databases.

    • Broken Authentication

      In this activity, you will learn about authentication flaws and how they make an application vulnerable to hackers. You will learn how to identify vulnerabilities and mitigate these attacks.

    • Week 1 Summary

      You have reached the end of Week 1! In this activity, you will reflect on what you have covered so far.

  • Week 2

    How to Address Suspicious Internet Activity

    • Welcome to Week 2

      Find out what is in store for the week.

    • Sensitive Data Exposure

      In this section, you will learn about the risks involved with storing sensitive data in online databases, and you will have practical sessions where you will find out how to hack this data yourself!

    • XML External Entities (XXE)

      In this activity, you will learn about XML External Entities (XXE) and how hackers may use vulnerabilities in these processes to access and exploit your database, as well as how to prevent this from happening.

    • Broken Access Control

      In this section, you will learn about the importance of a hierarchy of authorization for your users. You will be taken through demonstrations of how to identify authorization flaws in a database and how to exploit and prevent it.

    • Security Misconfiguration

      This section covers the importance of configuring your security correctly. You will see a demonstration of what can happen if your system is not properly configured.

    • Week 2 Summary

      You have reached the end of Week 2! We will now reflect on what you have covered so far.

  • Week 3

    XSS, Deserialized Data Attacks, Further Known Vulnerabilities, and How You Can Protect Your System Overall

    • Welcome to Week 3!

      In this step, find out what is in store for the week.

    • Cross-site Scripting (XSS)

      In this article, you will learn how to identify vulnerabilities associated with XXS and how to mitigate these threats.

    • Insecure Deserialization

      In these steps you will learn how deserialized data can be used to attack a system.

    • Using Components with Known Vulnerabilities

      In this step, you will learn about components that are used by many different applications despite having known vulnerabilities and how to protect a system from the threat associated with using these components.

    • Insufficient Logging and Monitoring

      In this activity, you will learn more about the risks associated with having insufficient logging and monitoring for your system and what you should do to protect your system.

    • Week 3 Summary

      You have reached the end of the course! In this activity, you will reflect on what you have covered in OWASP Top 10 Security Fundamentals.

Learning on this course

On every step of the course you can meet other learners, share your ideas and join in with active discussions in the comments.

What will you achieve?

By the end of the course, you‘ll be able to...

  • Apply the OWASP Top 10 to ensure your applications minimize the security risks in the list.
  • Explore how Web Applications are built and delivered on top of the HTTP protocol.
  • Explore threat agents, attack vectors, and impact of the ten most critical web application security risks.
  • Identify and mitigate the ten most critical security risks by reviewing vulnerable source code.
  • Explore common exploitation techniques used to test software security.

Who is the course for?

This course is designed for anyone interested in software security. You should be familiar using the web browser and have prior knowledge about the HTTP protocol, HTML and JavaScript.

You should also have a computer that is capable of running VirtualBox.

Who developed the course?

EC-Council

International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body.

Learning on FutureLearn

Your learning, your rules

  • Courses are split into weeks, activities, and steps to help you keep track of your learning
  • Learn through a mix of bite-sized videos, long- and short-form articles, audio, and practical activities
  • Stay motivated by using the Progress page to keep track of your step completion and assessment scores

Join a global classroom

  • Experience the power of social learning, and get inspired by an international network of learners
  • Share ideas with your peers and course educators on every step of the course
  • Join the conversation by reading, @ing, liking, bookmarking, and replying to comments from others

Map your progress

  • As you work through the course, use notifications and the Progress page to guide your learning
  • Whenever you’re ready, mark each step as complete, you’re in control
  • Complete 90% of course steps and all of the assessments to earn your certificate

Want to know more about learning on FutureLearn? Using FutureLearn