Welcome to OWASP Top 10 Security Fundamentals

This course will cover the ten most critical web application security risks, with a brief review and discussion of each risk, followed by a hands-on part in which you will play the attacker role.

In each session, you will be given the required background knowledge to understand the threat agents, attack vectors, the security weakness itself, and its impact. Following our hands-on approach, you will have the chance to play the hacker and conduct exploitation by bypassing authorization mechanisms to get access to databases and to manipulate other users’ resources, or even get control over the application server.

Over the next three weeks you will learn:

• how to use the OWASP Top 10 to ensure your applications minimize the security risks rated in the OWASP Top 10 list
• how web applications are built and delivered on top of the HTTP protocol
• about threat agents, attack vectors, and the impact of the ten most critical web application security risks
• how to identify and mitigate the ten most critical security risks by reviewing vulnerable source code
• about common exploitation techniques used to test software security

This course is being presented by Paulo Silva. Paulo does ethical hacking and is a senior security researcher. He spent more than 15 years working as a software developer. He became an OWASP Volunteer in 2010, and he has been an OWASP Go Secure Coding Practices Project Leader​ and an OWASP API Security Project main contributor​.

This course contains several practical demonstrations for you to follow along with. The best way to learn is by doing, so where we would like you to try out what has been demonstrated or discussed, we will indicate this with “over to you”.

Course roadmap

This course is designed to give you the knowledge and the skills to identify, mitigate, and prevent cybersecurity-related issues. You will gain this knowledge and acquire these skills over four weeks. The course structure is shown in the roadmap below.

Technical requirements

To complete this course, you will need the following, or higher:

• OS: Windows, Linux, Mac iOS
• processor: any recent Intel or AMD processor or equivalent
• memory: at least 1GB RAM
• storage: 2GB

Learning outcomes of Week 1

We will start by focusing on whether your data is really safe on the web. By the end of this first week, you will be able to:

• describe what OWASP is
• describe how the World Wide Web is structured
• describe the threats associated with injection attacks
• describe how authentication processes can be vulnerable to hackers

Working together

For this course, it is really important that you take the time to share comments and interact with others on the course. The educators from your videos will not be providing feedback as you move through the content, but you and other users should work together to discuss what you are learning and to support each other.

Next steps

When you are ready, please mark this step as complete and move on to the next step, “Assessment in OWASP Top 10 Security Fundamentals”.

Over to you: Are you ready to get started? Check that you have downloaded VirtualBox and Vagrant. In a later section you will learn how to install the OWASP Juice Shop as well, since we will be using this application throughout the course.