Training > Cybersecurity > Understanding Vulnerabilities and Security Threats (WSKF603)

Understanding Vulnerabilities and Security Threats (WSKF603)

Build better software and strengthen your IT career opportunities by hardening your security mindset. Break down the OWASP® Top 10 to understand the most common pitfalls and use hands-on labs to learn techniques to battle each vulnerability.

Key Benefits for You:

✔ Live, instructor-led hands-on labs
✔ Harden your cybersecurity skill set
✔ Practice using your preferred development language

Who Is It For

This course is designed for developers and security professionals who want to deepen their understanding of web application security with hands-on learning in exploiting and defending against vulnerabilities.
read less read more
What You’ll Learn

Participants will gain an in-depth understanding of each item in the OWASP® Top 10 with hands-on experience exploiting and defending against each vulnerability. The course focuses on understanding common mistakes developers make and the techniques needed to battle vulnerabilities using a test application tailored to their preferred development language.
read less read more
What It Prepares You For

This course prepares participants to ensure the security of their web applications by understanding and implementing effective mitigations for the most common vulnerabilities identified by the OWASP® Top 10.
read less read more
Course Outline
Expand All
Collapse All
Module 1: Introduction to OWASP® and Web Application Security
- 1.1 Welcome and Introduction
- 1.2 Importance of Web Application Security
- 1.3 Overview of the OWASP® Top 10 (2021)
Module 2: In-Depth Analysis of OWASP® Top 10 (2021)
- Case studies of major security breaches
- 2.1 Broken Access Control (A01:2021)
- 2.1.1 Understanding Broken Access Control
- 2.1.2 Exploiting Broken Access Control
- 2.1.3 Defending Against Broken Access Control
- 2.3 Injection (A03:2021)
- 2.3.1 Understanding Injection
- 2.3.2 Exploiting Injection
- 2.3.3 Defending Against Injection
- 2.4 Insecure Design (A04:2021)
- 2.4.1 Understanding Insecure Design
- 2.4.2 Identifying Insecure Design
- 2.4.3 Mitigating Insecure Design
- 2.5 Security Misconfiguration (A05:2021)
- 2.5.1 Understanding Security Misconfiguration
- 2.5.2 Exploiting Security Misconfiguration
- 2.5.3 Defending Against Security Misconfiguration
- 2.6 Vulnerable and Outdated Components (A06:2021)
- 2.6.1 Understanding Vulnerable and Outdated Components
- 2.6.2 Identifying Vulnerable Components
- 2.6.3 Mitigating Risks of Vulnerable Components
- 2.7 Identification and Authentication Failures (A07:2021)
- 2.7.1 Understanding Identification and Authentication Failures
- 2.7.2 Exploiting Identification and Authentication Failures
- 2.7.3 Defending Against Identification and Authentication Failures
- 2.8 Software and Data Integrity Failures (A08:2021)
- 2.8.1 Understanding Software and Data Integrity Failures
- 2.8.2 Identifying Integrity Failures
- 2.8.3 Defending Against Integrity Failures
- 2.9 Security Logging and Monitoring Failures (A09:2021)
- 2.9.1 Understanding Security Logging and Monitoring Failures
- 2.9.2 Identifying Logging and Monitoring Failures
- 2.9.3 Defending Against Logging and Monitoring Failures
- 2.10 Server-Side Request Forgery (A10:2021)
- 2.10.1 Understanding Server-Side Request Forgery
- 2.10.2 Exploiting Server-Side Request Forgery
- 2.10.3 Defending Against Server-Side Request Forgery

Module 3: Common Mistakes and Best Practices
- 3.1 Common Developer Mistakes for Each Risk
- 3.2 Best Practices for Secure Development
Module 4: Defensive Techniques and Tools
- 4.1 Techniques to Battle Vulnerabilities
- 4.2 Tools for Security Testing and Defense

Participants should have a basic understanding of web development principles and familiarity with the chosen development language. They will need a computing system with adequate performance specifications and access to the provided demo environments.