The OWASP Top Ten

Understanding the Risks and Consequences of Unsafe Code

What Directors and C-Suite level members of an organization need to know is summed up perfectly in the introduction to the OWASP Top Ten – 2017.

“Insecure software is undermining our financial, healthcare, defense, energy, and other critical infrastructure. As our software becomes increasingly complex, and connected, the difficulty of achieving application security increases exponentially. The rapid pace of modern software development processes makes the most common risks essential to discover and resolve quickly and accurately. We can no longer afford to tolerate relatively simple security problems like those presented in this OWASP Top 10.”

Does your company prioritize secure coding during development? If not, you could be opening the door to hackers who are ready to manipulate and exploit your code using techniques like injection and insecure deserialization.

In this previously-recorded webinar, our Technical Director and long-time developer, Marina Kelly, explored the importance of secure coding practices and the OWASP Top 10 vulnerabilities, not just for developers but for entire organizations. She focused on the business implications of the OWASP Top Ten and how they affect application development practices. Marina presented the OWASP Top 10 vulnerabilities in the context of what business leaders need to know, and what questions they should be asking to mitigate risk, especially when OWASP guidelines are incorporated into other security standards and protocols. What should a responsible business leader know about the OWASP Top Ten risks? How can they ensure that their development team is adequately addressing the risks during the development cycle? And how can they incorporate a commitment to safe coding practices into their application development culture?

If you missed the live event, fill out the form to gain access to the recording. Use the comments field if you have any questions or would like more information on Secure Coding with the OWASP Top 10 – 2017 training for your team.

To watch the webinar recording, please provide:

*
*
*
*
*
*
*
GLS Logo
Front-End Exercises
React Angular Vue.js
Cross Site Request Forgery Cross Site Request Forgery Untrusted HTML Rendering XSS
Direct Dom Manipulation XSS Direct Dom Manipulation XSS Direct Dom Manipulation XSS
Components with Known Vulnerabilities Template Concatenation Cross Site Request Forgery
Untrusted HTML Rendering XSS Sanitization Misuse XSS Untrusted Template Usage XSS
GLS Logo
OWASP Top 10 – API – 2019
ID Topic Covered in SecureDev Modules Programming Languages Available
API1:2019 Broken Object Level Authorization Broken Object Level Authorization JAVA, C#, Python (Django), Python (Flask), Node.js, GO, PHP, Ruby on Rails, Scala, Kotlin
API2:2019 Broken User Authentication Broken User Authentication
API3:2019 Excessive Data Exposure Excessive Data Exposure
API4:2019 Lack of Resources & Rate Limiting Lack of Resources & Rate Limiting
API5:2019 Broken Function Level Authorization Broken Function Level Authorization
API6:2019 Mass Assignment Mass Assignment
API7:2019 Security Misconfiguration Security Misconfiguration
API8:2019 Injection Injection
API9:2019 Improper Assets Management Improper Assets Management
API10:2019 Insufficient Logging & Monitoring Insufficient Logging & Monitoring
GLS Logo
OWASP Top 10 – 2021
ID Topic Covered in SecureDev Modules Programming Languages Available
A01:2021 Broken Access Control Vertical Privilege Escalation Horizontal Privilege Escalation JAVA, C#, Python (Django), Python (Flask), Node.js, GO, PHP, Ruby on Rails, Scala, Kotlin
A02:2021 Cryptographic Failures Weak Randomness
A03:2021 Injection SQL Injection Command Injection Header Injection XML Injection
A04:2021 Insecure Design User Enumeration
A05:2021 Security Misconfiguration Leftover Debug Code
A06:2021 Broken Access Control Vertical Privilege Escalation Horizontal Privilege Escalation
A07:2021 Vulnerable and Outdated Components Session Fixation Forced Browsing
A08:2021 Software and Data Integrity Failures Reflected XSS
Forced Browsing
Stored Cross-Site Scripting
Insecure URL Redirect
Clickjacking
Directory Traversal
DOM XSS
Cross-site Request Forgery
A09:2021 Security Logging and Monitoring Failures PII Data in URL
Token Exposure in URL
A10:2021 Server-Side Request Forgery (SSRF) Server-Side Request Forgery
GLS Logo

Your download is complete!

Need more training?