What's New in the OWASP Top 10 for 2013

By Troy Hunt
The OWASP Top 10 Web Application Security Risks is the first stop for web developers who are serious about securing their online creations. This course outlines what has changed in web security since the previous 2010 edition, and where developers should now focus their security efforts.
Course info
Rating
(253)
Level
Intermediate
Updated
Apr 28, 2014
Duration
1h 34m
Table of contents
Introduction
Introduction 3m Does Much Really Change in Only 3 Years? 5m Understanding 3 Years of Data Breaches 4m The OWASP Top 10 is a Living, Evolving, Resource 4m Summary: It’s All Still Web App Sec, It’s All Still Good! 3m
Understanding the Risk Assessment
It's All About Risks 2m Where Does the Data on Risks Come From? 2m What Are Application Security Risks? 3m The OWASP Risk Rating Methodology 4m Understanding Likelihood 4m Assessing Likelihood 5m Understanding Impact 4m Assessing Impact 3m Calculating the Overall Risk 2m Applying the Methodology to the XSS Risk 5m Summary 3m
What's Changed in the Top 10
Introduction 1m A1 – Injection 2m A2 – Broken Authentication and Session Management 3m A3 – Cross-Site Scripting (XSS) 3m A4 – Insecure Direct Object References 2m A5 – Security Misconfiguration 3m A6 – Sensitive Data Exposure 2m A7 – Missing Function Level Access Control 3m A8 – Cross-Site Request Forgery (CSRF) 2m A9 – Using Known Vulnerable Components 2m A10 – Unvalidated Redirects and Forwards 2m Summary 3m
Additional Risks to Consider
It Doesn’t End at the Top 10 2m Additional Risks OWASP Recognizes 5m The SANS Top 25 Most Dangerous Software Errors 3m Course Summary 4m
Description
Course info
Rating
(253)
Level
Intermediate
Updated
Apr 28, 2014
Duration
1h 34m
Description

The Top 10 Web application security risks produced by OWASP is an evolving resource that helps organizations focus on the most prominent risks in web security today. Every few years we see a revision; the types of attacks we’re witnessing change, the defenses change, and the risk and associated priority changes. OWASP adapts to this changing environment and recently made available the 2013 edition of the Top 10. This course is designed to help those who already have an awareness of the Top 10 understand what’s new in the latest edition and how the landscape has changed in three short years. It also introduces the concept of "Risk Assessments" and provides further resources to help go beyond just the Top 10 risks.

About the author
Troy Hunt
About the author

Troy Hunt is a Microsoft Regional Director and MVP for Developer Security. He's a regular conference speaker, frequent blogger at troyhunt.com and is the creator of the data breach notification service known as “Have I Been Pwned”.

More from the author
Ethical Hacking: Denial of Service
Beginner
2h 49m
Sep 17, 2019
Ethical Hacking: SQL Injection
Beginner
5h 25m
Sep 16, 2019
Ethical Hacking: Session Hijacking
Beginner
3h 27m
Sep 16, 2019
More courses by Troy Hunt

You're the smartest person in the room

PROVE IT

Your team won't just close the skills gap

THEY'LL HURDLE IT