Web Security and the OWASP Top 10: The Big Picture

by Troy Hunt

OWASP Top 10 "The Big Picture" is all about understanding the top 10 web security risks we face on the web today in an easily consumable, well-structured fashion that aligns to the number one industry standard on the topic today.

What you'll learn

Security on the web is becoming an increasingly important topic for organisations to grasp. Recent years have seen the emergence of the hacktivist movement, the increasing sophistication of online career criminals and now the very real threat posed by nation states compromising personal and corporate security.

The Open Web Application Security Project gives us the OWASP Top 10 to help guide the secure development of online applications and defend against these threats.

This course takes you through a very well-structured, evidence-based prioritization of risks and, most importantly, how organizations building software for the web can protect against them.

Course FAQ

What is OWASP?

OWASP stands for the Open Web Application Security Project - a helpful guide to the secure development of online applications and defense against threats. OWASP is free and open source, with access to an online community and helpful resources and tools for web application security.

What is the OWASP Top 10?

The OWASP Top 10 is a document that outlines the most critical security risks to web applications for developers to be aware of. Examples of some of these security risks are broken authentication, security misconfigurations, and cross-site scripting (XSS).

What will I learn in this course?

You will learn about the top 10 web security risks we face on the web today. There is a module covering each risk. Those risks are:

  • Injection
  • Broken authentication and session management
  • Cross-site scripting (XSS)
  • Insecure direct object references
  • Security misconfiguration
  • Sensitive data exposure
  • Missing function level access control
  • Cross-site request forgery (CSRF)
  • Using components with known vulnerabilities
  • Unvalidated redirects and forwards
Who should take this course?

Anyone who wants to learn about OWASP and the OWASP Top 10 should take this course. If you work with web security to any extent, you will find this course beneficial.

Are there any prerequisites to this course?

There are no strict prerequisites for this course, but it is an intermediate level, so some prior experience with web security will be helpful.

About the author

Troy Hunt is a Microsoft Regional Director and MVP for Developer Security. He's a regular conference speaker, frequent blogger at troyhunt.com and is the creator of the data breach notification service known as “Have I Been Pwned”.

Ready to upskill? Get started