Web Security and the OWASP Top 10: The Big Picture

by Troy Hunt

OWASP Top 10 "The Big Picture" is all about understanding the top 10 web security risks we face on the web today in an easily consumable, well-structured fashion that aligns to the number one industry standard on the topic today.

Preview this course

What you'll learn

Security on the web is becoming an increasingly important topic for organisations to grasp. Recent years have seen the emergence of the hacktivist movement, the increasing sophistication of online career criminals and now the very real threat posed by nation states compromising personal and corporate security.

The Open Web Application Security Project gives us the OWASP Top 10 to help guide the secure development of online applications and defend against these threats.

This course takes you through a very well-structured, evidence-based prioritization of risks and, most importantly, how organizations building software for the web can protect against them.

Table of contents

Introduction
8mins
Injection
14mins
Broken Authentication and Session Management
15mins
Cross-Site Scripting (XSS)
13mins
Insecure Direct Object References
11mins
Security Misconfiguration
10mins
Sensitive Data Exposure
12mins
Missing Function Level Access Control
12mins
Cross-Site Request Forgery (CSRF)
12mins
Using Components with Known Vulnerabilities
9mins
Unvalidated Redirects and Forwards
8mins

Course FAQ

What is OWASP?

OWASP stands for the Open Web Application Security Project - a helpful guide to the secure development of online applications and defense against threats. OWASP is free and open source, with access to an online community and helpful resources and tools for web application security.

What is the OWASP Top 10?

The OWASP Top 10 is a document that outlines the most critical security risks to web applications for developers to be aware of. Examples of some of these security risks are broken authentication, security misconfigurations, and cross-site scripting (XSS).

What will I learn in this course?

You will learn about the top 10 web security risks we face on the web today. There is a module covering each risk. Those risks are:

  • Injection
  • Broken authentication and session management
  • Cross-site scripting (XSS)
  • Insecure direct object references
  • Security misconfiguration
  • Sensitive data exposure
  • Missing function level access control
  • Cross-site request forgery (CSRF)
  • Using components with known vulnerabilities
  • Unvalidated redirects and forwards
Who should take this course?

Anyone who wants to learn about OWASP and the OWASP Top 10 should take this course. If you work with web security to any extent, you will find this course beneficial.

Are there any prerequisites to this course?

There are no strict prerequisites for this course, but it is an intermediate level, so some prior experience with web security will be helpful.

About the author

Troy Hunt

Troy Hunt is a Microsoft Regional Director and MVP for Developer Security, an ASPInsider, and a full time Author for Pluralsight—a leader in online training for technology and creative professionals. Troy has been building software for browsers since the very early days of the web and possesses an exceptional ability to distill complex subjects into relatable explanations. This has led Troy to become an industry thought leader in the security space and produce more than twenty top-rated courses ... more

See more courses by Troy Hunt
Ready to upskill? Get started