Learn
Connect
Blog
Resource hub
Featured resource
2026 Tech Forecast
2026 Tech Forecast

1,500+ tech insiders, business leaders, and Pluralsight Authors share their predictions on what’s shifting fastest and how to stay ahead.

Download the forecast
  • Learning Path
    • Libraries: This path is only available in the libraries listed. To access this path, purchase a license for the corresponding library.
  • Security
    •

The OWASP Top 10

9 Courses
7 Hours
Skill IQ

This comprehensive track provides a deep dive into the Open Worldwide Application Security Project (OWASP) Top 10. Rather than just listing vulnerabilities, this path focuses on the mechanics of exploitation and the principles of defense, empowering learners to build "secure by design" software.

Get started
Content in this path
The OWASP Top 10

A hands-on learning path that teaches developers, security engineers, and testers how to recognize, exploit, and remediate the ten most critical web application security risks, based on the OWASP Top 10 framework.

Course
OWASP Top 10 Security Risks
  • by Chris Jackson
  • 1h 2m
  • Jan 08, 2026
Course
OWASP: Broken Access Control
  • by Gavin Johnson-Lynn
  • 42m
  • Dec 23, 2025
Course
OWASP: Security Misconfiguration
  • by Christian Wenz
  • 58m
  • Mar 10, 2026
Course
OWASP: Software Supply Chain Failures
  • by Gavin Johnson-Lynn
  • 47m
  • Jan 26, 2026
Course
OWASP: Cryptographic Failures
  • by Howard Poston
  • 56m
  • Mar 11, 2026
Course
OWASP: Injection
  • by Gavin Johnson-Lynn
  • 40m
  • Feb 10, 2026
Course
OWASP: Authentication Failures
  • by Mohammad Ayashi
  • 1h
  • Jan 22, 2026
Course
OWASP: Logging and Alerting Failures
  • by Gavin Johnson-Lynn
  • 24m
  • Mar 06, 2026
Course
OWASP: Mishandling of Exceptional Conditions
  • by Gavin Johnson-Lynn
  • 42m
  • Mar 23, 2026
Try this learning path for free
Access this learning path and other top-rated tech content with a free trial.
Free individual trial
Free team trial
What You'll Learn
  • Understand and identify the ten OWASP Top 10 categories of vulnerabilities.
  • Reproduce real-world examples of web application flaws in safe lab environments.
  • Perform hands-on testing techniques using common security tools.
  • Apply secure coding and configuration practices to remediate each category.
  • Translate vulnerabilities into risk language for developers, managers, and stakeholders.
  • Build habits of secure design and integrate security checks into the development lifecycle.
Prerequisites
  • None
Related topics
  • secure coding
  • Software Development
  • Pen Testing
  • OWASP Top 10
Not sure where to start?
With over 500 assessments to choose from, you can see where your skills stand and receive adaptive learning recommendations to fill knowledge gaps in as little as 10 minutes.
Learn more
Learn with the best
Chris Jackson
Chris Jackson
Chris Jackson is a cybersecurity professional with years of experience in identifying security incidents, securing applications and security training. Over the years, he has tested web applications for vulnerabilities, helped deploy SIEM platforms and more. He is passionate about teaching cybersecurity and committed to learning new technologies.
Gavin Johnson-Lynn
Gavin Johnson-Lynn
Gavin has 20 years’ experience writing software in regulated environments and for global organisations. The last five years of his development career were spent with a focus on security, becoming the security lead for a significant payments project at a FTSE 100 company. He has experience with languages from COBOL to .Net and many languages in between. Gavin's experience of secure development revealed a passion for security, leading him to become a speaker and blogger on the subject. He has held...
Christian Wenz
Christian Wenz
Christian Wenz is an architect, consultant and author focusing on web technologies. He wrote or co-wrote over 100 books, is a fixture at international developer conferences since 2001, is a Microsoft Most Valuable Professional (MVP) for Developer Technologies since 2004, and the main author of the official Zend PHP certification. His day job includes conducting security audits, migrating old code bases, implementing complex web applications and helping companies choose the right web strategy an...
Howard Poston
Howard Poston
Howard Poston is a freelance copywriter, course developer, and consultant specializing in blockchain and cybersecurity. He’s developed over 20 online courses on various security topics, such as Python for Cybersecurity, blockchain security, and secure coding. He is also the author of Python for Cybersecurity and Blockchain Security from the Bottom Up and has spoken at several cybersecurity conferences on various topics.
Mohammad Ayashi
Mohammad Ayashi
With over 15 years of experience in IT security and software development, Mohammad is a passionate information security practitioner who thrives at the intersection of technology and leadership. His expertise spans a broad range of topics, from hypervisors, containers, and cloud-native infrastructure to IT security management and engineering. Mohammad has presented on these subjects at conferences and events around the world, sharing insights and best practices with global audiences. Currently, ...

Get started with Pluralsight

View individual plans View team plans
Related Pages