Exploring OWASP Top Ten [TT8150]

Tijdsduur
Locatie
Op locatie, Online
Startdatum en plaats
Logo van Global Knowledge Network Netherlands B.V.
Opleiderscore: starstarstarstarstar_border 7,9 Global Knowledge Network Netherlands B.V. heeft een gemiddelde beoordeling van 7,9 (uit 96 ervaringen)

Tip: meer info over het programma, prijs, en inschrijven? Download de brochure!

Startdata en plaatsen

placeNieuwegein (Iepenhoeve 5)
9 sep. 2021 tot 10 sep. 2021
computer Online: VIRTUAL TRAINING CENTRE
9 sep. 2021 tot 10 sep. 2021
placeNieuwegein (Iepenhoeve 5)
9 dec. 2021 tot 10 dec. 2021
computer Online: VIRTUAL TRAINING CENTRE
9 dec. 2021 tot 10 dec. 2021

Beschrijving

Ontdek de verschillende trainingsmogelijkheden bij Global Knowledge

Online of op locatie er is altijd een vorm die bij je past.

Kies op welke manier jij of je team graag een training wilt volgen. Global Knowledge bied je verschillende trainingsmogelijkheden. Je kunt kiezen uit o.a. klassikaal, Virtueel Klassikaal (online), e-Learning en maatwerk. Met onze Blended oplossing kun je de verschillende trainingsvormen combineren.

OVERVIEW

The impact for exploited software is obvious. We are beyond the point where vulnerabilties must be addressed. The recently updated OWASP Top 10 has become the most recognized source for defining the most significant vulnerabilities. This series of quick, hard-hitting sessions sets the context and charges through each of the OWASP vulnerabilities. Each virtual, instructor-led session provides a solid set of information for developers, testers, and other stakeholders about understanding, identifying, and mitigating a vulnerability. These short, intense sessions maximize the flow of information in an effective and interactive manner.

Students who attend this sequence of sessions will g…

Lees de volledige beschrijving

Veelgestelde vragen

Er zijn nog geen veelgestelde vragen over dit product. Als je een vraag hebt, neem dan contact op met onze klantenservice.

Nog niet gevonden wat je zocht? Bekijk deze onderwerpen: OWASP, Ethical Hacking, Cyber Security, Penetration testing en Java.

Ontdek de verschillende trainingsmogelijkheden bij Global Knowledge

Online of op locatie er is altijd een vorm die bij je past.

Kies op welke manier jij of je team graag een training wilt volgen. Global Knowledge bied je verschillende trainingsmogelijkheden. Je kunt kiezen uit o.a. klassikaal, Virtueel Klassikaal (online), e-Learning en maatwerk. Met onze Blended oplossing kun je de verschillende trainingsvormen combineren.

OVERVIEW

The impact for exploited software is obvious. We are beyond the point where vulnerabilties must be addressed. The recently updated OWASP Top 10 has become the most recognized source for defining the most significant vulnerabilities. This series of quick, hard-hitting sessions sets the context and charges through each of the OWASP vulnerabilities. Each virtual, instructor-led session provides a solid set of information for developers, testers, and other stakeholders about understanding, identifying, and mitigating a vulnerability. These short, intense sessions maximize the flow of information in an effective and interactive manner.

Students who attend this sequence of sessions will gain an understanding of the recently updated OWASP Top 10. Each of these sessions provides useful insights, discussions, and, in many cases, demonstrations of the application vulnerabilities that are plaguing the industry.

OBJECTIVES

After a quick examination of the context for application security and the OWASP Top 10, each of the vulnerabilties are covered in detail. After the ten vulnerabilities are examined in detail, we wrap up with sessions on next steps for attendees to take as well as an overview of Threat Modeling. 

Attendees will gain an understanding of:

  • The mechanism by which the vulnerability is exploited. Often the exploitability of a vulnerability is rooted in an underlying pattern that is valid across many technologies and architectures.
  • The prevalence of the vulnerability, including characteristics to focus on during design and code reviews to help detect potential issues.
  • The potential consequences of a successful exploit.
  • The measures that can be taken to eliminate, prevent, or minimize the risk of an exploited vulnerability.
  • The relative effectiveness of scanners and other tools in detecting the vulnerability being discussed.
  • Generic and code-specific references that can be utilized after the session.

 

AUDIENCE

This is an introductory-level course designed for technical stakeholders and web developers.  Familiarity with programming is helpful but not required. 

 

CONTENT

Session 1: Jumping into the OWASP Top 10

  • Security: The Complete Picture
  • Attack Patterns
  • Anthem, Dell, Target, Equifax, and Marriot Debriefs
  • Verizon’s 2019 Data Breach Report
  • Assumptions We Make
  • Recognizing Assets
  • Introduction to OWASP Top 10

Session 2: A1: Injection

  • Injection Flaws
  • Examples: SQL Injection
  • Drill Down on Stored Procedures
  • Understanding the Underlying Problem
  • Other Forms of Injection
  • Minimizing Injection Flaws
  • Potential Demonstration: Defending Against SQL Injection

Session 3: A2: Broken Authentication

  • Weak Authentication Data
  • Protecting Authentication Data
  • Protecting Authentication Services
  • Effective Credential Management
  • Effective Multi-Factor Authentication
  • Handling Passwords on Server Side
  • Potential Demonstration: Defending Authentication

Session 4: A3: Sensitive Data Exposure

  • Protecting Data Can Mitigate Impact of Exploit
  • Regulatory Considerations
  • Establishing an Asset Inventory
  • At Rest Data Handling
  • In Motion Data Handling
  • In Use Data Handling
  • Potential Demonstration: Defending Sensitive Data

Session 5: A4: XML External Entities (XXE)

  • Recognizing XML Processing: Direct, REST, SOAP, etc.
  • Challenges of Safe XML Parsing
  • Managing External Entity Resolution
  • XSLT Processing Challenges
  • Safe XML Processing
  • Potential Demonstration: Safe XML Processing

Session 6: A5: Broken Access Control

  • Access Control and Trust Boundaries
  • Excessive Privileges
  • Insufficient Flow Control
  • Unprotected API Resource Access
  • JWTs, Sessions and Session Management
  • Single Sign-on (SSO)
  • Potential Demonstration: Enforcing Access Control

Session 7: A6: Security Misconfiguration

  • System Hardening: IA Mitigation
  • Application Whitelisting
  • Principle of Least Privileges in Real Terms
  • Secure Configuration Baseline
  • Error-Handling Issues

Session 8: A7: Cross Site Scripting (XSS)

  • XSS Patterns
  • Stored XSS
  • Reflected XSS
  • DOM XSS
  • Best Practices for Untrusted Data
  • Potential Demonstration: Defending Against XSS

Session 9: A8/9: Insecure Deserialization

  • Recognizing Serialization in Java, JSON.Net and Elsewhere
  • Deserializing Hostile Objects
  • Safely Managing Deserialization
  • A9: Using Components with Known Vulnerabilities
  • Maintaining Software Inventory
  • Awareness of Vulnerabilities, Updates, and Patches
  • Managing Versions, Updates, and Patches
  • Reducing Software Risks

Session 10: A10: Logging and Monitoring

  • Fingerprinting a Web Site
  • Recognizing When and What to Log
  • Logging in Support of Forensics
  • Monitoring and Alerting
  • Responding to Alerts

Session 11: Moving Forward

  • Strength Training: Project Teams/Developers
  • Strength Training: IT Organizations
  • OWASP ASVS
  • Leveraging Common AppSec Practices and Controls

Session 12: Threat Modelling

  • Types of Security Controls
  • Attack Phases
  • Threat Modelling Overview
  • Modeling Assets, Trust Boundaries, and Data Flows
  • Relating Threats to Model Mitigating Threats

Blijf op de hoogte van nieuwe ervaringen

Er zijn nog geen ervaringen.
  • Vraag informatie aan over deze cursus. Je ontvangt vanaf dan ook een seintje wanneer iemand een ervaring deelt. Handige manier om jezelf eraan te herinneren dat je wilt blijven leren!
  • Bekijk gerelateerde producten mét ervaringen: OWASP.

Deel je ervaring

Heb je ervaring met deze cursus? Deel je ervaring en help anderen kiezen. Als dank voor de moeite doneert Springest € 1,- aan Stichting Edukans.

Er zijn nog geen veelgestelde vragen over dit product. Als je een vraag hebt, neem dan contact op met onze klantenservice.

Download gratis en vrijblijvend de informatiebrochure

Aanhef
(optioneel)
(optioneel)
(optioneel)
(optioneel)
infoEr is een telefoonnummer vereist om deze informatieaanvraag in behandeling te nemen. (optioneel)
(optioneel)
(optioneel)
(optioneel)

Heb je nog vragen?

(optioneel)
We slaan je gegevens op om je via e-mail en evt. telefoon verder te helpen.
Meer info vind je in ons privacybeleid.