Course curriculum

  • 01

    Section 1: OWASP Top 10 - 2021

    • 1. OWASP Top 10 Intro

    • 2. A01-2021 BAC

    • 3. A02-2022 Sensitive data exposure

    • 4. A03-2022 Injections

    • 5. A04-2022 Insecure design

    • 6. A05-2022 Security Misconfiguration

    • 7. A06 - 2021 Vulnerable and Outdated Components

    • 8. A07 - 2021 Identification and Authentication Failures

    • 9. A08 - 2021 Software and Data Integrity Failures

    • 10. A09 - 2021 Security Logging and Monitoring Failures

    • 11. A10 - 2021: SSRF (Server side request forgery)

  • 02

    Section 2: OWASP Top 10 of 2021 - Theory

    • 12. Introduction

    • 13. OWASP Top 10 - 2021

    • 14. A 01 .PDF

    • 15. A02 - 2021 103f7.pdf

    • 16. A03 - 2021 9a4c8.pdf

    • 17. A04 - 2021 08d43.pdf

    • 18. A05 - 2021 9eb03.pdf

    • 19. A06 - 2021 bd95a.pdf

    • 20. A07 -2021.pdf

    • 21. A08 - 2021 d0c0e.pdf

    • 22. A09 - 2021 8b2ff.pdf

    • 23. A10 - 2021 727b9.pdf

    • 24. OWASP Top 10 Course In Under 30 Minutes - With Labs You Can Solve

  • 03

    Section 3: Practical: OWASP Top 10 2021

    • 25. Practical: OWASP top 10 labs 2021

  • 04

    Section 4: How to Prevent... As A Developer

    • 26. Prevention checklist

    • 27. A1. How to prevent OS Command Injections

    • 28. A1. How to prevent SQLi

    • 29. A2. How to prevent Broken authentication

  • 05

    Section 5: A4. 2017 - XXE In Depth

    • 30. 0 Intro

    • 31. 1-what is XXE

    • 32. 2-Finding attack vectors

    • 33. 3-Exploiting

    • 34. 4-WAFs and filters

    • 35. 5-Tools and prevention

  • 06

    Section 6: A7.2017 XSS In Depth

    • 36. XSS full beginner guide

    • 37. Advanced XSS Techniques

    • 38. How to test for stored XSS

    • 39. How to test for reflected XSS

  • 07

    Section 7: M1. Improper Platform Usage

    • 40. Video: M1

    • 41. M1.Improper Platform Usage

  • 08

    Section 8: M2.2016 Insecure Data Storage

    • 42. Video: M2

    • 43. M2.2016 Insecure Data Storage

  • 09

    Section 9: M3 2016: Insecure Communication

    • 44. Video: M3

    • 45. M3.2016: Insecure Communication

  • 10

    Section 10: M4.2016: Insecure Authentication

    • 46. Video M4

    • 47. M4.2016: Insecure Authentication

  • 11

    Section 11: M5. 2016 Insufficient Cryptography

    • 48. M5. 2016: Insufficient Cryptography

    • 49. Video M5

  • 12

    Section 12: OWASP M6. Insecure Authorization

    • 50. Video M6

    • 51. OWASP M6. Insecure authorization

  • 13

    Section 13: OWASP M7. Bad Code Quality

    • 52. OWASP M7. bad code quality

    • 53. OWASP M7. bad code quality

  • 14

    Section 14: M8: Code Tampering

    • 54. Video: M8: Code Tampering

    • 55. M8: Code Tampering

  • 15

    Section 15: M9: Reverse Engineering

    • 56. M9: Reverse Engineering

    • 57. M9: Reverse Engineering

  • 16

    Section 16: OWASP Mobile M10: Extraneous Functionality

    • 58. Video: OWASP Mobile M10: Extraneous functionality

  • 17

    Section 17: OWASP API Top 10

    • 59. Video: OWASP API 0 through 3

    • 60. Video: OWASP API 4 through 7

    • 61. Video: A8: Injection

    • 62. Video: API9:2019 Improper Assets Management

    • 63. API0.2019: What is an API

    • 64. API1:2019 Broken Object Level Authorization

    • 65. API2:2019 Broken User Authentication

    • 66. API3:2019 Excessive Data Exposure

    • 67. API4:2019 Lack of rate limiting

    • 68. API5:2019 Broken Function Level Authorization

    • 69. API6:2019 Mass Assignment

    • 70. API7:2019 Security Misconfiguration

    • 71. API8:2019 Injection

    • 72. API9:2019 Improper Assets Management

    • 73. API10:2019 Insufficient Logging & Monitoring

    • 74. The rest is coming very soon

  • 18

    Section 18: API Hacking with Postman

    • 75. API hacking with postman Part 1 - getting the basics down

    • 76. API hacking with postman Part 2 - importing the API description

    • 77. API hacking with postman Part 3 Pre-request scripts, tests and console

    • 78. API hacking with postman Part 4 - Getting dirty with data sources

  • 19

    Section 19: API Practice

    • 79. Let's build an API to hack

    • Assignment 1: API roulette: Can you name the API vulnerabilities?

    • Assignment 2: Let's build an API to hack - Part 2: Faking it before breaking it

    • Assignment 3: Let's build an API to hack - Part 3: Information disclosure

  • 20

    Section 20: OWASP Top 10 Attacks - Demo

    • 80. A1. Injection - Simple injection

    • 81. A1. Injection - SQLi

    • 82. A1. Injections - XXE

    • 83. A1.Injection - blind command injection

    • 84. A2.2017 - Broken Authenticaton - Demonstated

    • 85. A3.2017 - Sensitive information exposure

    • 86. A6.2017 Security misconfigurations

  • 21

    Section 21: OWASP Top 10 - 2017 (OLD)

    • 88. A0.2017 Introduction

    • 89. Installing DVWA for later practice

    • 90. A1.2017 Injections

    • 91. DVWA-Command injection

    • Quiz 1: A1. 2017 Injections

    • 92. EXTRA: Rebuilt version A1: Injection lecture

    • 93. A2.2017_Broken_authentication

    • 94. DVWA-broken-authentication

    • Quiz 2: A2.2017 broken authentication

    • 95. A3.2017 Sensitive data exposure

    • 96. A3.2017 Sensitive data exposure

    • 97. A4.2017 XXE

    • 98. A4.2017 XXE

    • 99. A5.2017 Broken Access Control

    • 100. A5.2017 Broken Access Control

    • 101. A6.2017 Security misconfigurations

    • 102. A6.2017 Security Misconfiguration

    • 103. How does a reflected XSS happen?

    • 104. A7.2017 XSS

    • 105. A7.2017 XSS

    • 106. DVWA-Reflected XSS

    • 107. DVWA-Stored XSS

    • 108. Stored XSS Testing guide

    • 109. Reflected XSS Testing guide

    • 110. A8.2017 insecure deseriliasation.mp4

    • 111. A8. Insecure Deseriliation

    • 112. A8. Insecure Deseriliation - Extra

    • 113. A9.2017 Components with vulnerablilities

    • 114. A9.2017 Using Components with Known Vulnerabilities

    • 115. A10.2017 Insufficient logging and monitoring

    • 116. A10. 2017 Insufficient Logging & Monitoring