What's New in the OWASP Top 10 for 2013
The OWASP Top 10 Web Application Security Risks is the first stop for web developers who are serious about securing their online creations. This course outlines what has changed in web security since the previous 2010 edition, and where developers should now focus their security efforts.
What you'll learn
The Top 10 Web application security risks produced by OWASP is an evolving resource that helps organizations focus on the most prominent risks in web security today. Every few years we see a revision; the types of attacks we’re witnessing change, the defenses change, and the risk and associated priority changes. OWASP adapts to this changing environment and recently made available the 2013 edition of the Top 10. This course is designed to help those who already have an awareness of the Top 10 understand what’s new in the latest edition and how the landscape has changed in three short years. It also introduces the concept of "Risk Assessments" and provides further resources to help go beyond just the Top 10 risks.
Table of contents
- It's All About Risks 2m
- Where Does the Data on Risks Come From? 2m
- What Are Application Security Risks? 3m
- The OWASP Risk Rating Methodology 4m
- Understanding Likelihood 4m
- Assessing Likelihood 5m
- Understanding Impact 4m
- Assessing Impact 3m
- Calculating the Overall Risk 2m
- Applying the Methodology to the XSS Risk 5m
- Summary 3m
- Introduction 1m
- A1 – Injection 2m
- A2 – Broken Authentication and Session Management 3m
- A3 – Cross-Site Scripting (XSS) 3m
- A4 – Insecure Direct Object References 2m
- A5 – Security Misconfiguration 3m
- A6 – Sensitive Data Exposure 2m
- A7 – Missing Function Level Access Control 3m
- A8 – Cross-Site Request Forgery (CSRF) 2m
- A9 – Using Known Vulnerable Components 2m
- A10 – Unvalidated Redirects and Forwards 2m
- Summary 3m
About the author
Troy Hunt is a Microsoft Regional Director and MVP for Developer Security, an ASPInsider, and a full time Author for Pluralsight—a leader in online training for technology and creative professionals. Troy has been building software for browsers since the very early days of the web and possesses an exceptional ability to distill complex subjects into relatable explanations. This has led Troy to become an industry thought leader in the security space and produce more than twenty top-rated courses ... more