OWASP Top 10: Comprehensive Web Application Security

Master OWASP vulnerabilites and Hacking Techniques : SQL injection, XSS, CSRF, RCE, XEE, Broken Authentication, and more

4.29 (223 reviews)
Udemy
platform
English
language
Network & Security
category
instructor
827
students
1.5 hours
content
May 2023
last update
$59.99
regular price

What you will learn

You'll understand OWASP Top 10 Web Application Security Risks

You conduct attacks on Web Applications by exploiting OWASP vulnerabilities

You'll be able to identify and exploit OWASP vulnerabilities such as: SQL injection, XSS, CSRF, RCE, Broken Authentication, Sensitive Data Exposure, etc.

You'll explore how Penetration Testing is done on Web Applications

You'll learn Web Security Fundamentals

Description

Welcome to "Ultimate Guide to Web Application Security OWASP Top Attacks"

In this course, we will explore together the most common attacks against web applications, referred to as OWASP TOP 10, and learn how to exploit these vulnerabilities so that you have a solid background in order to protect your assets. You will:

- Discover OWASP Top attacks and how they are performed and the tricks and techniques related to them.

- Do extensive exercises on DVWA (Damn Vulnerable Web Application) and OWASP BWA (Broken Web Applications) to see in actual practice how to attack live systems and what goes on behind the scenes.

- Learn to get information about a target domain and search for potential victims.

- See the tools most used by hackers of all levels grouped in one place; the Kali Linux distribution.

- Code some of your own scripts to get you started with advanced penetration where you will need to forge you own tools.

Some of the attacks you'll see are: SQL Injection, Command Injection, Cross-site Scripting, Cross-sitr Request Forgery, Path Traversal, File Inclusion, etc.


DISCLAIMER: This course is for educational purposes only. Use at your own risk. You must have an explicit authorization to use these techniques and similar ones on assets not owned by you. The author holds no legal responsibility whatsoever for any unlawful usage leveraging the techniques and methods described in this course.

If you like the course, please give a rating and recommend to your friends and colleagues.

Content

Introduction and Cross-Site Scripting Kickstart

Welcome to the course
Cross-Site Scripting (XSS) Theory
XSS Demo 1 - Session Hijacking
XSS Demo 2 - Keylogger
Test your knowledge

OWASP and OWASP Top 10

What is OWASP?
OWASP Top 10 Web Security Risks
Quick read : What is OWASP Top 10 ?

Setting Up The Lab Environnment

Download and Install OWASP BWA Bundle
Prepare Kali Linux Virtual Machine
Use Burp Suite and OWASP ZAP Proxies

Understanding and Using Common Techniques

Command injection Theory
Command Injection Demo 1 - Access System Users
Command Injection Demo 2 - Remote Code Execution
SQL Injection Theory
SQL Injection Demo 1 - Steal Users' Credentials
SQL Injection Demo 2 - Blind SQL Injection
Test your knowledge
Cross-Site Request Forgery (CSRF) Theory
CSRF Demo - Change Victim's Password
Information Disclosure
Test your knowledge
Path Traversal and File Inclusion Theory
Path Traversal Demo - Access System Users
File Inclusion Demo - Remote Code Execution Using Webshell
Session Management Flaws - Theory
Session Management Flaws Demo - Predicting Session IDs
Test your knowledge
XML External Entities Injection Theory
XEE Demo - Access System Users
Recon and Scanning Theory
Reconnaissance Demo - Recon Tools
Scanning Demo Part 1 - Scan Tools
Scanning Demo Part 2 - Scan Tools

Concluding Observations

Conclusion

Screenshots

OWASP Top 10: Comprehensive Web Application Security - Screenshot_01OWASP Top 10: Comprehensive Web Application Security - Screenshot_02OWASP Top 10: Comprehensive Web Application Security - Screenshot_03OWASP Top 10: Comprehensive Web Application Security - Screenshot_04

Reviews

Vasyl
June 22, 2023
Good material and good explanations, though requires little bit more initial knowledge than I expected. Some technical explanations hard to follow since some things are presented as something obvious (however for some people those are not). On the other hand, I appreciate the approach used to explain. I'd like author not to skip some topics that are "self-explanatory", at least to explain that, for example, you not only need to log stuff, but what can happen if you don't, how the log could be compromised etc.
Lalitha
November 24, 2022
It will be great if we have demo right here instead of different websites. I was not fan of using those websites due to security issues.
Roicel
October 6, 2022
The course is good to start understanding the top vulnerabilities and see how to exploit them with practical exercises. One thing I think can be improved is the instalation of tools in section3. Maybe doing a video explaining how to install and configure them. But a good course in general.
Mikey
February 11, 2022
videos with terminal commands are hard to read, should use a much bigger font with better contrast Quiz 1 had a completely silly question
Kamil
January 27, 2022
Overall good, a bit too slow speech (had to watch at x1.75 to be comfortable), sometimes a bit more explanation would be good. But the whole OWASP concept is nicely introduced and good examples of way to break vulnerabilities are shown
Prajjwal
June 4, 2021
For me explanation of CSRF was not very clear even after watching same lecture multiple times. I think a flow diagram would be great.

Charts

Price

OWASP Top 10: Comprehensive Web Application Security - Price chart

Rating

OWASP Top 10: Comprehensive Web Application Security - Ratings chart

Enrollment distribution

OWASP Top 10: Comprehensive Web Application Security - Distribution chart

Related Topics

2661374
udemy ID
11/18/2019
course created date
2/25/2021
course indexed date
Bot
course submited by