
Discover OWASP, a global non-profit that makes software security visible through free wiki-based resources, diverse security projects, and the flagship top ten project.
Explore the OWASP top ten threats to understand the major risks in web application security and raise awareness of vulnerabilities.
Learn about broken authentication and session management, a high-impact OWASP top ten risk, and how threat analysis, mitigations, and ASVS guide secure authentication and session controls.
Apply the OWASP application security verification standard to probe a web application for potential risks, check all items, stay a jump ahead of attackers, and ensure your website is secure.
Analyze a simple ASP.NET Web Forms app to understand cookieless session risks, session hijacking via session IDs, and how built-in identity plus OWASP v2 checks mitigate these threats.
Explore how security misconfiguration expands the attack surface in software built with libraries and frameworks on operating systems, and learn where to lock down configurations.
Explore how security misconfiguration spans the full stack, why default settings and unpatched software create attack surfaces, and how repeatable hardening, patch management, and cross‑team collaboration mitigate risks.
Explore how security misconfiguration drives risk in the OWASP top ten and learn how to manage it using OWASP projects, and volunteer to help improve the web.
Apply least privilege and keep libraries up to date to reduce misconfiguration risks. Encrypt sensitive data, limit error information, and use web.config practices and NuGet to secure ASP.NET apps.
Explore sensitive data exposure risks across data at rest and in motion, emphasizing encryption, secure key management, and TLS/HTTPS protection for end-to-end security.
The OWASP: Threats Fundamentals course is part of a series of training courses on the Open Web Application Security Project (OWASP). This course covers the fundamental concepts and techniques to identify different types of threats. The course also teaches the students to improve the security by avoiding misconfigurations, data exposure and insecure cryptography.
The OWASP Foundation was established with a purpose to secure the applications in such a way that they can be conceived, developed, acquired, operated, and maintained in a trusted way. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security. This course along with the other courses in the series on OWASP provides a basic overview of the concepts that form an integral part of the OWASP core values.