What you'll learn

The OWASP 10 Vulnerabilities
How Vulnerabilities are Exploited
Solutions and Preventions of the OWASP 10
Tools such as Hacksplaining and WebGoat

Course content

4 sections • 33 lectures • 3h 6m total length

Introduction4:07
Connect with Me1:05

A01:2025 Broken Access Control8:27
A02:2025 Security Misconfiguration2:39
A03:2025 Software Supply Chain Failures6:33
Explore software supply chain failures, including dependency hijacking, unsigned updates, and CI-CD compromises, and learn how to protect ecosystems with digital signatures and SBOMs.
A04:2025 Cryptographic Failures2:28
A05: 2025 Injection3:59
Understanding SQL and Databases9:05
SQL Injection Attacks16:25
Cross Site Scripting Attacks7:53
A06: 2025 Insecure Design9:12
Explore insecure design and threat modeling to prevent software vulnerabilities, using stride methodology and data classification within the six-phase software development cycle.
A06: 2025 Insecure Design Prevention4:13
A07: 2025 Authentication Failures10:04
Identify and prevent authentication failures by securing passwords, session tokens, and login processes. Address brute force, weak passwords, insecure credential recovery, knowledge-based questions, and phishing risks.
A07: 2025 Authentication Failures Prevention2:47
A08: 2025 Software & Data Integrity Failures2:28
A08: 2025 Software & Data Integrity Failures Prevention2:01
Protect software and data integrity by using digital signatures, adopting dependency checks from OWASP, enforcing code reviews, and applying integrity checks before sharing data with untrusted parties.
A09: 2025 Security Logging & Monitoring Failures8:15
Learn how security logging and monitoring failures leave breaches undetected, due to insufficient monitoring, missing logins and transactions, warnings, false positives, and poor escalation and real time alert practices.
A09: 2025 Security Logging & Monitoring Failures Prevention3:09
A10:2025 Mishandling of Exceptional Conditions9:36

Section Intro1:14
Explore the updated OWASP top ten api security risks for 2023–2027 and understand how api vulnerabilities differ from traditional web app risks.
Introduction to APIs8:43
API Endpoints3:24
API1:2023 Broken Object Level Authorization (BOLA)6:48
Identify broken object level authorization (bola) vulnerability, where missing authorization checks on object IDs in requests enable access to resources, with examples like admin vs user and vin-based vehicle controls.
API2:2023 Broken Authentication6:32
API3:2023 Broken Object Property Level Authorization5:26
API4:2023 Unrestricted Resource Consumption11:03
API5:2023 Broken Function Level Authorization4:04
API6:2023 Unrestricted Access to Sensitive Business Flows6:13
API7:2023 Server Side Request Forgery4:45
API8:2023 Security Misconfiguration2:33
API9:2023 Improper Inventory Management6:46
API10:2023 Unsafe Consumption of APIs3:57

Requirements

Basics of Cyber Security is Required

Description

Welcome to the OWASP Top 10 deep dive course where you will learn in full detail, the top ten vulnerabilities that applications face today.

The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications and has become such an important cyber security resource today.

Unlike other courses that take a lazy approach to describing these security risks, this course analyzes each vulnerability in full detail by describing

What exactly the vulnerabilities are
How they are exploited by attackers
How they can be prevented
Real world cases and scenarios where such vulnerabilities have been exploited
Practical demonstrations of the exploits where possible

We will be making use of some third party applications where applicable to perform some practical examples of some of these vulnerabilities. I will also describe real world cyber attacks that have exploited some of these security risks whenever possible to add some more context.

We will also make use of some third party applications to try out some of these security risks and see how they are actually exploited in a real cyber attack.

I hope to see you inside the course.

Alex.

Who this course is for:

Cyber Security Professionals
Cyber Security Students

What you'll learn

Explore related topics

Course content

Introduction2 lectures • 5min

OWASP Top 1017 lectures • 1hr 49min

OWASP Top 10 API Security Risks – 202313 lectures • 1hr 11min

Conclusion1 lecture • 1min

Requirements

Description

Who this course is for: