Udemy
    •  
    •  
    •  
    •  
    •  
    •  
    •  
    •  
Turn what you know into an opportunity and reach millions around the world.
Learn More
Your cart is empty.
Keep shopping
OWASP Top 10: Comprehensive Web Application Security
Rating: 4.3 out of 5(1,125 ratings)
3,396 students

OWASP Top 10: Comprehensive Web Application Security

Master OWASP vulnerabilities & Hacking techniques : SQL injection, XSS, CSRF, RCE, XEE, Broken Authentication, and more
Created byTaoufik Z.
Last updated 3/2026
English

What you'll learn

  • You'll understand OWASP Top 10 Web Application Security Risks
  • You'll conduct attacks on Web Applications by exploiting OWASP vulnerabilities
  • You'll be able to identify and exploit OWASP vulnerabilities such as: SQL injection, XSS, CSRF, RCE, Broken Authentication, Sensitive Data Exposure, etc.
  • You'll explore how Penetration Testing is done on Web Applications
  • You'll learn Web Security Fundamentals

Course content

6 sections33 lectures1h 45m total length
  • Welcome to the course0:53
  • Cross-Site Scripting (XSS) Theory2:15
  • XSS Demo 1 - Session Hijacking3:18
  • XSS Demo 2 - Keylogger3:37
  • Test your knowledge

Requirements

  • Basic understanding of networking concepts

Description

Welcome to "OWASP Top 10: Comprehensive Web Application Security"

In this course, we will explore together the most common attacks against web applications, referred to as OWASP TOP 10, and learn how to exploit these vulnerabilities so that you have a solid background in order to protect your assets. You will:

- Discover OWASP Top attacks and how they are performed and the tricks and techniques related to them.

- Do extensive exercises on DVWA (Damn Vulnerable Web Application) and OWASP BWA (Broken Web Applications) to see in actual practice how to attack live systems and what goes on behind the scenes.

- Learn to get information about a target domain and search for potential victims.

- See the tools most used by hackers of all levels grouped in one place; the Kali Linux distribution.

- Code some of your own scripts to get you started with advanced penetration where you will need to forge you own tools.

Some of the attacks you'll see are: SQL Injection, Command Injection, Cross-site Scripting, Cross-sitr Request Forgery, Path Traversal, File Inclusion, etc.


DISCLAIMER: This course is for educational purposes only. Use at your own risk. You must have an explicit authorization to use these techniques and similar ones on assets not owned by you. The author holds no legal responsibility whatsoever for any unlawful usage leveraging the techniques and methods described in this course.

If you like the course, please give a rating and recommend to your friends and colleagues.

Who this course is for:

  • IT Security practitioners that want to advance in their careers and learn specialized topics
  • Developers who want to gain experience in application security
  • Network Engineers who want to transition into cybersecurity roles
  • Cyber Security Managers who want to understand penetration testing, OWASP top 10, application testing, etc.
  • Penetration Testers who want to learn penetration techniques for web applications