OWASP Top Ten Secure Development Training
A first step towards secure code
Overview
Introduction
Updated for the new OWASP Top Ten 2021!
The OWASP Top Ten 2021 is a great place to start when learning about application security. OWASP is the Open Web Application Security Project and is a non-profit organisation that aims to educate individuals and organisations about web application security. They organise events, sponsor projects and run local chapter meetings to promote awareness of both offensive and defensive application security techniques.
Every three years (roughly) they publish something called the OWASP Top Ten which is a list of the ten web application security flaws developers should prioritise. This is based on a combination of data from real world breaches, findings from penetration testing companies like ours and strategic input from application security specialists. Defence against these issues is intended as a good first step to secure software.
Our training
Our OWASP Top Ten for Developers training is an intensive half-day workshop that aims to provide developers with an understanding of these weaknesses, how they manifest themselves, how hackers find them and what the impact can be and then, most importantly, we explain how to code defensively to prevent these weaknesses. We explain what works and what doesn’t and some common issues we encounter during our penetration testing engagements.
Benefits
Reduce Security Bugs
Get your developers up to speed on common application security issues and start to reduce the number of bugs in your software.
Reduce Security Testing Costs
Remove common issues earlier in the Software Development Lifecycle and save time and money on costly fixes once the pentesters have reviewed your application
Compliance
Our OWASP Top Ten Secure Development training helps you meet your compliance requirements. For example, this workshop addresses PCI DSS requirement 6.5.
Raise Awareness
Your development team is focused on functional delivery. By raising awareness of malicious attack techniques through demonstration your developers can factor this knowledge into software design decisions. Result = more secure software.
What To Expect
Overview
The workshop runs for half a day, typically 3 to 4 hours, though it can be extended by incorporating more practical examples if desired. The course can be delivered online via Google Meet or Zoom, on site at your preferred location internationally or in a hybrid manner with some delegates attending online and some in-person. This is very common now with the widespread change to working arrangements since the pandemic.
Workshop Outline
Our workshop walks attendees through the recently updated OWASP Top Ten 2021. Each issue is introduced, practical examples are given using our application security labs to show the potential impact, then defensive approaches are discussed. The workshop covers the following issues:
- A1 – Broken Access Control
- A2 – Cryptographic Failures
- A3 – Injection
- A4 – Insecure Design
- A5 – Security Misconfiguration
- A6 – Vulnerable and Outdated Component
- A7 – Identification and Authentication Failure
- A8 – Software and Data Integrity Failure
- A9 – Security Logging and Monitoring Failure
- A10 – Server Side Request Forgery
Requirements
There are only three requirements we have for delivering the workshop at your office:
- Projector with VGA or HDMI connector
- Power
- Internet access for our trainer
Resources
OWASP Top Ten Secure Development Workshop Overview
Download the information on this OWASP Top Ten Secure Development Workshop as a PDF.
Next Steps
3 Warren Yard, Warren Park, Stratford Road, MILTON KEYNES MK12 5NW, England