OWASP

Course
Time
4 hours 32 minutes
Difficulty
Beginner
CEU/CPE
5

Video Transcription

00:00
Hey, everyone, welcome to the old glass. Top 10 course were specifically covering the 2017 Awad's top 10. My name is Ken Underhill. I'll be your instructor. I've also had a couple of teaching assistants that I'll give a quick shout out to a CZ well, and you'll hear me talk about them throughout this course. They helped me build out some of the questions as well as some of the other supplemental material for the course,
00:20
and also help me with some of the research. So I want to give them a quick shadow.
00:23
Carry LeBlanc as well as Martincova will not talk about them a little later on in the course.
00:29
So in this video, we're gonna talk about the core structure, Will also talk about who I am is your instructor as well as some of the topics we're gonna cover in this particular course.
00:39
So the main objectives for this entire course are we're gonna learn what the glass top 10 for 2017 is. We'll talk about also the differences between the 2013 version and the 2017 version of the old glass top 10
00:53
So prerequisites. Well, technically, there are none. However, you probably wanna have some basic networking knowledge, some operating system, wet security databases, that sort of stuff. That'll be beneficial for the course. However again, this course is really I try to keep it at a high level, an introduction type course that anyone can take.
01:11
Who am I? Why do you care? Right? Hopefully you care s Oh, my name is Ken Underhill. As I mentioned before on the master instructor. A cyber ery. I'm also agent professor of digital forensics. I hold the Masters in cyber security and Information Assurance, as well as an undergraduate degree in cyber security management information systems.
01:29
Certification wise. Right now, I hold the certified ethical hacker as well as in computer hacking. Forensic investigator Certs from E C Council. I'm actually studying for my company a pen test. Plus, right now and a little later on this year, some Amazon Certs and we'll see what else gets on the horizon.
01:46
I've also reviewed the Survive ethical hacker exam for easy counsel as well as I've written questions for the EEC counsel computer hacking, forensic investigator exam now, of course, I cannot give you the answers for that exam, eh? so please don't ask.
02:01
All right. So what are we covered in this course?
02:04
So no much of warning module 12 are just gonna be basically the introduction in court summary. And I'm just very high level overview type of stuff
02:10
and then modules two through 11 we're gonna cover the Awad's top 10 from 2017. So we're gonna cover injection, broken authentication, sensitive data exposure, XML, external entities or more commonly called XXI. Broken access, control, security, Miss Configurations We're gonna cover across state scripting, which many people have probably heard about that in the media, at least.
02:30
Insecurity serialization. We're also gonna talk about what serialization is. So you can understand when we talk about insecurity serialization.
02:37
We're also gonna talk about using components with known vulnerabilities, and then we'll wrap it up with insufficient logging and monitoring.
02:44
So how is this core structure? Well, we've got the on demand video, so I try not to kill you with the death by power point stuff. So I try to keep the power points basically 10 minutes or less on, and then we jump into laps. So we do have labs. I tryto we do have at least one lab for every single module, so you could get a little hands on. Um,
03:02
and I'm just that type of learner. I like doing hands on stuff, so
03:05
I try to include that for everybody else,
03:07
and then we've got a ton of supplemental resource is for you. So every single lab we've built out of step by step guide for you so you can download it, look through it, practice the lab on your own, and then also watch the video as well as I go through it. Step by step for you.
03:21
In addition to the lab, step by step, sui fossil got things like quiz questions to help you practice. All these PowerPoint slides that'll use throughout the course are there in the supplement of resource is a CZ well, as some other helpful information.
03:35
So just a quick post assessment question here. This one's pretty easy if you're a parent paying attention.
03:38
So in the past, I have written questions for cop Tia. Is that true or false?
03:46
All right. So if you were paying attention, you know, the answer there is false. I've actually written questions for easy counsel, but not come to you
03:53
All right. So in this video, we just talked about who I am. Is your instructor. We talked about the overarching course objectives. We also talked about the core structure and some of the topics that we're gonna cover As far as the old boss. Top 10 is concerned.
04:05
In the next video, we're gonna talk about the differences between the OAS top 10 for 2013 versus the one that we're covering this course for 2017.

Up Next

OWASP

Established in 2001, the Open Web Application Security Project (OWASP) offers free security tools and resources to help organizations protect critical apps. Cybrary’s OWASP training course covers the organization’s popular “Top 10” risk assessment.

Instructed By

Instructor Profile Image
Ken Underhill
Master Instructor at Cybrary
Master Instructor