OWASP Top 10 Overview

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
12 hours 57 minutes
Difficulty
Intermediate
CEU/CPE
13
Video Transcription
00:00
>> When it comes to understanding application security,
00:00
there is no better source of
00:00
information than the OWASP Top 10.
00:00
In this lesson, we're going to talk about
00:00
the origins of the OWASP Top 10,
00:00
the threats in the OWASP Top 10,
00:00
and the importance of the OWASP Top 10.
00:00
What is the OWASP Top 10?
00:00
OWASP stands for Open Web Application Security Project.
00:00
It's a community developed project
00:00
that enables organizations
00:00
to maintain the standards for application security.
00:00
It's a survey that's sent out,
00:00
the last one was in 2017.
00:00
It send out to developers and security professionals.
00:00
Based on the results of the survey,
00:00
they create a top 10 ranking of
00:00
the most prevalent application security risks.
00:00
In 2017, the risks were as follows; injection,
00:00
broken authentication, sensitive data
00:00
exposure, XML, external entities,
00:00
broken access control, security misconfiguration,
00:00
cross-site scripting, insecure deserialization,
00:00
using components with known vulnerabilities,
00:00
and insufficient logging and monitoring.
00:00
Now many of these vulnerabilities
00:00
may already look familiar to
00:00
you from different aspects
00:00
of past domains that we've gone through.
00:00
However, we're going to go into many
00:00
of these items in detail.
00:00
Although the details of the vulnerabilities may
00:00
be a little more than what you'll need
00:00
to know for the CCSP.
00:00
The controls that are used to
00:00
address and mitigate many of
00:00
these vulnerabilities in web applications
00:00
will definitely appear on the exam,
00:00
and you should always keep them in the back of
00:00
your mind when developing effective defense
00:00
in depth when it comes to securing
00:00
software development in the Cloud.
00:00
Quiz question. Which of
00:00
the following is not in the OWASP Top 10?
00:00
Injection, broken authentication,
00:00
or denial of service.
00:00
If you said denial of service, you're correct.
00:00
Injection, specifically code injection,
00:00
I believe was the first one.
00:00
Then there's broken authentication.
00:00
At this point, we've covered many of the concepts
00:00
in Identity and Access Management, IAM.
00:00
You'll be familiar with
00:00
the terminology necessary to understand
00:00
the mechanisms for how
00:00
authentication is broken in web applications.
00:00
In summary, we've talked about the OWASP Top
00:00
10 and the importance of the OWASP Top 10.
00:00
This really provides a concise blueprint
00:00
of the major applications security vulnerabilities,
00:00
specifically for web applications that are out there.
00:00
Understanding the vulnerabilities in
00:00
depth will help you gain
00:00
a more robust understanding of
00:00
how software becomes insecure,
00:00
as well as the steps to take to protect
00:00
your organization and your software in
00:00
the Cloud from being exploited.
00:00
See you in the next lesson.
Up Next