Course: OWASP Top 10

Details
In this OWASP training course you get an introduction about the OWASP project and the OWASP top 10. The course is specifically developed in regards to the 10 threats. You will learn to identify these threats at an early stage. This course introduces you to the top 10 based on the .NET Framework.
Result
After completing this course you are familiar with the OWASP Top 10.
Prerequisites
There is no specific knowledge required.
Target audience
Security Specialist
Content
OWASP Top 10
Introduction to OWASP and the Top 10
- start the course
- describe the history of the OWASP Project
- describe the OWASP Top 10 list and recognize its patterns in your own applications
- describe how the A1 exploit works in practice
- identify what the A1 exploit relies on to work
- describe how the A2 exploit works in practice
- identify what the A2 exploit relies on to work
- describe how the A3 exploit works in practice
- identify what the A3 exploit relies on to work
- describe how the A4 exploit works in practice
- identify what the A4 exploit relies on to work
- describe how the A5 exploit works in practice
- identify what the A5 exploit relies on to work
- describe how the A6 exploit works in practice
- identify what the A6 exploit relies on to work
- describe how the A7 exploit works in practice
- identify what the A7 exploit relies on to work
- describe how the A8 exploit works in practice
- identify what the A8 exploit relies on to work
- describe how the A9 exploit works in practice
- identify what the A9 exploit relies on to work
- describe how the A10 exploit works in practice
- identify what the A10 exploit relies on to work
- compare authentication and authorization
- define the Defense in Depth principle
- identify the OWASP Top 10 exploits in a real-world scenario
OWASP Mitigations for .NET
- start the course
- recognize how error message handling can be exploited and how to deal with this
- recognize how to encrypt relevant sections of the .NET configuration files
- recognize how to handle security when using NuGet packages
- describe when and how to use encryption in .NET
- recognize how asymmetric encryption works in .NET
- describe how to mitigate against command injection at the base .NET Framework level
- describe SQL Injection and how to mitigate against it
- identify the SQL Server authentication models
- identify mitigations to Insecure Direct Object Reference at the database level
- describe password hashing and its application
- describe how inadequately releasing types can lead to Denial of Service
- describe CORS Preflight requests and how to secure them in ASP.NET Web API
- recognize where and how to implement authorization in ASP.NET Web API
- recognize where and how to implement authorization in WCF
- identify the authentication types in web-hosted .NET projects and configure them in IIS and in configuration files
- recognize the impacts of various web.config file settings
- describe SSL/HTTPS security
- describe how to mitigate web parameter tampering in ASP.NET MVC and JavaScript
- describe JavaScript behaviors that can lead to security breaches and how to mitigate against them
- describe how to appropriate encode output into a page to avoid script injection, XSS, and other exploits
- recognize how the built-in validation capabilities in ASP.NET and ASP.NET MVC protect against attacks
- describe how session state works in ASP.NET and ASP.NET MVC
- implement password policies in ASP.NET and ASP.NET MVC
- describe multi-factor authentication and how it can be implemented in ASP.NET MVC
- list appropriate approaches to capturing, storing, validating, and resetting user passwords
- describe the HttpOnly Cookie Flag and how to apply it in ASP.NET and ASP.NET MVC
- use the Microsoft Anti-cross Site Scripting Library
- implement authorization in ASP.NET MVC
- allow your users to authenticate against external login providers like Microsoft, Twitter, Facebook and Google
- identify mitigations for OWASP Top 10 violations in a given scenario
Course options
We offer several optional training products to enhance your learning experience. If you are planning to use our training course in preperation for an official exam then whe highly recommend using these optional training products to ensure an optimal learning experience. Sometimes there is only a practice exam or/and practice lab available.
Optional practice exam (trial exam)
To supplement this training course you may add a special practice exam. This practice exam comprises a number of trial exams which are very similar to the real exam, both in terms of form and content. This is the ultimate way to test whether you are ready for the exam.
Optional practice lab
To supplement this training course you may add a special practice lab. You perform the tasks on real hardware and/or software applicable to your Lab. The labs are fully hosted in our cloud. The only thing you need to use our practice labs is a web browser. In the LiveLab environment you will find exercises which you can start immediately. The lab enviromentconsist of complete networks containing for example, clients, servers,etc. This is the ultimate way to gain extensive hands-on experience.
Sign In
WHY_ICTTRAININGEN
Via ons opleidingsconcept bespaar je tot 80% op trainingen
Start met leren wanneer je wilt. Je bepaalt zelf het gewenste tempo
Spar met medecursisten en profileer je als autoriteit in je vakgebied.
Ontvang na succesvolle afronding van je cursus het officiële certificaat van deelname van Icttrainingen.nl
Krijg inzicht in uitgebreide voortgangsinformatie van jezelf of je medewerkers
Kennis opdoen met interactieve e-learning en uitgebreide praktijkopdrachten door gecertificeerde docenten
Orderproces
Once we have processed your order and payment, we will give you access to your courses. If you still have any questions about our ordering process, please refer to the button below.
Een zakelijk account aanmaken
Wanneer u besteld namens uw bedrijf doet u er goed aan om aan zakelijk account bij ons aan te maken. Tijdens het registratieproces kunt u hiervoor kiezen. U heeft vervolgens de mogelijkheden om de bedrijfsgegevens in te voeren, een referentie en een afwijkend factuuradres toe te voegen.
Betaalmogelijkheden
U heeft bij ons diverse betaalmogelijkheden. Bij alle betaalopties ontvangt u sowieso een factuur na de bestelling. Gaat uw werkgever betalen, dan kiest u voor betaling per factuur.

Cursisten aanmaken
Als u een zakelijk account heeft aangemaakt dan heeft u de optie om cursisten/medewerkers aan te maken onder uw account. Als u dus meerdere trainingen koopt, kunt u cursisten aanmaken en deze vervolgens uitdelen aan uw collega’s. De cursisten krijgen een e-mail met inloggegevens wanneer zij worden aangemaakt en wanneer zij een training hebben gekregen.
Voortgangsinformatie
Met een zakelijk account bent u automatisch beheerder van uw organisatie en kunt u naast cursisten ook managers aanmaken. Beheerders en managers kunnen tevens voortgang inzien van alle cursisten binnen uw organisatie.
What is included?
Certificate of participation | Yes |
Monitor Progress | Yes |
Award Winning E-learning | Yes |
Mobile ready | Yes |
Sharing knowledge | Unlimited access to our IT professionals community |
Study advice | Our consultants are here for you to advice about your study career and options |
Study materials | Certified teachers with in depth knowledge about the subject. |
Service | World's best service |
Platform
Na bestelling van je training krijg je toegang tot ons innovatieve leerplatform. Hier vind je al je gekochte (of gevolgde) trainingen, kan je eventueel cursisten aanmaken en krijg je toegang tot uitgebreide voortgangsinformatie.

FAQ
Niet gevonden wat je zocht? Bekijk alle vragen of neem contact op.