Lesson 04 - OWASP Top 10 Basics

AppSec Starter is a basic application security awareness training applied to onboarding new developers. It is not the purpose of this training to discuss advanced and practical topics. Conviso has customized training and practical training platforms.

Training recorded by Nicolas Schmaltz and copyright reserved to Conviso Application Security S/A.

Lesson 4 Contents:

Introduces what is the Open Web Application Security Project (OWASP) and the OWASP Top 10 project:

  • Injection
  • Broken authentication and session management
  • Sensitive data exposure
  • XML external entity (XXE)
  • Broken access control
  • Security misconfiguration
  • Cross-site scripting(XSS)
  • Insecure deserialization
  • Using components with known vulnerabilities
  • Insufficient logging & monitoring