Checking your Application Against the OWASP Top 10 Security Risks

Webinar Registration

Web application security is complex for a number of reasons. First of all, there’s all the components involved:

Browsers
Web server
Database server(s)
Server-side code of the application itself
Server-side components, libraries and frameworks used by the application
Client-side code of the application itself in the form of javascript, css and html
Client-side components

There’s potential for vulnerabilities every step of the way and bad guys often exploit subtle combinations of these technologies operating on different planes of execution. Take for instance SQL Injection. The vulnerability affects the database but the mitigation must be implemented in the server-side web application.

Some threats are easy for non-developers to understand and mitigate – such as missing patches or security misconfigurations. But many web application threats are deeply rooted in the code and architecture of the application itself and are a challenge to understand without coding knowledge and insight into how modern web applications work.

The non-profit OWASP Foundation is focused on web application security and they maintain a free, well-researched and technical document valuable to this discussion: OWASP Top 10 - The Ten Most Critical Web Application Security Risks which is updated each year. But it can be difficult to use this document if you aren’t an active web developer. Here’s a quick rundown on the Top 10:

Injection
Broken Authentication
Sensitive Data Exposure
XML External Entities (XXE)
Broken Access Control
Security Misconfiguration
Cross-Site Scripting (XSS)
Insecure Deserialization
Using Components with Known Vulnerabilities
Insufficient Logging & Monitoring

In this real-training-for-free webinar, I will take you through the current OWASP Top 10 with the goal of helping technical infosec pros (the heart of the UWS audience) who aren’t web developers to understand each risk and provide a road map of what it takes to determine if the web applications at your organization are vulnerable.

Rapid7 has agreed to sponsor this event and Garrett Gross, who specializes in web application security, will be helping me with the training. Then Garrett will briefly show you:

Anatomy of an injection attack
- history
- types
- exploitation example
Identifying injection vulnerabilities
- DAST, SAST, RASP vs penetration testing
- modern web app challenges
mitigating injection vulnerabilities
- prepared statements w/ parameterized queries
- stored procedures
- whitelisting input
- escaping user input entirely

Note: This abstract and the OWASP Top 10 document is licensed under a Creative Commons Attribution-ShareAlike 4.0 International license: https://creativecommons.org/licenses/by-sa/4.0/

Please join us for this real training for free session.

First Name:	Required
Last Name:	Required
Work Email:	Required Invalid email address
Phone:	Required
Job Title:	Required
Organization:	Required
Country:	Required
State:	Required
	Your information will be shared with the sponsor. By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us and the sponsor. Tweet

Upcoming Webinars

Anatomy of a Cloud Hack: The Cloudflare/Okta Compromise – A Story of Tokens, Lateral Movement, Persistence and the Salvation of Zero Trust and Hard MFA Tokens

Additional Resources

User name:
Password:
	/ Forgot?
	Register

April 2024 Patch Tuesday	"Patch Tuesday - One Zero Day and Record Number of Patches! " - sponsored by LOGbinder

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.