Description

This course will teach you the10 most common threats identified by theOpen Web Application Security Project (OWASP). At the end of the course you will understand:1) what the top10threats and are, 2) the impact per threatfor your business3) how these threats can be executed by attackers4)how these threats can be mitigatedYou will able to understand the above-mentioned points withouthavingto understandcode…For your convenience I’ve combined the OWASP 2017 and OWASP 2013 top 10 list into a single list of 10 common threats.How is that possible?The threats are explained conceptually, sincethe implementation of a threat maydiffer per situation.Therefore,having a general understanding of the threats, its implications and potential solutions will provide you with the essential knowledge to mitigate the impact of these threats.So, after following this course amI able to develop code-based solutions for the top 10 threats?No. This course will teach you the basic concepts behind the 10 most commonthreats so that you can critically question and discuss thesesecurity issues withsoftware/operational engineers.Uhm, after following this course I’m a full-fledged security expert, right?Depends on the knowledge of the person that is judging your expertise. Most likely this won’t be the case.What!?! Why should I enroll?Only enroll when you are new to secure coding, secureweb developmentandwant a complete beginners perspective on web application security. This course is specifically developed for:- (Project) managers that lead software projects, but have no clue howsoftware engineerscouldmitigate potential security issues- Recruiters hiring software engineers- Software engineers that want to refresh their knowledge on web applicationsecurity- Anyone interested in the basics of web application security, explained in laymans termsOk, but there is already a lot of information on OWASP available on the web. So,whats in it for me?I thought you would never ask!This course differentiate itself from existing availableinformation because:- Existing OWASP documentation is technical and therefore difficult to comprehend (I’ll include some examples oftechnical documents as a resources that you may download).- Unlike most other courses, you may actually claim 1 Continuing Professional Education (CPE) after finishing this course completely- I’ll update this course with new videoson request oras significantsecurity issues surface that haveimportant implicationsfor managers. Thus, over timethis course maybecome your one-stop security education!- I’ve included lots of documentsthat explain detailedmitigation strategies. Please note that these documents contain code and are therefore more suited for people that are implementing or testing security fixes.- I’ve included lots of links to websites that providecomprehensive background information.- That’s not it, there is more… BONUS Material:- Defense in depth- Basicexplanation ofSTRIDE (spoofing, tampering, repudiation, information disclosure,denial of service, elevation of privilege).- Overview of asecure software development process- Frequently asked questions. Ask a securityquestionand I’ll answer it witha video.Why include bonus material, is the main course not exciting enough?Again, excellent question!Getting security right goes well beyond web application security. With the bonus material, I would like to inform you about the complementary measures that should be taken into account.Im fullyconvinced of the benefits, but I dont see why I should learn all this from you.True, let me explain by giving you an overview of my experience: – Parttime PhD Candidate (6 years – present). I read the science, you’ll get the knowledge! What more do you want?- Security operations manager (present). Acting as a security liaison on strategic accounts, I monitor the security of 2500+ workstations, 500+ servers and 10+ firewalls and routers, report on the operational security status of European and Dutch law and integrate intelligence results from AVDS, Check Point, Nagios, Nessus, Palo Alto Traps,SCCM, SCEP, SEP, SCOM and SIEM;- Software quality consultant (6,5 years). I’ve advised many managersoflarge /small IT projects on various software related aspects;- IT auditor (1 year).I have closely worked with accountants andaudited large governmental IT projects;- Quality assurance engineer (3 years). I haveimplementedlarge IT systems forlargecompanies.You can find more details on LinkedIn on or my profile.Go ahead and click the enroll button, and I’ll see you in lesson 1!Cheers,Soerin