Secure web course

a., What is security, and who is OWASP?

b., Why is developing the best way to achieve security?

c., Threat modeling: the purpose of threat modeling, components of threat models, and practical threat modeling

a., Developer tools for preventing the following security issues Logging and monitoring problems, use of components with known vulnerabilities, Serialization and deserialization issues, not just web scripting problems (XSS),

b., Incorrect security configurations, poor access control,

c., XML processing issues (XXE), sensitive data disclosure,

d., faulty authentication and session management, injection attacks.

a.,Problems arising from incorrect API usage (SecureRandom), incomplete knowledge of standards (number representation, floating point), exploitation of character encoding

b., Manipulation of server-side requests (SSRF), race conditions in applications

c., (race conditions), buffer overflow attacks

d., Cryptography basics: encryption, decryption, hashing

a., Why is the OWASP Top 10 not enough?

b.,Structure of attacks, how a hacker thinks

c., Developer tools for preventing the following security issues, interesting topics (based on time and audience preference):

• Problems with referenced pages (reverse tabnabbing);
• Manipulation of server-side requests (SSRF);
• HTTP packet smuggling (HTTP request smuggling);
• Race conditions in applications (race conditions);
• Unvalidated redirects;
• Poor use of cryptographic algorithms;
• DoS (+ReDoS)
• ClickJacking;
• cache poisoning;
• buffer overflow attacks.