Offensive Perspective – OWASP Security for Developers | Udemy

Offensive Perspective – OWASP Security for Developers | Udemy
English | Size: 2.07 GB
Genre: eLearning

Develop ”Out-of-box” thinking related to web secure codin and see security from offensive perspective

What you’ll learn
Best practices when it comes to secure coding for web developers
OWASP Top 10 Web vulnerabilities
“Out-of-box thinking” when it comes to exploiting certain vulnerabilities
Learn certain tools and frameworks for offensive perspective

You will learn to protect your web application by attacking it, by performing penetration testing on it. This course is rather theoretical with only some labs and demos.


Develop ”Out-of-box” thinking

See security from an offensive perspective

Learn best security practices and (most and less) common attacks

Learn to defend your applications and infrastructure


Overview of Web Penetration Testing

OWASP Top Ten Web Vulnerabilities

API Top Ten vulnerabilities

HTTP Security Headers

JSON Web Tokens

Technical measures and best practices


Overview of Web Penetration Testing

Core problems

Web Technologies basics

Security Audit vs Vulnerability Assessment vs Pentest

Information Gathering

Scanning and Enumeration

Mapping the target surface

Attacking Users. Cross Site Scripting

Attacking the Server

Attacking Authentication

Attacking Data Stores

Top 10 API Security Vulnerabilities

API Vulnerabilities

Examples of vulnerabilities found in publicly accessible applications

OWASP Top Ten Web Vulnerabilities

A1: Injection

A2 – Broken Authentication and Session Management

A3 – Cross-Site Scripting (XSS)

A4 – Insecure Direct Object References

A5 – Security Misconfiguration

A6 – Sensitive data Exposure

A7 – Missing Function Level Access Control

A8 – Cross-Site Request Forgery (CSRF)

A9 – Using Components with Known Vulnerabilities

A10 – Unvalidated Redirects and Forwards

New Addition in OWASP TOP 10 – 2017

A4 – XML External entities (XXE)

A5 – Broken Access Control

A8 – Insecure Deserialization

A10 – Insufficient Logging & Monitoring

New additions in 2021

Common Vulnerabilities: XSS, SQL Injection, CSRF, XXE, LFI

HTTP Security Headers

Understand HTTP Security Tokens and their role

HSTS – Strict-Transport-Security

CSP – Content-Security-Policy






Cookie flags: HTTPOnly, Secure

JSON Web Tokens

Understanding JSON WEB TOKENS

Token Structure

When can you use JWT


What is JWT good for?

Best Practices for JSON Web Tokens

Technical measures and best practices

Input Validation


Bind Parameters for Database Queries

Protect Data in Transit

Hash and Salt Your Users’ Passwords

Encrypt Data at Rest

Logging – Best practices

Authenticate Users Safely

Protect User Sessions

Authorize Actions


Cryptographic concepts


Cryptography and cryptanalysis tools

Cryptography attacks

Who this course is for:
Developers, Dev(Sec)Ops and software architects mostly
Also useful for system administrators, technical managers and CISO
Ethical Hackers, Penetration Testers, Bug Bounty Fans

If any links die or problem unrar, send request to

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.