Web Application Security (OWASP)
Find and fix the vulnerabilities that matter. Built around the OWASP Top 10, this course teaches secure coding, testing, and code review for web applications and APIs.
Web Application Security (OWASP) is a 36-hour program that teaches you to find and fix the vulnerabilities that actually matter in modern web applications and APIs. Built around the OWASP Top 10, it bridges the gap between development and security.
Who this course is for
It suits developers who want to write secure code, QA and test engineers expanding into security, and security professionals who need to assess web applications. Familiarity with how web applications are built is recommended.
What you will be able to do
You will understand and exploit the OWASP Top 10 vulnerability classes in a safe lab, then learn to prevent them through secure coding patterns. You will test applications and APIs for security flaws, perform effective code review, and integrate security thinking into the development process so vulnerabilities are caught early.
How it is taught
The course alternates between attacking deliberately vulnerable applications and fixing them, so you understand each vulnerability from both sides. This dual perspective — breaking and building — is what makes the learning stick and directly transferable to real projects.
You leave able to build, test, and review web applications and APIs that stand up to real-world attack.
Curriculum
The OWASP Top 10
The most critical web application security risks, explained and demonstrated.
Injection & authentication flaws
Exploiting and preventing the most common high-impact vulnerabilities.
Secure coding patterns
Writing code that is resistant to the OWASP risk classes.
API security
Securing REST and modern APIs against abuse.
Security testing & code review
Finding flaws through testing and effective review.
Frequently asked questions
Do I need to be a developer?
It helps to understand how web applications are built, but the course suits both developers and security professionals. Developers focus on prevention; testers and analysts focus on finding flaws.
Which languages does the course use?
The vulnerability classes and secure-coding principles are language-agnostic, illustrated with common web stacks. The concepts transfer to whatever language you work in.