Get an overview of the #3 and #4 top software vulnerabilities—injection and insecure design—described in the 2021 OWASP Top 10.
OWASP Top 10: #3 Sensitive Data Exposure and #4 External Entities (XXE)
Overview
Syllabus
Introduction
- 2021 OWASP Top 10
- What you should know
- What is injection?
- Example #1: 2008 Heartland data breach
- Example #2: 2020 Accellion data breach
- Prevention technique #1: Prepared statements
- Prevention technique #2: Input validation
- Prevention technique #3: Escape special characters
- What is insecure design?
- Real-world example #1: G Suite accounts in 2018
- Real-world example #2: 2021 manufacturing data risk report
- Prevention technique #1: Threat modeling
- Prevention technique #2: Secure design patterns and principles
- Prevention technique #3: Secure development lifecycle
- Next steps
Taught by
Caroline Wong
Related Courses
-
OWASP Top 10 - A4:2017 - XML External Entities
-
OWASP Top 10 Vulnerabilities Course (How To)
-
OWASP Top 10: Injection Attacks
-
Secure Coding: Identifying and Mitigating XML External Entity (XXE) Vulnerabilities
-
OWASP Top 10 - A04:2021 - Insecure Design
-
OWASP Top 10 - A05:2021 - Security Misconfiguration
