Course Summary

The OWASP orginisation regularly posts a list of the top 10 vulnerabilities found on live targets. While this list is very complete and useful it is not very understandeable. As an experienced penetration tester and bug bounty hunter even The XSS Rat had trouble understanding this amazing resource. For this exact reason, he decided to share his research with the world and bring you this desired documentation in an easy to digest manner.

Start From Zero
There’s a very good reason why this is a fundamentals course. I got sick of all these courses overpromising and underdelivering. I want to bring you an easy to understand and directly applicable course to help developers create a more secure environment and pentesters serve their clients better. Bug bounty hunters can learn a thing or two from this course as well as i always keep my fellow hunters in mind when creating these courses.

Prerequisites
You should be familiar using the web browser and have prior knowledge about the HTTP protocol and be able to read HTML.

Beyond the basics
Besides just the basics, we have made sure to go much deeper into every applicable topic to ensure you will leave with more than just the basics.

Course Curriculum

OWASP Mobile top 10
5 Lessons
- M1 2016 Improper Platform Usage 18d0fcc0b3894782a295d467c9438427
  Start
- M2 2016 Insecure Data Storage 6ca60fb5c4bb44449d476225c8809e11
  Start
- M3 2016 Insecure Communication 80f3b2ff1b3149c596fab8a35c30d9fb
  Start
- M4 2016 Insecure Authentication 3249c18182f94ba480f833605d205c36
  Start
- M5 2016 Insufficient Cryptography 35e320de124c41f79eacf5b5769374bf
  Start
OWASP API TOP 10
12 Lessons
- API0 2019 What is an API 7c7d7b55e448404281406520403e5103
  Start
- API1 2019 Broken Object Level Authorization b9ba1165c79345ceb6127a550be0dcd0
  Start
- API2 2019 Broken User Authentication 763174cf1c1a49d885025eac7b914c92
  Start
- API hacking with postman Part 2 - importing the API description
  Start
- API hacking with postman Part 4 - Getting dirty with data sources
  Start
- API hacking with postman Part 3 Pre-request scripts, tests and console
  Start
- API hacking with postman Part 1 - getting the basics down
  Start
- API-firewall webinar rehersal
  Start
- Video: API top 10 - 0 through 3
  Start
- Video: API top 10 - 4 through 7
  Start
- Video: API top 10 - 8
  Start
- Video: API top 10 - 9
  Start
A0.2017 Introduction
2 Lessons
- OWASP Top 10 - Introduction
  Preview
- OWASP Top 10 - Introduction PDF
  Preview
A1.2017 - Injection
3 Lessons
- OWASP Top 10 - Injection
  Preview
- OWASP Top 10 - Injection PDF
  Preview
- A1 Injection - Rebuilt
  Start
A1.2017 - Injection - Practical
6 Lessons
- A1. DVWA-OS command injection
  Start
- A1. Injection - Simple injection
  Start
- A1. Injection - SQLi
  Start
- A1. Injections - XXE
  Start
- A1.Injection - blind command injection
  Start
- Quiz: A1.2017 Injections
  Start
A2.2017 - Broken authentication
2 Lessons
- OWASP Top 10 - Broken authentication
  Start
- OWASP Top 10 - Broken authentication PDF
  Start
A2.2017 - Broken Authentication - Practical
2 Lessons
- A2.2017 - Broken Authenticaton - Demonstated
  Start
- DVWA-Broken authentication
  Start
A3.2017 - Sensitive data exposure
2 Lessons
- OWASP Top 10 - Sensitive data exposure
  Start
- OWASP Top 10 - Sensitive data exposure PDF
  Start
A3.2017 - Sensitive data exposure - Practical
2 Lessons
- A3.2017 - Sensitive information exposure
  Start
- A3.2017_Sensitive_data_expos201720sensitive20data20exposure
  Start
A4.2017 - XXE
2 Lessons
- OWASP Top 10 - XXE
  Start
- OWASP Top 10 - XXE PDF
  Start
A4.2017 - XXE - Extended
6 Lessons
- 0-Into
  Start
- 1-what is XXE
  Start
- 2-Finding attack vectors
  Start
- 3-Exploiting
  Start
- 4-WAFs and filters
  Start
- 5-Tools and prevention
  Start
A4.2017 - XXE - Practical
5 Lessons
- XXE is so much more than just .xml
  Start
- Blind XXE and parameter entities with portswigger burp suite collaborator and labs
  Start
- Ethical hacking tutorial with Portswigger labs_ XXE
  Start
- Chaining XXE into SSRF_ PortSwigger labs
  Start
- 4_XML_eXternal_Entities
  Start
A5.2017 - Broken Access Control
5 Lessons
- OWASP Top 10 - Broken Access Control
  Start
- OWASP Top 10 - Broken Access Control PDF
  Start
- BAC
  Start
- BAC - Slides
  Start
- BAC
  Start
A6.2017 - Security misconfigurations
2 Lessons
- OWASP Top 10 - Security misconfigurations
  Start
- OWASP Top 10 - Security misconfigurations PDF
  Start
A6.2017 - Security misconfigurations - Practical
1 Lesson
- A6.2017 Security misconfigurations
  Start
A7.2017 XSS
9 Lessons
- OWASP Top 10 - XSS PDF
  Start
- OWASP Top 10 - XSS
  Start
- Ultimate XSS guide (1)
  Start
- Advanced XSS techniques
  Start
- Testing for reflected XSS
  Start
- WAF bypass techniques
  Start
- XSS Filter evasion techniques
  Start
- DVWA - stored xss
  Start
- DVWA-Reflected XSS
  Start
A8.2017 - Insecure Deserilizations
2 Lessons
- OWASP Top 10 - Insecure Deserilizations
  Start
- OWASP Top 10 - Insecure Deserilizations PDF
  Start
A9.2017 - Using components with known vulnerabilities
3 Lessons
- OWASP Top 10 - Using components with known vulnerabilities
  Start
- OWASP Top 10 - Using components with known vulnerabilities PDF
  Start
- A9. Exploit-db examples
  Start
A10.2017 - Insufficient logging and monitoring
2 Lessons
- OWASP Top 10 - Insufficient logging and monitoring
  Start
- OWASP Top 10 - Insufficient logging and monitoring PDF
  Start
How do i prevent .. as a developer
3 Lessons
- A1. How to prevent SQLi
  Start
- A1. How to prevent OS command injection
  Start
- A2. How to protect from broken authentication
  Start

All Courses

Category

Hackers Academy $34.99

Privilege Escalation for OSCP and Beyond - Bundle!

Learn Linux and Windows privilege escalation and save more with the bundle!

Tib3rius $19.99

Windows Privilege Escalation for OSCP & Beyond

Finding and exploiting Windows vulnerabilities and misconfigurations to gain an administrator shell.

Hackers Academy $24.99

Wi-Fi Cracking

Learn how to hack Wi-Fi networks by cracking WEP, WPA and WPA2

Tib3rius $19.99

Linux Privilege Escalation for OSCP & Beyond

Finding and exploiting Linux vulnerabilities and misconfigurations to gain a root shell.

Hackers Academy $67.99

Hacking With Kali Linux

#1 Ranking Kali Linux Tutorial!

Hackers Academy $29.99

Hacking For Beginners

Start from absolute scratch!