You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
Web applications are the most common attack surface in modern organisations. This lesson covers the OWASP Top 10 vulnerabilities, practical exploitation techniques, and the tools used by ethical hackers to test web application security.
The Open Web Application Security Project (OWASP) publishes the definitive list of critical web application security risks:
| Rank | Category | Description |
|---|---|---|
| A01 | Broken Access Control | Users acting beyond their permissions |
| A02 | Cryptographic Failures | Weak or missing encryption of sensitive data |
| A03 | Injection | SQL, NoSQL, OS, LDAP injection attacks |
| A04 | Insecure Design | Missing or ineffective security controls by design |
| A05 | Security Misconfiguration | Default configs, open cloud storage, verbose errors |
| A06 | Vulnerable Components | Using libraries with known vulnerabilities |
| A07 | Authentication Failures | Broken authentication and session management |
| A08 | Software and Data Integrity | Insecure CI/CD pipelines, unsigned updates |
| A09 | Security Logging Failures | Insufficient logging and monitoring |
| A10 | Server-Side Request Forgery | Application fetches attacker-controlled URLs |
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.