Web DevelopmentIntermediate
Web Security & OWASP
Defend your web applications against the most common and dangerous attacks.
22 hoursGera AI Tutor4.7 (3,800 learners)
About this course
A practical web security course covering the OWASP Top 10 and API Security Top 10. You will exploit and then defend against injection, broken authentication, XSS, CSRF, IDOR, SSRF, and more in a hands-on lab environment. The course includes a security code-review methodology you can apply to any codebase.
Target audience: Web developers, security engineers, engineering managers
What you will learn
- OWASP Top 10
- Penetration testing basics
- Secure coding
- API security
- Security headers
Course syllabus
12 modules · video + labs
- 1The threat model: who attacks web apps and why
- 2OWASP Top 10 2025: overview and prioritisation
- 3Injection: SQL, NoSQL, OS, and LDAP injection attacks and defences
- 4Authentication and session management failures
- 5Cross-site scripting (XSS): reflected, stored, and DOM-based
- 6Cross-site request forgery (CSRF)
- 7Broken access control and IDOR
- 8Security misconfiguration and default credentials
- 9Server-side request forgery (SSRF)
- 10API security: OWASP API Top 10
- 11Security headers: CSP, HSTS, X-Frame-Options
- 12Dependency scanning and supply-chain risks
Prerequisites
- –Web development basics
- –Understanding of HTTP
Frequently asked questions
Do I need any special tools to complete the labs?
All labs run in the browser using an integrated sandbox. No additional tools or VMs are required.
Ready to start Web Security & OWASP?
Join 3,800+ learners already enrolled. Self-paced, certificate on completion.