0. Introduction

The OWASP top 10 is very well know by every ethical hacker out there and for good reason. It describes the top 10 vulnerabilities as they occur "In the wild" as we say, where we refer to production environments. This means that the OWASP top 10 has been described into extreme detail but nowhere in a way that makes it practical. Whether you are a developer, pentester or bug bounty hunter, i believe this course will help all of us as the OWASP top 10 is described very vague and it's time to break the fog banks!

There are several good resources available on which we base this course and that can be found freely on the internet but what this course aims to do is translate those concepts into every day useful and actioneable items to help improve your skillset.

The top 10 basically consinsts of the following vulnerabilities as of the 2017 version:

• Injection

• Broken authentication

• Sensitive data exposure

• XXE

• Broken Access control

• Security misconfigurations

• XSS

• Insecure Deserialization

• Using components with known vulnerabilities in them

• Insufficient logging and monitoring

Whew!! Is it me or was that a wild ride with a range of different vulnerabilities? They talk about anything from Insecure Deserialization to Broken Access control and even Insufficient logging and monitoring. Now i don't know about you but i think it's time we tackle this insane freakshow of vulnerabilties and tame them into a beautiful set of wiki pages that any developer or tester can refer back to if they want to secure or test an application.