On Friday February 5, 2021, I provided a training on teaching Application Security concepts using the OWASP Top 10.
The Open Web Application Security Project or OWASP is a non-profit organization whose mission is to make application security better. Members of OWASP meet every few years to create a top 10 list of the prevalent vulnerabilities in the industry. The last list was from 2017.
The structure of my training is the first part is to present the theoretical part – concepts and definitions. The last part of the training is a practical or application of the first part of the training (theoretical).
For the practical piece I used the website – BodgeIt Store. The BodgeIt Store is an insecure app, that should NOT be deployed in commercial servers. Many will say that the BodgeIt Store is a SUPER old insecure app (it’s close to 10 years old).
The app is close to 10 years old, but I find this app is good to teach application security as there’s a scoreboard and 12 challenges to complete.
Anyway, without further ado below are my slides from my training
I also provided documents that provide a walkthrough of the BodgeIt store as well as installing and using an interception proxy such as Burp Suite.
Finally, I included instructions on how to import the OWASP Broken Authentication VM which have a series of insecure apps.
Enjoy and keep hacking!