OWASP-YN: Web Hacking and Defense Course with OWASP Top 10 Vulnerabilities

Web Hacking and Defense Course with OWASP Top 10 Vulnerabilities is a 2-day intensive training that empowers developers, testers, and security professionals with practical offensive and defensive web security skills.

Participants will explore real-world exploits for the most critical web vulnerabilities outlined by OWASP Top 10 (2021/2023 editions), including:

• SQL Injection

• Cross-Site Scripting (XSS)

• Cross-Site Request Forgery (CSRF)

• Broken Authentication

• Broken Access Control

Through live demonstrations and hands-on exercises, learners will:

• Perform injection attacks to extract or manipulate data

• Steal cookies and hijack sessions via XSS attacks

• Exploit CSRF flaws to perform unauthorized transactions

• Analyze authentication weaknesses and conduct brute-force attacks

• Secure web applications using input validation, parameterized queries, and session hardening

Day 1 focuses on:

• Understanding web application attack surfaces

• Performing offensive techniques against vulnerable applications using DVWA and OWASP Juice Shop

Day 2 shifts to defense:

• Implementing secure coding practices

• Deploying Web Application Firewalls (WAFs) and bypass techniques

• Secure authentication and session management

• Performing security testing using tools like Burp Suite and OWASP ZAP

The training concludes with a Capture The Flag (CTF) challenge where participants apply their skills to find and exploit vulnerabilities in a simulated environment.

By the end of this course, participants will:

• Understand web vulnerabilities and how attackers exploit them

• Secure web applications against real-world threats

• Conduct vulnerability assessments and basic penetration tests

• Build stronger, safer web apps following OWASP best practices

Ideal for developers, QA engineers, IT security professionals, and anyone seeking real-world web security experience.