Skip to main content

eLearning course catalog

Browse the current eLearning courses. For the latest updates on these courses, see Training updates.

The OWASP Top 10 2021 course supersedes OWASP 2017.

Download this course catalog

Secure Coding Foundations

CourseDescriptionOutline
Trust Boundaries
🕑
15 minutes
🗓️
Updated 4/29/2024
This training covers secure coding foundations topics related to trust boundaries, including determining where trust boundaries exist, and understanding best practices for securing data that passes a trust boundary.

Intended audience: Any
  • Module Overview
  • The Integrity of User Input
  • Summary and Quiz
Authentication
🕑
45 minutes
🗓️
Updated 4/29/2024
This training covers secure coding foundations topics related to authentication, including session management, service-based authentication, and cross-site request forgery.

Intended audience: Any
  • Module Overview
  • Authentication in Theory and Practice
  • Authentication and Session Management
  • Service Based Authentication
  • Cross-Site Request Forgery
  • Summary and Quiz
Authorization
🕑
20 minutes
🗓️
Updated 4/29/2024
This training covers secure coding foundation topics related to authorization, including authorizing system access, where authorization should occur, and common authorization vulnerabilities.

Intended audience: Any
  • Module Overview
  • Authorization
  • Summary and Quiz
Validation and Encoding
🕑
30 minutes
🗓️
Updated 4/29/2024
This training covers secure coding foundations topics related to input validation and output encoding, including validation strategies, SQL injection flaws, cross-site scripting, and other malicious input attempts.

Intended audience: Any
  • Module Overview
  • Input Validation and Output Encoding
  • Injection Flaws
  • Cross-Site Scripting
  • Unvalidated Redirects and Forwards
  • Summary and Quiz
Information Handling
🕑
20 minutes
🗓️
Updated 4/29/2024
This training covers secure coding foundation topics related to information handling, including information leakage, error handling, non-repudiation, auditing, and log files.

Intended audience: Any
  • Module Overview
  • Information and Error Handling
  • Non-Repudiation and Auditing
  • Summary and Quiz
Data Protection
🕑
25 minutes
🗓️
Updated 4/29/2024
This training covers secure coding foundations topics related to data protection, including data protection failures and cryptography.

Intended audience: Any
  • Module Overview
  • Data Protection
  • Cryptographic Algorithms
  • Summary and Quiz
Configuration and Deployment
🕑
35 minutes
🗓️
Updated 4/29/2024
This training covers secure coding foundation topics related to configuration and deployment, including failure to restrict URL access, malicious file execution, and using components with known vulnerabilities.

Intended audience: Any
  • Module Overview
  • Best Practices
  • Failure to Restrict URL Access
  • Malicious File Execution
  • Using Components with Known Vulnerabilities
  • Summary and Quiz

General Security

CourseDescriptionOutline
Application Security Testing
🕑
35 minutes
🗓️
Updated 4/29/2024
The Application Security Testing training covers assessment preparation, baseline review and testing, threat modeling, targeted testing, and assessment reporting.

Intended audience: Security Professionals and Software Developers
  • Introduction
  • General Assessment Approach
  • Scenario
  • Assessment Preparation
  • Threat Modeling
  • Baseline Review and Testing
  • Reviewing Techniques
  • Reporting
  • Scenario Conclusion
  • Summary and Quiz
C/C++ Memory Management Risks and Best Practices
🕑
45 minutes
🗓️
Updated 4/29/2024
This training reviews the safest way to work with C/C++ memory. Topics include stack and heap memory use, common coding flaws, and recommended memory management solutions.

Intended audience: Software Developers
  • Module Overview
  • Scenario
  • Stack and Heap Architecture
  • Common Coding Flaws
  • Other Security Vulnerabilities
  • Memory Management Solutions
  • Scenario Conclusion
  • Summary and Quiz
Introduction to PCI DSS for Developers
🕑
30 minutes
🗓️
Updated 4/29/2024
This training describes the Payment Card Industry Data Security Standards (PCI DSS) that were designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment.

Intended audience: Mobile Application Developers, Software Developers, Security Professionals, Penetration Testers
  • Module Overview
  • An Introduction to PCI DSS
  • Scenario
  • Requirements and Compliance
  • Requirement 6 In-Depth
  • Scenario Conclusion
  • Summary and Quiz
Introduction to Web Application Security
🕑
40 minutes
🗓️
Updated 4/29/2024
This training reviews web application security. The course begins with a summary of why application security is important, and a review of HTTP basics. It concludes with an application attack demonstration, and exploit examples.

Intended audience: Security Professionals, Software Developers, Project Managers, Quality Assurance Staff
  • Module Overview
  • Scenario
  • Real Case Studies: Notable Breaches
  • Application Attacks
  • Importance of Application Security
  • SQL Injection Activity
  • Basics of HTTP
  • Cross-Site Scripting Activity
  • Scenario Conclusion
  • Summary and Quiz
Secure Architecture and Design
🕑
40 minutes
🗓️
Updated 4/29/2024
A secure architecture and infrastructure are necessary to protect an organization's systems and assets. Topics include functional security solutions, use and abuse cases, business controls, dependency risks, data flow, and control flow analysis.

Intended audience: Mobile Application Developers, Software Developers, Security Professionals, Penetration Testers
  • Module Overview
  • Scenario
  • Functional Security Requirements and Solutions
  • Use and Abuse Cases
  • Business Controls and Risks from Dependencies
  • Data Flow and Control Flow Analysis
  • Scenario Conclusion
  • Summary and Quiz
Security Awareness
🕑
63 minutes
🗓️
Updated 4/29/2024
This training helps users to make smart decisions regarding security. It covers securing workplace information, security threats in the workplace, avoiding social engineering attacks, and best practices for email, password, and remote access use.

Intended audience: All employees and contractors
  • Module Overview
  • Information Security
  • Password Security
  • Security Threats in the Workplace
  • Security for Remote Employees
  • Summary and Quiz
Secure Software Remediation Basics
🕑
25 minutes
🗓️
Updated 4/29/2024
This training provides an overview of Software Security Remediation, from inception, through planning, and execution.

Intended audience: Security Professionals, Software Developers and Software Quality Assurance Staff
  • Module Overview
  • Introduction to Software Remediation
  • Scenario: Software Remediation Process
  • The Inception Phase
  • The Planning Phase
  • The Execution Phase
  • Scenario Conclusion
  • Summary and Quiz
Threat Modeling
🕑
25 minutes
🗓️
Updated 4/29/2024
This training describes threat modeling, when it is appropriate to use, and why it is useful. It also explains how to use threat modeling in application development.

Intended audience: Security Professionals and Software Developers
  • Module Overview
  • Scenario
  • Terminology and Approaches
  • Methodologies and Tools
  • Scenario Conclusion
  • Summary and Quiz
Cross Site Request Forgery (CSRF) Explained
🕑
20 minutes
🗓️
Updated 4/29/2024
This training explains how Cross-Site Request Forgery (CSRF) is used by malicious actors to leverage social media (such as an email link) to trick a victim into executing actions defined by the attacker.

Intended audience: Security Professionals and Software Developers
  • Module Overview
  • Scenario
  • CSRF Details
  • Detection and Prevention
  • Scenario Conclusion
  • Summary and Quiz

Security for Mobile Devices

CourseDescriptionOutline
Overview of Mobile Application Security
🕑
25 minutes
🗓️
Updated 4/29/2024
This training covers mobile device capabilities. It describes mobile platforms and application development tools, how mobile application threat models differ from typical web application threat models, and major security threats to mobile devices.

Intended audience: Mobile Application Developers, Software Developers, Security Professionals, Penetration Testers
  • Module Overview
  • Scenario
  • Mobile Application Threat Modeling
  • Mobile Security Threats
  • Comparison of Native Applications and Web Applications
  • Scenario Conclusion
  • Summary and Quiz
Authentication and Authorization for Android and iOS
🕑
20 minutes
🗓️
Updated 4/29/2024
This training covers authentication and authorization for mobile devices, including protecting data in transit, protecting resources with strong authentication, and mobile device credential handling.

Intended audience: Mobile Application Developers, Software Developers, Security Professionals, Penetration Testers
  • Module Overview
  • Scenario: Android Authentication and Authorization
  • Authentication Failures
  • Data Exploitation in Transit
  • Insecure On-Device Credential Storage
  • Scenario Conclusion
  • Summary and Quiz
Data Protection for Android
🕑
25 minutes
🗓️
Updated 4/29/2024
This course covers the types of Android local storage, methods of configuring locally stored data, how to choose proper encryption technologies for locally stored data, and how to secure network communication between the device and web services.

Intended audience: Mobile Application Developers, Software Developers, Security Professionals, Penetration Testers
  • Module Overview
  • Android Storage Types
  • Scenario: Security Data in Android
  • Securing Stored Data
  • Security Data in Transit
  • Scenario Conclusion
  • Summary and Quiz
Validation and Encoding for Android
🕑
30 minutes
🗓️
Updated 4/29/2024
This course covers best practices for input validation and output encoding on the Android platform, and common mobile vulnerabilities that proper validation and encoding can help address.

Intended audience: Mobile Application Developers, Software Developers, Security Professionals, Penetration Testers
  • Module Overview
  • Scenario
  • Defending Against Injection
  • IPCs and Their Security
  • Validating Data from Third-Party Web Services
  • Scenario Conclusion
  • Summary and Quiz

AppSec Tutorials

CourseDescriptionOutline
Directory Traversal
🕑
10 minutes
🗓️
Updated 4/29/2024
This training demonstrates a directory a traversal attack, and provides suggested methods to help prevent it.

Intended audience: Software Developers
  • Module Overview
  • Path Traversal Summary
  • Path Traversal Example
  • Conclusion and Module Summary
Information Leakage
🕑
10 minutes
🗓️
Updated 4/29/2024
This training demonstrates an information leakage example, and provides suggested methods to help prevent it.

Intended audience: Software Developers
  • Module Overview
  • Information Leakage Overview
  • Information Leakage Example
  • Conclusion and Module Summary
Open Redirects
🕑
10 minutes
🗓️
Updated 4/29/2024
This training demonstrates a classic Open Redirect scenario, and provides suggested methods to help prevent it.

Intended audience: Software Developers
  • Module Overview
  • Open Redirects Overview
  • Open Redirect Example
  • Conclusion and Module Summary
OS Command Injection
🕑
10 minutes
🗓️
Updated 4/29/2024
This training demonstrates an OS Command Injection attack, and provides suggested methods to help prevent it.

Intended audience: Software Developers
  • Module Overview
  • Operating System Command Injection (OSCi) Overview
  • Occurrence and Impact
  • Conclusion and Module Summary
CRLF Injection
🕑
10 minutes
🗓️
Updated 4/29/2024
This training demonstrates how an attacker might discover and exploit a CRLF Injection attack, and provides suggested methods to help prevent it.

Intended audience: Software Developers
  • Module Overview
  • CRLF Overview
  • CRLF Example
  • Conclusion and Module Summary
Cross Site Scripting
🕑
10 minutes
🗓️
Updated 4/29/2024
This training demonstrates how an attacker might discover and exploit a Cross Site Scripting attack, and provides suggested methods to help prevent it.

Intended audience: Software Developers
  • Module Overview
  • Cross-Site Scripting Overview
  • Cross-Site Scripting Example
  • Conclusion and Module Summary
CSRF
🕑
10 minutes
🗓️
Updated 4/29/2024
This training demonstrates a cross-site request forgery attack on a web application, and provides suggested methods to help prevent it.

Intended audience: Software Developers
  • Module Overview
  • CSRF Overview
  • CSRF Example
  • Conclusion and Module Summary
SQL Injection
🕑
15 minutes
🗓️
Updated 4/29/2024
This training demonstrates how an attacker might discover and exploit an SQL Injection attack, and provides suggested methods to help prevent it.

Intended audience: Software Developers
  • Module Overview
  • SQL Injection Attacks Overview
  • SQL Injection Attacks Examples and Prevention
  • Conclusion and Module Summary
Software and Data Integrity Failures
🕑
10 minutes
🗓️
Updated 4/29/2024
This training demonstrates how updates, critical data, and pipelines can be security attack vectors when integrity is not verified, and suggests methods to minimize risk.

Intended audience: Software Developers
  • Module Overview
  • What are Software and Data Integrity Failures?
  • Scenario
  • Impacts
  • Example
  • Prevention
  • Scenario Conclusion
  • Summary
Server-Side Request Forgery
🕑
15 minutes
🗓️
Updated 4/29/2024
This training demonstrates the risk to a web application when fetching a remote resource without validating the user-supplied URL, and provides suggested methods to minimize the vulnerability.

Intended audience: Software Developers
  • Module Overview
  • Introduction
  • Scenario
  • Impacts
  • Example
  • Prevention
  • Scenario Conclusion
  • Summary
Veracode Application Security Fundamentals Assessment
🕑
20 minutes
🗓️
Updated 4/29/2024
This quiz tests the learner's knowledge of the information covered in the Application Security tutorials. This is a QUIZ ONLY, there is no lesson content.

Intended audience: Any
  • Module Overview
  • Quiz

OWASP Top 10 (2021)

CourseDescriptionOutline
Software Security Awareness
🕑
60 minutes
🗓️
Updated 4/29/2024
This training covers the OWASP Top 10 Security Vulnerabilities for 2021. Each section describes a vulnerability, and provides tips to help prevent it.

Intended audience: Software Developers and Security Professionals
  • Module Overview
  • A01:2021 Broken Access Control
  • A02:2021 Cryptographic Failures
  • A03:2021 Injection
  • A04:2021 Insecure Design
  • A05:2021 Security Misconfiguration
  • A06:2021 Vulnerable and Outdated Components
  • A07:2021 Identification and Authentication Failures
  • A08:2021 Software and Data Integrity Failures
  • A09:2021 Security Logging and Monitoring Failures
  • A10:2021 Server-Side Request Forgery
  • Summary and Quiz

Secure Coding for .NET

CourseDescriptionOutline
Authentication
🕑
30 minutes
🗓️
Updated 5/24/2021
This training covers secure coding authentication topics for .NET, including security best practices, and how cross-site request forgery (CSRF) can be used to force an end user to execute unwanted actions on behalf of a malicious actor.

Intended audience: Software Developers
  • Module Overview
  • Scenario
  • Authentication Approaches
  • Authentication Vulnerabilities
  • Scenario Conclusion
  • Summary and Quiz
Authorization
🕑
20 minutes
🗓️
Updated 5/24/2021
This training covers secure coding authorization topics for .NET developers, including authorizing system access, and common authorization vulnerabilities.

Intended audience: Software Developers
  • Module Overview
  • Scenario
  • Authorization Approaches
  • Common Authorization Issues
  • Scenario Conclusion
  • Summary and Quiz
Validation and Encoding
🕑
20 minutes
🗓️
Updated 5/24/2021
This training covers secure coding validation and encoding topics for .NET, including input validation and output encoding, validation strategies, SQL injection flaws, cross-site scripting, and other malicious input attempts.

Intended audience: Software Developers
  • Module Overview
  • The Importance of Input Validation
  • Scenario
  • Input Validation in ASP.NEW Core
  • Using Encoding to Prevent XSS in .NET Core
  • Preventing SQL Injection in .NET Core
  • Scenario Conclusion
  • Summary and Quiz
Information and Error Handling
🕑
20 minutes
🗓️
Updated 5/24/2021
This training covers secure coding information handling topics for .NET, including information access and leakage, error handling, non-repudiation, auditing, and log files.

Intended audience: Software Developers
  • Module Overview
  • Scenario
  • Handling Errors in ASP.NEW Core
  • Implementing Logging
  • Scenario Conclusion
  • Summary and Quiz
Data Protection
🕑
25 minutes
🗓️
Updated 5/24/2021
This training covers secure coding data protection topics for .NET developers, including data protection failures and cryptography.

Intended audience: Software Developers
  • Module Overview
  • Scenario
  • Encryption in .NET Core
  • Hashing in .NET Core
  • Data Protection Best Practices
  • Data Protection Common Issues
  • Scenario Conclusion
  • Summary and Quiz
Configuration and Deployment
🕑
30 minutes
🗓️
Updated 5/24/2021
This training covers configuration and deployment strategies to help prevent direct access to sensitive URLs, malicious file execution, and denial of service conditions. It also describes known vunerabilities and the principle of least privilege.

Intended audience: Software Developers
  • Module Overview
  • Scenario
  • Hosting and Deploying ASP.NET Core
  • Common Security Best Practices
  • Using a CI/CD Tool for Deployment
  • Scenario Conclusion
  • Summary and Quiz

Secure Coding for Java

CourseDescriptionOutline
Authentication
🕑
25 minutes
🗓️
Updated 5/24/2021
This training covers secure coding authentication topics for Java, including basic authentication, session management, service-based authentication, and cross-site request forgery.

Intended audience: Software Developers
  • Module Overview
  • Scenario
  • Authentication in JAAS
  • Authentication Vulnerabilities and How to Avoid Them
  • Scenario Conclusion
  • Summary and Quiz
Authorization
🕑
25 minutes
🗓️
Updated 5/24/2021
This training covers secure coding authorization topics for Java developers, including authorizing system access, and common authorization vulnerabilities.

Intended audience: Software Developers
  • Module Overview
  • Scenario
  • Authorization in JAAS
  • Insecure Authorization
  • Access Control Policy
  • Scenario Conclusion
  • Summary and Quiz
Validation and Encoding
🕑
25 minutes
🗓️
Updated 5/24/2021
This training covers secure coding validation and encoding topics for Java, including input validation and output encoding, validation strategies, SQL injection flaws, cross-site scripting, and other malicious input attempts.

Intended audience: Software Developers
  • Module Overview
  • Scenario
  • Validation and Encoding in Java
  • User Input Sanitization
  • Scenario Conclusion
  • Summary and Quiz
Information and Error Handling
🕑
25 minutes
🗓️
Updated 5/24/2021
This training covers secure coding information handling topics for Java, including information access and leakage, error handling, non-repudiation, auditing, and log files.

Intended audience: Software Developers
  • Module Overview
  • Scenario
  • Exceptions and Exception Handling
  • Logging and Monitoring
  • Non-Repudiation and Separation of Duties
  • Scenario Conclusion
  • Summary and Quiz
Data Protection
🕑
20 minutes
🗓️
Updated 5/24/2021
This training covers secure coding data protection topics for Java developers, including data protection failures and cryptography.

Intended audience: Software Developers
  • Module Overview
  • Scenario
  • Java Cryptography
  • Encrypting and Decrypting Data
  • Hash Functions
  • Digital Signatures
  • Scenario Conclusion
  • Summary and Quiz
Configuration and Deployment
🕑
25 minutes
🗓️
Updated 5/24/2021
This training covers configuration and deployment strategies to help prevent direct access to sensitive URLs, malicious file execution, and denial of service conditions. It also describes known vulnerabilities and the principle of least privilege.

Intended audience: Software Developers
  • Module Overview
  • Scenario
  • Secure Coding in Java
  • Configuring and Deploying Secure Java Applications
  • Scenario Conclusion
  • Summary and Quiz

Secure Coding for JavaScript

CourseDescriptionOutline
Information Handling
🕑
25 minutes
🗓️
Updated 2/12/2020
This training covers secure coding information handling topics for JavaScript, including web information handling risks, secure error reporting, JavaScript function execution, and framework status reporting features.

Intended audience: Software Developers
  • Module Overview
  • Web Application Information
  • Information Gathering Scenario
  • Information Handling Risks
  • Secure Error Reporting
  • JavaScript Function Execution
  • Framework Status Reporting Features
  • Summary and Quiz
Data Protection
🕑
18 minutes
🗓️
Updated 2/12/2020
This training covers secure coding data protection topics for JavaScript developers, including browser data protection, web data storage, and data protection best practices.

Intended audience: Software Developers
  • Module Overview
  • Scenario
  • Browser Data Protection
  • Web Data Storage
  • Data Protection Best Practices
  • Summary and Quiz
Validation and Encoding
🕑
29 minutes
🗓️
Updated 2/13/2020
This training covers secure coding validation and encoding topics for JavaScript developers, including JavaScript validation techniques, data encoding, field validation, React framework validation, and Angular framework validation.

Intended audience: Software Developers
  • Module Overview
  • JavaScript Validation Considerations
  • Field Validation
  • Validation Techniques
  • Data Encoding
  • Validation Functions
  • React Framework and Validation
  • Angular Framework and Validation
  • Summary and Quiz
Configuration and Deployment
🕑
17 minutes
🗓️
Updated 2/13/2020
This training covers configuration and deployment strategies to help prevent direct access to sensitive URLs, malicious file execution, and denial of service conditions. It also describes known vulnerabilities and the principle of least privilege.

Intended audience: Software Developers
  • Module Overview
  • Software Productivity Tools
  • Minification and Bundling
  • Content Delivery Networks
  • Updates and Patching
  • Using Package Managers
  • Summary and Quiz
Authentication and Authorization
🕑
22 minutes
🗓️
Updated 2/13/2020
This training covers secure coding authentication and authorization topics for JavaScript, including access authentication, authorization methods, service-based authentication, authorization best practices, and framework authorization features.

Intended audience: Software Developers
  • Module Overview
  • Authorization Use
  • Access Authentication
  • Authorization Methods
  • Service-based Authentication
  • Authorization Best Practices
  • Authentication and Authorization Scenario
  • Framework Features
  • Summary and Quiz

Secure Coding for PHP

CourseDescriptionOutline
Authentication
🕑
25 minutes
🗓️
Updated 5/25/2021
This training covers secure coding authentication topics for PHP, including basic authentication, session management, service-based authentication, and cross-site request forgery.

Intended audience: Software Developers
  • Module Overview
  • Scenario
  • Authentication Approaches
  • Authentication Vulnerabilities
  • Scenario Conclusion
  • Summary and Quiz
Authorization
🕑
30 minutes
🗓️
Updated 5/25/2021
This training covers secure coding authorization topics for PHP developers, including authorizing system access, and common authorization vulnerabilities.

Intended audience: Software Developers
  • Module Overview
  • Scenario
  • Insecure Authorization
  • Types of Access Control
  • Broken Access Control
  • Scenario Conclusion
  • Summary and Quiz
Validation and Encoding
🕑
40 minutes
🗓️
Updated 5/25/2021
This training covers secure coding validation and encoding topics for PHP, including input validation and output encoding, validation strategies, SQL injection flaws, cross-site scripting, and other malicious input attempts.

Intended audience: Software Developers
  • Module Overview
  • Scenario
  • Implementing Validation in PHP
  • Common Validation Tasks
  • Validate All Inputs
  • Encode and Escape Data
  • Cross-Site Scripting (XSS)
  • Scenario Conclusion
  • Summary and Quiz
Information Handling
🕑
20 minutes
🗓️
Updated 5/25/2021
This training covers secure coding information handling topics for PHP, including information access and leakage, error handling, non-repudiation, auditing, and log files.

Intended audience: Software Developers
  • Module Overview
  • Scenario
  • Exception Handling in PHP
  • Security Logging and Monitoring
  • Scenario Conclusion
  • Summary and Quiz
Data Protection
🕑
30 minutes
🗓️
Updated 5/25/2021
This training covers data protection topics for PHP developers, including data protection failures and cryptography.

Intended audience: Software Developers
  • Module Overview
  • Scenario
  • Protecting Data at Rest
  • Password Security
  • Data Classification
  • Scenario Conclusion
  • Summary and Quiz
Configuration and Deployment
🕑
35 minutes
🗓️
Updated 5/25/2021
This training covers configuration and deployment strategies to help prevent direct access to sensitive URLs, malicious file execution, and denial of service conditions. It also describes known vulnerabilities and the principle of least privilege.

Intended audience: Software Developers
  • Module Overview
  • Scenario
  • PHP Delivery
  • PHP Configuration and Deployment
  • Securing PHP Software Best Practices
  • Scenario Conclusion
  • Summary and Quiz

Secure Coding for Python

CourseDescriptionOutline
Design and Maintenance
🕑
30 minutes
🗓️
Updated 11/10/2020
This training covers secure design and maintenance topics for Python developers. Focus is on common vulnerabilities, tool management, library, and configuration settings.

Intended audience: Software Developers
  • Module Overview
  • Scenario
  • Security Misconfigurations
  • Using Components with Known Vulnerabilities
  • Effective Logging and Monitoring
  • Scenario Conclusion
  • Summary and Quiz
Data at Rest
🕑
20 minutes
🗓️
Updated 11/10/2020
This training covers secure coding techniques for Python developers who are working with data at rest. Focus is on protecting data through access controls, implementing cryptography, and browser data storage.

Intended audience: Software Developers
  • Module Overview
  • Scenario
  • Access Controls
  • Data Cryptography
  • Web Data Storage
  • Scenario Conclusion
  • Summary and Quiz
Data in Use
🕑
25 minutes
🗓️
Updated 11/10/2020
This training covers secure coding techniques for Python developers who are working with data in use. Focus is on exploring common Python vulnerabilities that can occur while data is collected, utilized, and transmitted.

Intended audience: Software Developers
  • Module Overview
  • Scenario
  • Injection Vulnerabilities
  • Cross-site Scripting
  • XML External Entities
  • Deserialization
  • Scenario Conclusion
  • Summary and Quiz