OWASP Top 10 & Common Attack Vectors with Java (1-5)

Overview

This learning path introduces new graduates to web application security through OWASP Top 10 vulnerabilities (1–5). Using Java, learners practice identifying and fixing common security issues in a simple web app to build strong, practical skills.

Syllabus

Course 1: A01: Broken Access Control
Course 2: A02: Cryptographic Failures
Course 3: A03: Injection
Course 4: A04: Insecure Design
Course 5: A05: Security Misconfiguration

Courses

0 reviews
2 hours
View details

This course addresses flaws where improper enforcement of access restrictions allows unauthorized users to access or modify sensitive data or functionality, such as paste snippets or administrative pages, due to unverified input or missing role checks.
0 reviews
2 hours
View details

This course explores vulnerabilities caused by improper cryptographic implementations or lack of encryption, leading to sensitive data exposure. You'll learn how attackers exploit weak cryptography and how to securely protect secrets, passwords, and sensitive information.
0 reviews
2 hours
View details

This course demonstrates how injection flaws occur when untrusted data is used to construct queries, HTML content, or system commands. Learn to mitigate these risks through parameterized queries, server-side and client-side sanitization, input validation, and safe command execution patterns in our pastebin application.
0 reviews
2 hours
View details

This course explores design flaws that lead to security vulnerabilities in our pastebin application—from insecure credential recovery to flawed business logic and missing audit trails.
0 reviews
2 hours
View details

This course highlights configuration errors—from leftover sample endpoints and directory listing to detailed error messages—that can expose the pastebin application to attackers.