OWASP Top 10 and Common Vulnerabilities

Module 1: Threat landscape and secure design first

• Risk based view of the OWASP Top 10 and how attacks chain
• Trust boundaries, inputs, and data flow as design anchors
• Secure defaults for configuration, headers, and error handling

Module 2: Access control and authentication pitfalls

• Broken access control patterns and simple allow list thinking
• Session and token handling and protecting cookies and storage
• Multi tenant hints and enforcing object level checks

Module 3: Data protection and injection defenses

• Cryptographic failures in practice secrets, keys, and TLS
• Injection families and safe patterns for queries and commands
• Output encoding and context awareness in templates and APIs

Module 4: Insecure design and API basics

• From feature to misuse case and abuse resistance
• Rate limits, quotas, and resource ceilings
• API specific risks versioning, mass assignment, and batching

Module 5: Security misconfiguration and vulnerability exposure

• Fragile defaults, verbose errors, and missing headers
• Cloud and container gotchas images, secrets, and metadata
• Sensitive data exposure through logs and backups

Module 6: SSRF, deserialization, and dependency risk

• Server side request forgery patterns and network egress control
• Unsafe deserialization and safer serializers and formats
• Supply chain issues dependency hygiene and update strategy

Module 7: Integrity, monitoring, and CI or CD guardrails

• Integrity failures package signing, checksums, and pinning
• Logging that helps detect and investigate incidents
• Build and deploy checks secrets scanning and parameterized configs

Module 8: Verification and remediation workflow

• Light test strategy unit, integration, and security checks
• Triage by exploitability and blast radius
• Remediation playbook owners, timelines, and backporting fixes