Web & IoT Application Security

To earn this certificate, the student successfully completed a 32-hour in-person course covering the following topics: Introduction, Jargon and terminology (CVE, CWE, ..), Resources (OWASP, Portswigger, ..), Relevant OWASP projects (Top10, ASVS, Testing Guide, ..), Architecture (HTTP/HTTPS, sessions, cookies, authentication, ..), Examples of vulnerabilities and how to avoid them (OWASP Top10), A1: Injection, A2: Broken Authentication, A3: Sensitive Data Exposure, A4: XML External Entities (XXE), A5: Broken Access Control, A6: Security Misconfiguration, A7: Cross-Site Scripting (XSS), A8: Insecure Deserialization, A9: Using Components with Known Vulnerabilities, A10: Insufficient Logging & Monitoring, Traditional Web specifics, Web 2.0 specifics, IoT specifics, Mobile app specifics, SSDLC and CI/CD