Open Web Application Security Project (OWASP) provides an ongoing list of the Top 10 security flaws that enable a majority of the successful cyberattacks over the past year. The list is a great starting place for setting your cybersecurity training agenda, not only for your security team, but also for your web application developers and DevOps teams.
The best way to avoid these vulnerabilities (and the successful attacks they invite) is to train your teams to fully understand them, know the coding frameworks that eliminate them from being accidentally coded into your applications and have trained security staff who will recognize them if they slip through in third party code or applications updates and changes.
Here is the current OWASP top 10 list. ● Injection ● Broken Authentication ● Sensitive Data Exposure ● XML External Entities (XXE) ● Broken Access Control ● Security Misconfiguration ● Cross-Site Scripting (XSS) ● Insecure Deserialization ● Using Components with Known Vulnerabilities ● Insufficient Logging and Monitoring
To help create that training plan, we have mapped our RangeForce Training Modules to the OWASP’s Top Ten List. As you would expect, of the three RangeForce training tracks, Web Application Security (WASE), Security Operations (SOC), and DevOps, the majority of training falls under web application security, with a few falling under security operations. Here is how the mapping layout.
As you design your 2020 training plan, align the training of your web application team to match these modules. For your security team, the SOC tracks are critical but don’t forget to include the WASE tracks focused on cross-scripting attacks, cookie security and SQL injection. These topics will help your analyst and forensic teams quickly identify attacks that fall into these categories.
As RangeForce constantly adds new modules, we will update this mapping every few months. If you need support in developing your training plan or want to test drive a few of these modules just reach out and ask.
About OWASP OWASP is a worldwide nonprofit organization that focuses on improving software security. The main mission of OWASP is to ensure that software security is visible and to provide insights and tools to help improve application security globally.