Mastodon

New Pluralsight Course: OWASP Top 10, 2017

16 May 2018

Just a tad over 5 years ago, I released my first ever Pluralsight course - OWASP Top 10 Web Application Security Risks for ASP.NET. More than 32k people have listened to more than 78k hours of content in this course making it not just the most popular course I've ever released, but also keeping it as my most popular in the library even today by a long way. Developers have a huge appetite for OWASP content and I'm very happy to now give them even more Top 10 goodness in the course I'm announcing here - Play by Play: OWASP Top 10 2017.

This time, I've teamed up with Andrew van der Stock who was an integral part of the team involved in putting the 2017 edition of the Top 10 together.

Andrew van der Stock

I can't think of anyone who understands this resource better than him and frankly, it's a bit of a coup for us to have convinced Andrew to do this course. He's added awesome insight including why XSS is now so much further down the list, why CSRF has dropped off entirely and why we now have XXE and insecure deserialisation in the Top 10 for the first time. Plus, he's got some general insights into the changing infosec landscape, for example how the emergence of microservices has meant internal apps that had never previously seen the light of day are now being exposed to risks they'd never seen before.

Because this is a "Play by Play" course, it's only an hour and 12 minutes of easy listening. It's a conversation between Andrew and myself and, of course, we do get into some technical detail but it's designed to be the sort of thing you can watch over lunch, on the daily commute or even just listen to without the video. I've done a heap of these in the past and they've all been well-received so I hope this one goes down equally well.

Oh - and just to save you saying it - yes, I sound terrible. We recorded this in San Francisco in March and I'd just come from a week in Seattle followed by a keynote in Vegas and just got myself run down. But regardless, I battled through and I hope you enjoy the fruits of the labour in this latest course. Play by Play: OWASP Top 10 2017 is now live!

Pluralsight Security OWASP
Tweet Post Update Email RSS

Hi, I'm Troy Hunt, I write this blog, create courses for Pluralsight and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals

Troy Hunt

Hi, I'm Troy Hunt, I write this blog, run "Have I Been Pwned" and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals

Upcoming Events

I often run private workshops around these, here's upcoming events I'll be at:

Must Read

Don't have Pluralsight already? How about a 10 day free trial? That'll get you access to thousands of courses amongst which are dozens of my own including:

  1. OWASP Top 10 Web Application Security Risks for ASP.NET
  2. What Every Developer Must Know About HTTPS
  3. Hack Yourself First: How to go on the Cyber-Offense
  4. The Information Security Big Picture
  5. Ethical Hacking: Social Engineering
  6. Modernizing Your Websites with Azure Platform as a Service
  7. Introduction to Browser Security Headers
  8. Ethical Hacking: SQL Injection
  9. Web Security and the OWASP Top 10: The Big Picture
  10. Ethical Hacking: Hacking Web Applications