OWASP Deep Dive
RCCE students will learn the OWASP Top 10 web application security risks including injection attacks, broken authentication, sensitive data exposure, XML external entities, broken access control, security misconfiguration, cross-site scripting, insecure deserialization, using components with known vulnerabilities, and insufficient logging and monitoring. RCCE students will learn to identify each vulnerability class in source code and running applications, exploit vulnerabilities in controlled lab environments, implement secure coding remediation for each risk category, integrate OWASP testing into development workflows, and use OWASP tools including ZAP and dependency-check. This deep-dive course provides comprehensive technical coverage that goes beyond surface-level understanding. At an expert level, RCCE students will learn to master the nuances, edge cases, and advanced configurations that separate competent practitioners from true experts. Students will engage with complex real-world scenarios and gain the depth of knowledge required to troubleshoot difficult situations, mentor junior team members, and make architectural decisions with confidence.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing OWASP Deep Dive
- Execute hands-on tasks for owasp deep dive
- Execute hands-on tasks for advanced web application security risks
- Execute hands-on tasks for identification & analysis
- Execute hands-on tasks for remediation & defense — covering Classify all OWASP Top 10 risk categories.
- Explain OWASP Foundation Overview fundamentals
- Execute hands-on tasks for key projects
- Execute hands-on tasks for open web application security project — covering Top 10: Most critical web risks.
- Execute hands-on tasks for broken access control
- Execute hands-on tasks for web application threat landscape
- Execute hands-on tasks for defense priorities — covering Injection via user-controlled inputs.
- Execute hands-on tasks for attack paths: how attackers exploit web apps
- Execute hands-on tasks for input vector
| Module 01 | OWASP Deep Dive |
| Module 02 | Advanced Web Application Security Risks |
| Module 03 | Identification & Analysis |
| Module 04 | Remediation & Defense |
| Module 05 | OWASP Foundation Overview |
| Module 06 | Key Projects |
| Module 07 | Open Web Application Security Project |
| Module 08 | Broken Access Control |
| Module 09 | Web Application Threat Landscape |
| Module 10 | Defense Priorities |
| Module 11 | Attack Paths: How Attackers Exploit Web Apps |
| Module 12 | Input Vector |
| Module 13 | Attack Pattern 2: Auth Bypass |
| Module 14 | A03 Injection + A01 Access Control |
All hands-on labs run on Rocheston Rose X OS. Students practice owasp deep dive by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for owasp deep dive
- Lab 2: Execute hands-on tasks for advanced web application security risks
- Lab 3: Execute hands-on tasks for identification & analysis
- Lab 4: Execute hands-on tasks for remediation & defense
- Lab 5: Explain OWASP Foundation Overview fundamentals
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for OWASP Deep Dive, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI