OWASP Hardening Workshop
RCCE students will learn the OWASP Top 10 web application security risks including injection attacks, broken authentication, sensitive data exposure, XML external entities, broken access control, security misconfiguration, cross-site scripting, insecure deserialization, using components with known vulnerabilities, and insufficient logging and monitoring. RCCE students will learn to identify each vulnerability class in source code and running applications, exploit vulnerabilities in controlled lab environments, implement secure coding remediation for each risk category, integrate OWASP testing into development workflows, and use OWASP tools including ZAP and dependency-check. This hands-on hardening course focuses on reducing attack surface through practical configuration changes and security guardrails. At an expert level, RCCE students will learn to apply hardening baselines, validate configurations, and measure the security improvement achieved. Students walk away with actionable hardening checklists and the skills to maintain hardened configurations as environments evolve.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing OWASP Hardening Workshop
- Execute hands-on tasks for advanced web application security hardening
- Explain Course Overview fundamentals
- Execute hands-on tasks for what you will learn — covering How You Will Learn.
- Explain OWASP Foundation & Mission fundamentals
- Execute hands-on tasks for top 10 project impact — covering Industry benchmark since 2003.
- Execute hands-on tasks for broken access
- Explain A03: Injection Attacks Overview fundamentals
- Execute hands-on tasks for what is injection? — covering Untrusted data sent as part of a, Interpreter executes unintended.
- Execute hands-on tasks for impact categories — covering Data exfiltration and modification, Authentication bypass.
- Execute hands-on tasks for sql injection deep dive — covering Remediation Controls, Vulnerable Pattern.
- Execute hands-on tasks for remediation: schema validation, odm — covering OS Command Injection.
- Execute hands-on tasks for remediation: avoid shell, use apis — covering # NoSQL vuln: db.users.find({user: req.body.user, pass: req.body.pass}).
| Module 01 | Advanced Web Application Security Hardening |
| Module 02 | Course Overview |
| Module 03 | What You Will Learn |
| Module 04 | OWASP Foundation & Mission |
| Module 05 | Top 10 Project Impact |
| Module 06 | Broken Access |
| Module 07 | A03: Injection Attacks Overview |
| Module 08 | What Is Injection? |
| Module 09 | Impact Categories |
| Module 10 | SQL Injection Deep Dive |
| Module 11 | Remediation: schema validation, ODM |
| Module 12 | Remediation: avoid shell, use APIs |
| Module 13 | A07: Authentication & Identity Failures |
| Module 14 | Common Weaknesses |
All hands-on labs run on Rocheston Rose X OS. Students practice owasp hardening workshop by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for advanced web application security hardening
- Lab 2: Explain Course Overview fundamentals
- Lab 3: Execute hands-on tasks for what you will learn
- Lab 4: Explain OWASP Foundation & Mission fundamentals
- Lab 5: Execute hands-on tasks for top 10 project impact
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for OWASP Hardening Workshop, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI