OWASP Top 10 Monitoring and Detection
RCCE students will learn the OWASP Top 10 web application security risks including injection attacks, broken authentication, sensitive data exposure, XML external entities, broken access control, security misconfiguration, cross-site scripting, insecure deserialization, using components with known vulnerabilities, and insufficient logging and monitoring. RCCE students will learn to identify each vulnerability class in source code and running applications, exploit vulnerabilities in controlled lab environments, implement secure coding remediation for each risk category, integrate OWASP testing into development workflows, and use OWASP tools including ZAP and dependency-check. This monitoring course teaches comprehensive detection and observability strategies for proactive security operations. Starting from foundational concepts, RCCE students will learn to instrument systems for security telemetry, build detection pipelines, configure alerting, and maintain monitoring coverage as environments evolve. Students gain the visibility and detection capabilities needed to catch threats early.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing OWASP Top 10 Monitoring and Detection
- Monitor and audit privilege usage; detect escalation attempts
- Explain Course Overview fundamentals
- Build detections and response workflows for privilege escalation
- Execute hands-on tasks for hands-on labs — covering OWASP Top 10 Risks.
- Execute hands-on tasks for industry standard risk framework — covering Open Web Application Security Project reference.
- Execute hands-on tasks for broken authentication
- Execute hands-on tasks for sensitive data exposure
- Execute hands-on tasks for observability pillars — covering Logs: event records from systems, Detection Goals, Minimize mean-time-to-detect (MTTD).
- Build detections and response workflows for privilege escalation, including Minimize mean-time-to-detect (MTTD).
- Monitor and audit privilege usage; detect escalation attempts, including Level 1: Basic logging enabled.
- Execute hands-on tasks for application layer
| Module 01 | Monitoring and Detection |
| Module 02 | Course Overview |
| Module 03 | Detection Fundamentals |
| Module 04 | Hands-On Labs |
| Module 05 | Industry Standard Risk Framework |
| Module 06 | Broken Authentication |
| Module 07 | Sensitive Data Exposure |
| Module 08 | Security Monitoring Fundamentals |
| Module 09 | Observability Pillars |
| Module 10 | Detection Goals |
| Module 11 | Monitoring Maturity Model |
| Module 12 | Application Layer |
| Module 13 | Infrastructure Layer |
| Module 14 | Security Tools |
All hands-on labs run on Rocheston Rose X OS. Students practice owasp top 10 monitoring and detection by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Monitor and audit privilege usage; detect escalation attempts
- Lab 2: Explain Course Overview fundamentals
- Lab 3: Build detections and response workflows for privilege escalation
- Lab 4: Execute hands-on tasks for hands-on labs
- Lab 5: Execute hands-on tasks for industry standard risk framework
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for OWASP Top 10 Monitoring and Detection, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI