OWASP for Beginners
RCCE students will learn the OWASP Top 10 web application security risks including injection attacks, broken authentication, sensitive data exposure, XML external entities, broken access control, security misconfiguration, cross-site scripting, insecure deserialization, using components with known vulnerabilities, and insufficient logging and monitoring. RCCE students will learn to identify each vulnerability class in source code and running applications, exploit vulnerabilities in controlled lab environments, implement secure coding remediation for each risk category, integrate OWASP testing into development workflows, and use OWASP tools including ZAP and dependency-check. Designed for students with no prior experience in this area, this course builds knowledge from the ground up with clear explanations, guided demonstrations, and progressive skill-building. Building on core knowledge, RCCE students will learn core concepts through practical examples that connect theory to real-world security operations. By completion, students will have the foundational knowledge and hands-on confidence needed to contribute in professional cybersecurity roles.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing OWASP for Beginners
- Execute hands-on tasks for advanced cyber defense mastery
- Execute hands-on tasks for level: intermediate
- Execute hands-on tasks for duration: 6 hours
- Execute hands-on tasks for prereq: web basics
- Execute hands-on tasks for course objectives & learning outcomes
- Execute hands-on tasks for open web application security project — covering OWASP Top 10 updated periodically.
- Execute hands-on tasks for what is owasp? — covering Open Web Application Security Project.
- Execute hands-on tasks for security misconfiguration
- Execute hands-on tasks for broken authentication
- Execute hands-on tasks for a1: injection attacks
- Execute hands-on tasks for vulnerable pattern — covering Untrusted data sent to interpreter as.
- Build detections and response workflows for privilege escalation, including Use parameterized queries / prepared statements.
| Module 01 | Advanced Cyber Defense Mastery |
| Module 02 | Level: Intermediate |
| Module 03 | Duration: 6 Hours |
| Module 04 | Prereq: Web Basics |
| Module 05 | Course Objectives & Learning Outcomes |
| Module 06 | Open Web Application Security Project |
| Module 07 | What is OWASP? |
| Module 08 | Security Misconfiguration |
| Module 09 | Broken Authentication |
| Module 10 | A1: Injection Attacks |
| Module 11 | Vulnerable Pattern |
| Module 12 | Detection & Prevention |
| Module 13 | A2: Broken Authentication |
| Module 14 | A3: Sensitive Data Exposure |
All hands-on labs run on Rocheston Rose X OS. Students practice owasp for beginners by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for advanced cyber defense mastery
- Lab 2: Execute hands-on tasks for level: intermediate
- Lab 3: Execute hands-on tasks for duration: 6 hours
- Lab 4: Execute hands-on tasks for prereq: web basics
- Lab 5: Execute hands-on tasks for course objectives & learning outcomes
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for OWASP for Beginners, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI