Choose a Module
OWASP Top 10
The 2021 Top 10 web application risks (A01–A10) with examples and defenses
Access Control
A01: IDOR, vertical/horizontal privilege escalation, RBAC/ABAC, deny-by-default
Injection & XSS
A03: SQL injection, XSS (stored/reflected/DOM), command & template injection, CSP
Authentication
A07: password storage, MFA, sessions & cookies, JWT pitfalls, OAuth/OIDC
Cryptography
A02: TLS, encryption at rest, hashing vs encryption, key management, secrets
API Security
OWASP API Security Top 10 (2023): BOLA, BFLA, BOPLA, SSRF, resource consumption