This course aims to teach learners about the OWASP top 10 in bite size modules; we will look at the OWASP top 10 vulnerabilities and mitigations available to any development environment. Learners will be able to challenge for the Certified OWASP Security Fundamentals Exam, post course. It is important to understand that this is the baseline set of security standards. Remembering that this knowledge can be reused across technology stacks.

The course introduces AI security threats, OWASP LLMs, and OWASP for agentic systems, models, data, and prompts.

We can organize this training at your preferred date and location. Contact Us!

Prerequisites

There are no prerequisites for this course.

Note: This course does not cover hands-on coding. Additional courses, such as Secure by Design, can be found in our Secure Engineering pathway.

What You Will Learn

Explain the purpose of the OWASP Top 10
Explain how these vulnerabilities could be exploited
Outline potential impact and consequences of web-based attacks
Describe baseline mitigation steps and techniques to prevent common web and application-based attacks
Recognise causes and impacts of major web application risks
Learn from case studies of real-world vulnerabilities
Recommend preventive and detective security controls
Apply secure configuration and cloud audit practices
Understand SBOMs and software supply chain risk
Identify risks in AI-generated code and AI systems
Recognise vulnerabilities in LLM’s, MCP, and agentic AI applications
Identify ways to protect AI models, data, prompts, and infrastructure

Training Outline

Application Security (OWASP)

OWASP Top 10
- What’s Changed & Why
- OWASP Top 10 Proactive Controls

A01 Broken Access Control

What’s the Risk – Notable CWE’s
What to Check
Case Study #1
Case Study #2
Session Management
Insecure direct object references
Typical authorisation components
Using indirect references
When not to secure by URL

A02 Security Misconfiguration

What’s the Risk – Notable CWE’s
What to Check
Case Study
AWS S3 Bucket Audit Checklist
Azure Tenant (Entra ID) Audit Checklist
Valuable error messages
Leakage issues
Configuration files and sensitive data
Google Dorks to find config files

A03 Software Supply Chain Failures

What’s the Risk – Notable CWE’s
What to Check
Case Study #1
Case Study #2
Software Bill of Materials (SBOM) Ingredients

A04 Cryptographic Failures

What’s the Risk – Notable CWE’s
What to Check
Cryptographic Resilience (PQC)
Case Study

A05 Injection

What’s the Risk – Notable CWE’s
What to Check
Core Vulnerability Mechanism
Case Study
Key Prevention Strategies

A06 Insecure Design

What’s the Risk – Notable CWE’s
What to Check
Insecure Design Scenarios
Case Study
Key Prevention Strategies

A07 Authentication Failures

What’s the Risk – Notable CWE’s
What to Check
Common Vulnerabilities
Case Study #1
Case Study #2
Key Prevention Strategies

A08 Software or Data Integrity Failures

What’s the Risk – Notable CWE’s
What to Check
Key Vulnerability Areas
Key Data Integrity Principles (ALCOA+)
Core Pillars of Software Integrity
Key Technical Controls
Case Study
Key Prevention Strategies

A09 Logging & Alerting Failures

What’s the Risk – Notable CWE’s
What to Check
Case Study
Mitigation Strategies
Logging best practices
And what should not be logged?

A10 Mishandling of Exceptional Conditions

What’s the Risk – Notable CWE’s
Why this new category?
What to Check
Modern Attack Scenarios
Case Study
Key Prevention Strategies

OWASP Emerging Technology

Challenges of AI Generated software
OWASP Top 10 Large Language Model (LLM)
- Prompt injection
- Insecure output handling
- Training data poisoning
- Model denial of service
- Supply chain vulnerabilities
- Sensitive information disclosure
- Insecure plugin design
- Excessive agency
- Overreliance
- Model theft
OWASP Top 10 for Agentic Applications
- Agent Goal Hijack
- Tool Misuse & Exploitation
- Identity & Privilege Abuse
- Supply Chain Vulnerabilities
- Unexpected Code Execution
- Memory & Context Poisoning
- Insecure Inter-Agent Comms
- Cascading Failures
- Human-Agent Trust Exploit
- Rogue Agents
Model Context Protocol (MCP) Challenges & Mitigation
AI Resource Protection

Exams and assessments

Candidates will receive individual emails to access their AMPG candidate portal, typically available one week post exam. If you experience any issues, please contact the APMG technical help desk on 01494 4520450.

Duration: 45 minutes
Questions: 40, multiple choice (4 multiple choice answers only 1 of which is correct)
Pass Mark: 50%

Successful candidates will receive the Certified in OWASP Security Fundamentals digital badge via Credly.

Why Choose Us

Experience live, interactive learning from the comfort of your home or office with Bilginç IT Academy's Online Instructor-Led Certified OWASP Security Fundamentals Training. Engage directly with expert trainers in a virtual environment that mirrors the energy and schedule of a physical classroom.

Live Sessions: Join scheduled classes with a live instructor and other delegates in real-time.
Interactive Experience: Engage in group activities, hands-on labs, and direct Q&A sessions with your trainer and peers.
Global Expert Trainers: Learn from a handpicked global pool of expert trainers with deep industry experience.
Proven Expertise: Benefit from over 30 years of quality training experience, equipping you with lasting skills for success.
Scalable Delivery: Accessible worldwide with flexible scheduling to meet your professional needs through our globally available virtual classrooms.

Immerse yourself in our most sought-after learning style for Certified OWASP Security Fundamentals Training. Our hand-picked classroom venues offer an invaluable human touch, providing a focused and interactive environment for professional growth.

Highly Experienced Trainers: Boost your skills with trainers boasting 10-20+ years of real-world experience.
State-of-the-Art Venues: Learn in high-standard facilities designed to ensure a comfortable and distraction-free experience.
Small Class Sizes: Our limited class sizes foster meaningful discussions and a personalized learning journey.
Best Value: Achieve your certification with high-quality training and competitive pricing.

Streamline your organization's training requirements with Bilginç IT Academy’s Onsite Certified OWASP Security Fundamentals Training. Experience expert-led learning at your own business premises, tailored to your corporate goals.

Tailored Learning Experience: Customize the training content to fit your unique business projects or specific technical needs.
Maximize Training Budget: Eliminate travel and accommodation costs, focusing your entire budget on the training itself.
Team Building Opportunity: Enhance team bonding and collaboration through shared learning experiences in your workspace.
Progress Monitoring: Track and evaluate your employees' progression and performance with relative ease and direct oversight.

Why have you chosen us?

I have attended a training from Bilginc IT Academy before and I was satisfied.

I have attended a training from a different provider and it was not helpful.

Other

How many employees do you have in your IT department?

0 – 50

50 – 250

250 – 1000

1000+

Certified OWASP Security Fundamentals Training

Prerequisites

What You Will Learn

Training Outline

Exams and assessments

Why Choose Us