Just a tad over 5 years ago, I released my first ever Pluralsight course – OWASP Top 10 Web Application Security Risks for ASP.NET. More than 32k people have listened to more than 78k hours of content in this course making it not just the most popular course I’ve ever released, but also keeping it as my most popular in the library even today by a long way. Developers have a huge appetite for OWASP content and I’m very happy to now give them even more Top 10 goodness in the course I’m announcing here – Play by Play: OWASP Top 10 2017.
This time, I’ve teamed up with Andrew van der Stock who was an integral part of the team involved in putting the 2017 edition of the Top 10 together.
I can’t think of anyone who understands this resource better than him and frankly, it’s a bit of a coup for us to have convinced Andrew to do this course. He’s added awesome insight including why XSS is now so much further down the list, why CSRF has dropped off entirely and why we now have XXE and insecure deserialisation in the Top 10 for the first time. Plus, he’s got some general insights into the changing infosec landscape, for example how the emergence of microservices has meant internal apps that had never previously seen the light of day are now being exposed to risks they’d never seen before.
Because this is a “Play by Play” course, it’s only an hour and 12 minutes of easy listening. It’s a conversation between Andrew and myself and, of course, we do get into some technical detail but it’s designed to be the sort of thing you can watch over lunch, on the daily commute or even just listen to without the video. I’ve done a heap of these in the past and they’ve all been well-received so I hope this one goes down equally well.
Oh – and just to save you saying it – yes, I sound terrible. We recorded this in San Francisco in March and I’d just come from a week in Seattle followed by a keynote in Vegas and just got myself run down. But regardless, I battled through and I hope you enjoy the fruits of the labour in this latest course. Play by Play: OWASP Top 10 2017 is now live!