Defence Lab
Interactive Course
OWASP Top 10 : 2025
Interactive training modules covering every category of the OWASP Top 10:2025 standard
00
Introduction to OWASP Top 10
What changed in 2025 · How the list is built
A01
Broken Access Control
IDOR · SSRF · CORS misconfig · JWT ownership checks
A02
Security Misconfiguration
Default credentials · Open cloud storage · Debug in prod
A03
Supply Chain Failures
Dependency confusion · Typosquatting · xz Utils case
A04
Cryptographic Failures
Weak hashing · Key management · TLS misconfiguration
A05
Injection
SQL · OS command · OGNL · Template injection · Equifax case
A06
Insecure Design
Abuse cases · Business logic flaws · Missing rate limits
A07
Authentication Failures
Credential stuffing · MFA bypass · 23andMe case
A08
Integrity Failures
CI/CD pipeline attacks · Unsigned updates · 3CX case
A09
Logging & Alerting Failures
Detection engineering · Signal vs noise · Alert fatigue
A10
Exceptional Conditions
Fail-open · Error disclosure · Cloudflare case
TRIAGE
Security Triage — Cross-Category Prioritization
10 scenarios · Two categories each · Which fix comes first?