The Learning Lab experience is supported by both asynchronous and synchronous components. Each of the two Learning Cycles includes a set of resources, an asynchronous discussion, and an interactive live session, all of which culminate in the development of a project or application to apply learning to local and specific contexts in support of the learning objectives.
February 6, 2023, 3:00–4:00 p.m. ET
This is a live session to learn the details of the Learning Lab, the Canvas site, and expectations for the microcredential. There will also be time to get to know your fellow Lab partners and facilitator.
Learning Cycle 1: What Is the OWASP Top 10?
February 8, 2023, 3:00–4:30 p.m. ET
The goal of this learning cycle is to introduce the participants to the Open Web Applications Security Project. We will cover this document and its implications. We will also discuss how the project differs from a normal vulnerability scan and network level assessment.
Learning Cycle 2: Proxying Web Traffic
February 15, 2023, 3:00–4:30 p.m. ET
In this learning cycle, participants will learn about web application proxies and how they are used to intercept web application traffic before it gets to the web server. We will also cover vulnerability scanning and credentialed and noncredentialed testing.
Review & Reflect Session
February 22, 2023, 3:00–4:30 p.m. ET
The Learning Lab will conclude with an application or implementation project (described below) and a closing live session to review and process the learning from the lab.
Lab Implementation Project
Throughout the Learning Lab, learners will be introduced to the Open Web Application Security Projects Top 10 (OWASP Top 10) most critical security concerns for web applications. Learners will be able to test these security concerns using a web application that was purposefully built to be vulnerable to issues highlighted in the OWASP Top 10. Learners will be able to track their progress using a scoreboard and see how they progress through the different difficulty levels.