Applying AI to the 2021 OWASP Top Ten (TTAI2832)

Course Objectives

Learning Objectives 

Throughout the course you’ll learn to:  

• Understand the Complexities of OWASP: Develop a firm grasp on the OWASP Top Ten, gaining insights into the most significant web application security risks and the mechanisms behind these vulnerabilities. 
• Navigate the Intersection of AI and Cybersecurity: Gain a foundational understanding of how artificial intelligence can be utilized in the field of cybersecurity, specifically in the context of mitigating OWASP risks. 
• Master Detection and Mitigation Techniques: Learn to leverage AI to detect and mitigate common security risks such as Injection and Broken Authentication, and apply these skills to design effective AI models. 
• Apply Advanced AI Algorithms: Harness the power of AI algorithms to address OWASP risks, seeing how to customize these algorithms for various security vulnerabilities. 
• Tackle Real-World Security Challenges: Learn practical skills to manage risks associated with Insufficient Logging & Monitoring and Using Components with Known Vulnerabilities, while also learning methods to prevent Cross-Site Scripting (XSS) and Insecure Deserialization. 
• Validate and Test AI Models: Learn the crucial process of validating and testing AI models, ensuring their robustness and effectiveness in detecting OWASP risks, while adhering to ethical standards in AI application. 

If your team requires different topics, additional skills or a custom approach, our team will collaborate with you to adjust the 
course to focus on your specific learning objectives and goals.

Course Prerequisites

Audience

This is an intermediate level lecture / demo style course ideally suited for software developers, IT professionals, and cybersecurity enthusiasts who are keen to enhance their understanding of web application security. Roles might include: Cybersecurity Analysts, IT Security Specialists, Information Security Officers, Risk Management Professionals, IT Auditors or Compliance Managers, Chief Information Security Officers (CISOs), Ethical Hackers, Network Security Engineers, Data Protection Officers, Threat Intelligence Analysts, Vulnerability Assessors, Developers, Project Managers

Pre-Requisites 
This is not a hands-on course, however its helpful if you have: 

• Basic Understanding of Web Applications  
• Basic cybersecurity concepts  
• Familiarity with OWASP Top Ten common vulnerabilities  
• Familiarity with Basic AI Concepts 

NOTE: For the hands-on edition of the course, attendee pre-requisites would realign depending on the tools selected and audience. Please inquire for details. 

Related Courses 
The following is a small subset of our related courses. Please see our full catalog for a complete list.  

• TT8120  Securing Web Applications Overview | OWASP Top Ten and Beyond (2 days) 
• TT8150 OWASP Top Ten Deep Dive (2 days) 
• TTAI2810 Mastering Machine Learning Operations (MLOps) and AI Security Boot Camp (3 days) 
• TTAI2820 Mastering AI Security Boot Camp (3 days) 
• TTAI2832 AI Security: Applying AI to the OWASP Top Ten (2 days) 
• TTAI2835 AI Secure Programming for Web Applications / Technical Overview (1 day)

Course Agenda

Course Topics / Agenda 
Please note that topics, agenda and labs are subject to change, and may adjust during live delivery based on audience skill level, interests and participation. 

1. Introduction to AI, OWASP Top Ten, and AI Ethics  

• Understand the intersection of AI, cybersecurity, and ethical considerations.  
• Introduction to OWASP and the top ten security risks for web applications.  
• Overview of AI and its applications in mitigating OWASP risks.  
• Discussion on AI Ethics, including privacy concerns and biases in AI models.  
• Exploring how AI can help mitigate these risks while ensuring ethical use. 

2. AI for Injection and Broken Authentication Mitigation  

• Learn how AI helps detect and mitigate Injection and Broken Authentication.  
• Discussion on the nature of Injection and Broken Authentication attacks and their prevalence in OWASP.  
• How AI can help in detecting these vulnerabilities in real time.  
• Designing an AI model for mitigating these security risks. •  
• Demo: Train a basic AI model to detect potential Injection and Broken Authentication attacks  

3. Deep Dive into AI Algorithms and their application in mitigating OWASP Risks  

• Comprehend the working mechanisms of key AI algorithms.  
• Detailed analysis of AI algorithms used in mitigating OWASP security risks.  
• Hands-on experience in choosing the right algorithm for a specific problem.  
• Guided tutorial on customizing algorithms for different OWASP vulnerabilities.  
• Demo: Selection and customization of AI algorithms for detecting Sensitive Data Exposure  

4. AI for XML External Entity (XXE) and Security Misconfiguration Mitigation  

• Gain skills to utilize AI for detecting and mitigating XXE and Security Misconfigurations.  
• Introduction to XXE and Security Misconfigurations as significant OWASP risks.  
• How AI can assist in real-time detection of these vulnerabilities.  
• Designing an AI model for mitigating these OWASP threats.  
• Demo: Train a basic AI model to detect potential XXE attacks and Security Misconfigurations  

5. AI for Cross-Site Scripting (XSS) and Insecure Deserialization Mitigation  

• Gain skills to utilize AI for detecting and mitigating XSS and Insecure Deserialization. 
• Introduction to XSS and Insecure Deserialization as significant OWASP risks.  
• How AI can assist in real-time detection of these vulnerabilities.  
• Designing an AI model for mitigating these OWASP threats.  
• Demo: Train a basic AI model to detect potential attacks  

6. AI for Insufficient Logging & Monitoring and Using Components with Known Vulnerabilities  

• Gain skills to utilize AI for detecting and mitigating Insufficient Logging & Monitoring and using components with known vulnerabilities.  
• Introduction to these threats as significant OWASP risks.  
• How AI can assist in real-time detection of these vulnerabilities. 
• Designing an AI model for mitigating these OWASP threats.  
• Demo: Train a basic AI model to detect potential risks associated with insufficient logging and known vulnerabilities 

7. AI Model Validation, Testing, and Limitations  

• Comprehend the importance of validation and testing in AI models. 
• Learn methods for testing, validating, and fine-tuning AI models.  
• Understanding the limitations of AI in the context of mitigating OWASP risks.  
• Demo: Validate and test a basic AI model for detecting OWASP risks  

8. Future of AI in Mitigating OWASP Threats  

• Explore the future trends of AI in the context of cybersecurity and OWASP.  
• Discuss research and future applications of AI in cybersecurity.  
• Address advancements like adversarial AI, AI-powered intrusion detection systems etc. 

Course Materials

Setup Made Simple! Learning Experience Platform (LXP)  

All applicable course software, digital courseware files or course notes, labs, data sets and solutions, live coaching support channels and rich extended learning and post training resources are provided for you in our “easy access, no install required” online Learning Experience Platform (LXP), remote lab and content environment. Access periods vary by course. We’ll collaborate with you to ensure your team is set up and ready to go well in advance of the class. Please inquire about set up details and options for your specific course of interest.