Storyline is a course that guides you through the basics of OWASP TOP 10 2021 with a narrative that covers the same codebase in all learning activities. Each module builds on the last with multiple learning activities - keeping the learning anchored to a “story” that is relevant and contextual.
Starts with a gradual, slow pace and then eventually ramps up to greater interactivity to help developers learn in a safe environment.
- What do Storylines cover?
- Covered vulnerabilities
- Covered Languages/framework
- How to create a storyline course
- Deep dives on vulnerabilities from videos and guidelines.
- Learning the impact of vulnerabilities with step-by-step walkthrough missions.
- Doing code analysis, and pinpointing how to fix the vulnerabilities with challenges.
- Doing the code fix, if available, with coding labs
- Doing offensive testing with a mission at the end of the course
- Web - Access Control - Missing Function Level Access Control
- Web - Sensitive Data Storage - Plaintext Storage of Passwords
- Web - Injection Flaws - SQL Injection
- Web - File Upload Vulnerability - Unrestricted File Upload
- Web - XML External Entities (XXE) - XML External Entities (XXE)
- Web - Vulnerable Components - Using Known Vulnerable Components
- Web - Authentication - Single Factor Authentication
- Web - Authentication - Improper Authentication
- Web - Mass Assignment - Mass Assignment
- Web - Insufficient Logging and Monitoring - Insufficient Logging and Monitoring
- Web - Server-Side Request Forgery - Server-Side Request Forgery (SSRF)
- C# (.NET) Core
- Java Spring
- Python Django
How to create a Storyline course
Storyline is listed as one of the available course templates. Please read How to Create a Course for more details.