The best way to learn to play defense is to play offense, and the OWASP Broken Web Applications Project makes it easy for application developers, novice penetration testers, and security-curious management to flex their offensive muscle in the safety of a virtual machine on their own laptop.

[ Keep up with 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ]

Web applications are the most visible front door to any enterprise and are often designed and built without strong security in mind. Stressing out over hardware vulnerabilities like Spectre or Meltdown is fun and trendy, but while you're digging a moat around your castle someone is prancing across the drawbridge using SQL injection (SQLi) or cross-site scripting (XSS).

To read this article in full, please click here