UPDATE An updated version OWASP Top Ten at a Glance - 2025 Edition course is now available.

What if you could spot the most critical software vulnerabilities before they become real-world breaches? In this fast-paced mini-course, you’ll get a clear, practical introduction to the most common and impactful application security risks defined by the OWASP Top Ten. Designed for developers, engineers, and anyone working around software, this course breaks down each vulnerability in a way that’s easy to understand and immediately useful. You’ll learn what these risks are, why they matter, and how they’re commonly exploited, along with high-level strategies to reduce exposure and build more secure applications from the start. Whether you’re new to application security or looking for a quick refresher, this course gives you the essential knowledge you need to recognize risk, speak the language of security, and make smarter decisions in your day-to-day work.

NEW Mitigating Sensitive Data Disclosure in GenAI Applications course released
 

Ever wondered how a stray prompt or a rogue agent could turn your AI app into a headline-making data breach? In this course, you'll dive into the real risks of sensitive data disclosure in GenAI—and learn how to outsmart them. Through practical lessons, hands-on labs, and real-world case studies, you'll master the art of identifying, assessing, and mitigating sensitive information leaks across the GenAI lifecycle. From architectural best practices and regulatory must-knows to cutting-edge tooling and observability, you'll gain the skills and confidence to build AI systems that are both powerful and secure. Get ready to protect your users, your company, and your reputation - one prompt at a time.

This course is available as part of the Application Security Solution.

UPDATE This update integrates the latest California-specific labor laws and judicial rulings to ensure full compliance with the state's rigorous employment standards.

• 2024–2026 Minimum Wage Increases: Updated to reflect the California state minimum of $16.00 per hour, while noting that local ordinances (e.g., Los Angeles, San Francisco) and specific industries like healthcare and fast food may require even higher rates.
• Stringent Overtime & Double Time: Clarified that California requires 1.5x pay after 8 hours in a workday and 2.0x pay after 12 hours, or after 8 hours on the seventh consecutive day of work.
• Mandatory Meal & Rest Breaks: Added detailed requirements for unpaid 30-minute meal breaks (after 5 and 10 hours) and paid 10-minute rest breaks for every 4 hours worked, emphasizing that all breaks must be entirely duty-free.
• Criminal Wage Theft & Liability: Included new warnings that willful wage theft exceeding $950 can be prosecuted as grand theft, with supervisors potentially facing personal liability for knowingly participating in or allowing violations.
• Expanded "Hours Worked" & Travel: Updated the definition of compensable time to include employer-controlled activities such as security bag checks, on-site waiting time, and required travel beyond the normal commute.
• No "De Minimis" Unpaid Time: Explicitly states that California does not recognize the federal de minimis doctrine; all routine short-duration tasks (e.g., closing routines or digital device checks) must be recorded and paid.

UPDATE This update integrates critical 2024–2026 statutory changes and judicial rulings to ensure compliance with California’s strict employment standards.

• Paid Sick Leave Expansion: Updated to reflect the new state minimum of 5 days (40 hours) per year (increased from 3 days), including new accrual and carryover alignment.
• Wage Theft & Personal Liability: New guidance on "Grand Theft" classifications for willful wage violations, highlighting that supervisors can be held personally liable for knowingly assisting in theft.
• Predictive Scheduling: Added "Fair Workweek" requirements for specific local ordinances, covering 14-day advance notice and predictability pay for schedule changes.
• Compensable Time Clarifications: Added California-specific notes confirming that security screenings (bag checks), out-of-town travel, and "de minimis" tasks (logging in/off) are fully compensable hours worked.
• Meal Break Precision: Refined protocols to mandate that the first 30-minute break begins before the end of the 5th hour, with a strict prohibition against rounding meal period time entries.
• Interactive Compliance Checks: Inserted new "Challenge Questions" specifically designed to test supervisor knowledge on the 5-day sick leave rule and wage-hour liability.

UPDATE This update integrates critical legal changes regarding sensitive data usage, breach liability, and UK-specific regulations.

Key Course Additions

• Targeted Ads & Consent: New slides clarify that "special category" data (health, religion, etc.) requires explicit, documented consent for advertising—even if the information was shared publicly by the user.
• "Loss of Control" Damages: Updates reflect recent EU court rulings where individuals can claim compensation for data exposure without needing to prove financial or emotional harm.
• The Data Use and Access Act (DUAA): Content updated to reflect the July 2025 UK law. While the UK still holds "adequacy" status for easy data transfers from the EU, the DUAA introduces new domestic deviations from the EU GDPR.

Revised Penalties

HHS OCR Fines: Updated the non-compliance slide to reflect new maximums of $71,162 per violation and $2.13 million per year.

UPDATE We have updated the Penalties for Non-Compliance slide to reflect the latest civil money penalty adjustments. It is crucial for learners to understand the significant financial risks associated with regulatory violations.

Key Updates:

• Civil Penalty Increases: The HHS Office for Civil Rights (OCR) has updated its enforcement thresholds.
• Per-Violation Caps: Organizations may now face fines of up to $71,162 per single violation.
• Annual Limits: For repeated violations of the same provision, the total penalty can reach up to $2.13 million per calendar year.

UPDATE We have added new modules to reflect critical 2025/2026 legal rulings and regulatory clarifications.

What’s New:

• Sensitive Data in Ads: New slides clarify that "special category" data (e.g., health, religion) requires explicit, documented consent for targeted advertising, even if the information was shared publicly by the individual.
• Foreign Data Requests (Article 48): Following new 2025 EDPB guidance, personal data cannot be shared with non-EU authorities unless a valid international agreement and a GDPR transfer mechanism are both in place. Mandatory escalation to Legal/DPO is required.
• "Loss of Control" Damages: Updates reflect recent court rulings where individuals can now claim damages for data breaches based on "loss of control" alone, without needing to prove financial or emotional harm.

UPDATE We have updated the Penalties for Non-Compliance slide to reflect the latest civil money penalty adjustments. It is crucial for learners to understand the significant financial risks associated with regulatory violations.

Key Updates:

• Civil Penalty Increases: The HHS Office for Civil Rights (OCR) has updated its enforcement thresholds.
• Per-Violation Caps: Organizations may now face fines of up to $71,162 per single violation.
• Annual Limits: For repeated violations of the same provision, the total penalty can reach up to $2.13 million per calendar year.