Web Application Security Essentials
About this course
Web Application Security Training
Web applications play a key role in the success of an organisation – from streamlining business processes to creating online interactions that ensure a positive customer experience. However, web applications do allow access to critical and confidential resources. But without understanding web application vulnerabilities and addressing them, organisations risk their data, their operations and their reputation.
Our Web Application Security Essentials training has been updated to align with the recent changes to the OWASP Top 10 2021– the world-renowned reference document that details the most critical security risks to web applications – to ensure that the course provides the most up to date knowledge for attendees.
Group discount available – Contact Us for more information
Objectives
This Web Application Security Essentials course provides the knowledge and resources required to those responsible for implementing, managing, or protecting web applications. The participants, through the understanding of theory and a strong focus on practical exercises, will be able to identify critical vulnerabilities in web applications, understand how exploitation works and learn how to implement the necessary corrective measures.
The Web Application Security Essentials course is a comprehensive and strategic overview of web application security and does not focus on a specific programming language, although some knowledge of JavaScript, basic SQL and the HTTP protocol is recommended. For specific programming language training, please see “Further Training” tab.
Overview
The course is aligned with the OWASP 10, a world-renowned reference document which describes the most critical web application security flaws.
The topics covered include:
- Introduction to Web Application Security
- Technologies used in Web Applications
- The Security Tester Toolkit
- Critical Areas in Web Applications
- Broken Access Control
- Cryptographic Failures
- Injection
- Insecure Design
- Security Misconfiguration
- Vulnerable and Outdated Components
- Identification and Authentication Failures
- Software and Data Integrity Failures
- Security Logging and Monitoring Failures
- Server Side Request Forgery (SSRF)
Format: The course combines theory and hands-on practical exercises. The participants start by learning about web application vulnerabilities. They are then given access to a purpose-built web application environment that contains the bugs and coding errors they have learned about. This provides an ideal ‘real-life’ opportunity to exploit these vulnerabilities using different open source tools and techniques in a safe environment.
Duration: 2 days (16 hours)
Attendee Profile
The course is designed for professionals who are involved in the development, testing and/or management of web applications such as:
• IT Staff
• IT Managers
• Application Developers
• Information Security professionals
• System Architects
• Systems Auditors
• Quality Assurance professionals
Materials
• Printed materials
• Virtual image containing all tools used
• Certificate of Participation (CPE Points)
Related Training
- The Java Secure Coding Training and Net Secure Coding Training courses are designed to instruct participants on best practice in secure coding using specific programming languages. Learn more about Java Secure Coding Training
- The Threat Modeling course provides attendees with the knowledge to identify applicable threats, quantify them, and address the risk with effective countermeasures to mitigate any attack – at the design stage of the SDL. Learn more about our Threat Modeling training
- The Secure Coding for PCI DSS course provides attendees specific knowledge and skills to apply the secure coding and application security standards needed for PCI DSS–relevant applications that process card payments and/or cardholder data. Learn more about our Secure Coding for PCI DSS training
- The ISC2 Certified Secure Software Lifecycle Professional (CSSLP) course is designed for professionals who demonstrate a globally recognised level of competence, as defined in a common body of knowledge, by assuring security throughout the software lifecycle. They incorporate security when planning, designing, developing, acquiring, testing, deploying, maintaining, and/or managing software to increase its trustworthiness. Learn more about our CSSLP training
Course Curriculum