Web Application Security Essentials
Graded: Web Application Security Essentials
1 Question

Web Application Security Essentials

Web Application Security Essentials

About this course

Web Application Security Essentials

Web Application Security Training

Instructor:Fabio Cerullo
Next Scheduled Course:


Course Schedule

Web applications play a key role in the success of an organisation – from streamlining business processes to creating online interactions that ensure a positive customer experience. However, web applications do allow access to critical and confidential resources. But without understanding web application vulnerabilities and addressing them, organisations risk their data, their operations and their reputation.


Group discount available – Contact Us for more information

About this course


This Web Application Security Essentials course provides the knowledge and resources required to those responsible for implementing, managing, or protecting web applications. The participants, through the understanding of theory and a strong focus on practical exercises, will be able to identify critical vulnerabilities in web applications, understand how exploitation works and learn how to implement the necessary corrective measures.

The Web Application Security Essentials course is a comprehensive and strategic overview of web application security and does not focus on a specific programming language, although some knowledge of JavaScript, basic SQL and the HTTP protocol is recommended. For specific programming language training, please see “Further Training” tab.


The course is aligned with the OWASP Top 10, a world-renowned reference document which describes the most critical web application security flaws.

The topics covered include:

• Introduction to Web Application Security
• Technologies used in Web Applications
• The Security Tester Toolkit
• Critical Areas in Web Applications
• Injection
• Cross Site Scripting (XSS)
• Broken Authentication and Session Management
• Insecure Direct Object References
• Cross Site Request Forgery
• Security Misconfiguration
• Insecure Cryptographic Storage
• Failure to restrict URL Access
• Insufficient Transport Layer Protection
• Unvalidated Redirects and Forwards

Format: The course combines theory and hands-on practical exercises. The participants start by learning about web application vulnerabilities. They are then given access to a purpose-built web application environment that contains the bugs and coding errors they have learned about. This provides an ideal ‘real-life’ opportunity to exploit these vulnerabilities using different open source tools and techniques in a safe environment.

Duration: 2 days (16 hours)

Attendee Profile

The course is designed for professionals who are involved in the development, testing and/or management of web applications such as:

• IT Staff
• IT Managers
• Application Developers
• Information Security professionals
• System Architects
• Systems Auditors
• Quality Assurance professionals


Printed materials
Virtual image containing all tools used
Certificate of Participation (CPE Points)

Further Training

• The Java Secure Coding Training and Net Secure Coding Training courses are designed to instruct participants on best practice in secure coding using specific programming languages. Learn more about Java Secure Coding Training

• The ISC2 Certified Secure Software Lifecycle Professional (CSSLP) course is designed for professionals who demonstrate a globally recognised level of competence, as defined in a common body of knowledge, by assuring security throughout the software lifecycle. They incorporate security when planning, designing, developing, acquiring, testing, deploying, maintaining, and/or managing software to increase its trustworthiness. Learn more about our CSSLP training

Course Curriculum

Graded: Web Application Security Essentials
1 Question

User registration

You don't have permission to register

Reset password