|

Date : TBC

Training Format & Duration
  • Live Online / On-Site / Private Team Training
  • 2 Days
Do you have 5 or more attendees?

Official Training Partner

Web Application Security Training

Web applications play a key role in the success of an organisation – from streamlining business processes to creating online interactions that ensure a positive customer experience. However, web applications do allow access to critical and confidential resources. But without understanding web application vulnerabilities and addressing them, organisations risk their data, their operations and their reputation.

 |

Date : TBC

Do you have 5 or more attendees?
Contact Us about Team Training >>
bkg-decorativelines-big-white

Next Scheduled Course

Next Scheduled Course

No items found.

About this course

About this course

Why this course?

Objectives

This Web Application Security Essentials course provides the knowledge and resources required to those responsible for implementing, managing, or protecting web applications. The participants, through the understanding of theory and a strong focus on practical exercises, will be able to identify critical vulnerabilities in web applications, understand how exploitation works and learn how to implement the necessary corrective measures.

The Web Application Security Essentials course is a comprehensive and strategic overview of web application security and does not focus on a specific programming language, although some knowledge of JavaScript, basic SQL and the HTTP protocol is recommended. For specific programming language training, please see Related Training at the end of this page.

Overview

The course is aligned with the OWASP 10, a world-renowned reference document which describes the most critical web application security flaws.

The topics covered include:

  • Introduction to Web Application Security
  • Technologies used in Web Applications
  • The Security Tester Toolkit
  • Critical Areas in Web Applications
  • Broken Access Control
  • Cryptographic Failures
  • Injection
  • Insecure Design
  • Security Misconfiguration
  • Vulnerable and Outdated Components
  • Identification and Authentication Failures
  • Software and Data Integrity Failures
  • Security Logging and Monitoring Failures
  • Server Side Request Forgery (SSRF)

Format: The course combines theory and hands-on practical exercises. The participants start by learning about web application vulnerabilities. They are then given access to a purpose-built web application environment that contains the bugs and coding errors they have learned about. This provides an ideal ‘real-life’ opportunity to exploit these vulnerabilities using different open source tools and techniques in a safe environment.

Duration: 2 days (16 hours)

Attendee Profile

The course is designed for professionals who are involved in the development, testing and/or management of web applications such as:

• IT Staff
• IT Managers
• Application Developers
• Information Security professionals
• System Architects
• Systems Auditors
• Quality Assurance professionals

Attendee Testimonials

Benefits

What is included?

Differentiators

Recognition

Exam & Certifications

Materials

  • Printed materials
  • Virtual image containing all tools used
  • Certificate of Participation (CPE Points)
Proudly Certified for Excellence in Cybersecurity Training

ISC2 Official Training Partner

ISC2 Official Training Partner

As an ISC2 Official Training Partner, we provide access to world-class certifications such as CISSP®, CCSP®, and SSCP®, delivering training that aligns with the latest industry standards.

By partnering with ISC2, we ensure our clients stay ahead in the ever-evolving cybersecurity landscape, confidently equipped to protect critical data and infrastructure.

Cycubix-ISC2-Official-Training-Partner-logo

Team Training with Cycubix

Team Training with Cycubix

Get the best out of our trainings

Get the best out of our trainings

Instructors

The minds behind the course

The minds behind the course

Picture of Fabio Cerullo Cybersecurity Instructor

Fabio Cerullo

Senior Official ISC2 Authorised Instructor for CISSP, CCSP, CSSLP and SSCP

Fabio Cerullo is the Managing Director of Cycubix. He has extensive experience in understanding and addressing the challenges of cybersecurity from over two decades working in and with organisations across a diverse range of industries – from financial services to government departments, technology and manufacturing.

Fabio Cerullo is a Senior Authorised Instructor for ISC2,the global leader in information security education and certification. Fabio has delivered training to thousands of IT and security professionals world wide in cyber, cloud, and application security. As a member of ISC2 and OWASP organisations, Fabio helps individuals and organisations strengthen their application security posture and build fruitful relationships with governments, industry and educational institutions.

Fabio is a regular speaker and delivers training at events organised by leading Cybersecurity associations including OWASP and ISC2. He holds a Msc in Computer Engineering from UCA and the SSCP, CISSP, CSSLP & CCSP certifications from ISC2.

Show (Instructors)

The minds behind the course

The minds behind the course

Picture of Fabio Cerullo Cybersecurity Instructor

Fabio Cerullo

Fabio Cerullo is the Managing Director of Cycubix. He has extensive experience in understanding and addressing the challenges of cybersecurity from over two decades working in and with organisations across a diverse range of industries – from financial services to government departments, technology and manufacturing.

Fabio Cerullo is a Senior Authorised Instructor for ISC2,the global leader in information security education and certification. Fabio has delivered training to thousands of IT and security professionals world wide in cyber, cloud, and application security. As a member of ISC2 and OWASP organisations, Fabio helps individuals and organisations strengthen their application security posture and build fruitful relationships with governments, industry and educational institutions.

Fabio is a regular speaker and delivers training at events organised by leading Cybersecurity associations including OWASP and ISC2. He holds a Msc in Computer Engineering from UCA and the SSCP, CISSP, CSSLP & CCSP certifications from ISC2.