WEBAP - Web Application Security Training Course

Course Code



28 hours (usually 4 days including breaks)



This course will give the participants thorough understanding about security concepts, web application concepts and frameworks used by developers in order to be able to exploit and protect targeted application. In today’s world, that is changing rapidly and thus all the technologies used are also changed at a fast pace, web applications are exposed to hackers attacks 24/7. In order to protect the applications from external attackers one has to know all the bits and pieces that makes the web application, like frameworks, languages and technologies used in web application development, and much more than that. The problem is that attacker has to know only one way to break into the application and developer (or systems administrator) has to know all the possible exploits in order to prevent this from happening. Because of that it is really difficult to have a bullet proof secured web application, and in most of the cases web application is vulnerable to something. This is regularly exploited by cyber criminals and casual hackers, and it can be minimized by correct planning, development, web application testing and configuration.


To give you the skill and knowledge needed to understand and identify possible exploits in live web applications, and to exploit identified vulnerabilities. Because of the knowledge gained through the identification and exploitation phase, you should be able to protect the web application against similar attacks. After this course the participant will be able to understand and identify OWASP top 10 vulnerabilities and to incorporate that knowledge in web application protection scheme.


Developers, Police and other law enforcement personnel, Defense and Military personnel, e-Business Security professionals, Systems administrators, Banking, Insurance and other professionals, Government agencies, IT managers, CISO’s, CTO’s.

Course Outline

Module 1: Security concepts
Module 2: Risk management
Module 3: Hackers attack phases
Module 4: Penetration testing
Module 5: Networking MitM attacks
Module 6: Overview of web technologies and frameworks
Module 7: Tools of the trade
Module 8: Bypassing client side controls
Module 9: Authentication attacks
Module 10: Design/implementation flaws
Module 11: Web application attacks: Injection (A1)
Module 12: Web application attacks: XSS/CSRF (A3/A8)
Module 13: Web application attacks: Broken authentication and session management (A2)
Module 14: Web application attacks: Insecure direct object references/Missing function level access control (A4/A7)
Module 15: Web application attacks: Security mis-configuration/Sensitive data exposure (A5/A6)
Module 16: Web application attacks: Unvalidated redirect and forwards (A10)
Module 17: Logical flaws



Related Categories

Related Courses

Course Discounts

Course Discounts Newsletter

We respect the privacy of your email address. We will not pass on or sell your address to others.
You can always change your preferences or unsubscribe completely.

Some of our clients

is growing fast!

We are looking to expand our presence in the US!

As a Business Development Manager you will:

  • expand business in the US
  • recruit local talent (sales, agents, trainers, consultants)
  • recruit local trainers and consultants

We offer:

  • Artificial Intelligence and Big Data systems to support your local operation
  • high-tech automation
  • continuously upgraded course catalogue and content
  • good fun in international team

If you are interested in running a high-tech, high-quality training and consulting business.

Apply now!

This site in other countries/regions