Master OWASP vulnerabilities and secure the software development lifecycle
This training course provides an understanding of the most critical vulnerabilities in web applications according to the OWASP Top 10 ranking. It offers a practical approach to identifying, exploiting, and correcting these vulnerabilities through demonstrations and workshops.
Is it for you ?
Web developers, software architects, testers/QA, technical project managers, security managers/CISOs
Prerequisites
Basic knowledge of web development (HTML, JavaScript, PHP, Java, or other server language). Understanding of how web applications work (HTTP, sessions, databases)
What You'll Walk Away With
- ✓ Identify and exploit key OWASP Top 10 vulnerabilities through hands-on scenarios
- ✓ Fix application security flaws using code analysis and secure review practices
- ✓ Apply secure development best practices for APIs, validation, and error handling
- ✓ Integrate security into DevOps using SAST, DAST, and secure CI/CD pipelines
- ✓ Conduct full web application security audits and produce remediation plans
Training content
1 Introduction to Web Security & OWASP Top 10
- Application Security Principles
- Common Threats and Attack Vectors
- Introduction to OWASP and the Top 10
2 OWASP Vulnerabilities (1 to 5)
- Broken Access Control
- Cryptographic Failures
- Injection (SQL, LDAP, etc.)
- Insecure Design
- Security Misconfiguration
3 Workshop 1
- Exploiting an SQL injection vulnerability in a test application
- Analysis of a real-world case of misconfiguration
4 OWASP Top 10 & Securing
- Vulnerable and Outdated Components
- Identification and Authentication Failures
- Software and Data Integrity Failures
- Security Logging and Monitoring Failures
- Server-Side Request Forgery (SSRF)
5 Secure Development Best Practices
- Client-side vs. server-side validation
- Error and exception handling
- Securing REST APIs
- Using secure frameworks
6 Workshop 2
- Analyzing vulnerable source code
- Collaborative correction of OWASP vulnerabilities
7 Advanced Security & Integration into the SDLC
- DevSecOps: Principles and Tools
- Automating Security Testing (SAST, DAST)
- Code review and security audit
- Secure CI/CD
8 Case studies & feedback
- Analysis of real attacks (Equifax, Facebook, etc.)
- Feedback on secure projects
- Implementation of an application security policy
9 Workshop 3
- Simulation of a complete security audit of a web application
- Drafting a remediation plan
📌 Practical information
Our training sessions are offered in Montreal or Quebec City, in person or in a virtual classroom. Dates and locations are specified when you select your session below. If you have any questions, check out our FAQ.