TI275
Information technology

OWASP: Web Application Security

Master OWASP vulnerabilities and secure the software development lifecycle

This training course provides an understanding of the most critical vulnerabilities in web applications according to the OWASP Top 10 ranking. It offers a practical approach to identifying, exploiting, and correcting these vulnerabilities through demonstrations and workshops.

Is it for you ?

Web developers, software architects, testers/QA, technical project managers, security managers/CISOs

Prerequisites

Basic knowledge of web development (HTML, JavaScript, PHP, Java, or other server language). Understanding of how web applications work (HTTP, sessions, databases)

What You'll Walk Away With

  • Identify and exploit key OWASP Top 10 vulnerabilities through hands-on scenarios
  • Fix application security flaws using code analysis and secure review practices
  • Apply secure development best practices for APIs, validation, and error handling
  • Integrate security into DevOps using SAST, DAST, and secure CI/CD pipelines
  • Conduct full web application security audits and produce remediation plans

Training content

1 Introduction to Web Security & OWASP Top 10

  • Application Security Principles
  • Common Threats and Attack Vectors
  • Introduction to OWASP and the Top 10

2 OWASP Vulnerabilities (1 to 5)

  • Broken Access Control
  • Cryptographic Failures
  • Injection (SQL, LDAP, etc.)
  • Insecure Design
  • Security Misconfiguration

3 Workshop 1

  • Exploiting an SQL injection vulnerability in a test application
  • Analysis of a real-world case of misconfiguration

4 OWASP Top 10 & Securing

  • Vulnerable and Outdated Components
  • Identification and Authentication Failures
  • Software and Data Integrity Failures
  • Security Logging and Monitoring Failures
  • Server-Side Request Forgery (SSRF)

5 Secure Development Best Practices

  • Client-side vs. server-side validation
  • Error and exception handling
  • Securing REST APIs
  • Using secure frameworks

6 Workshop 2

  • Analyzing vulnerable source code
  • Collaborative correction of OWASP vulnerabilities

7 Advanced Security & Integration into the SDLC

  • DevSecOps: Principles and Tools
  • Automating Security Testing (SAST, DAST)
  • Code review and security audit
  • Secure CI/CD

8 Case studies & feedback

  • Analysis of real attacks (Equifax, Facebook, etc.)
  • Feedback on secure projects
  • Implementation of an application security policy

9 Workshop 3

  • Simulation of a complete security audit of a web application
  • Drafting a remediation plan
See more

📌 Practical information

Our training sessions are offered in Montreal or Quebec City, in person or in a virtual classroom. Dates and locations are specified when you select your session below. If you have any questions, check out our FAQ.

Duration
3 days
Schedule
9h to 16h
Regular fee
$1,485
Preferential fee A preferential rate is offered to public institutions, to members of certain professional organizations as well as to companies that do a certain amount of business with Technologia. To know more, please read the "Registration and rates" section on our FAQ page. Please note that preferential rates are not available for online training courses. Discounts cannot be combined with other offers.
$1,335
Private or personalized training

Do you have several employees interested in the same training course? Whether in person at your offices or remotely in virtual mode, we offer private training courses tailored to your team's needs. Group rates are available. Contact us for more details or request a quote online.

Request a quote

Request in-company training

Do you have several employees interested in the same training course? Whether in person at your offices or remotely in virtual mode, we offer private training courses tailored to your team's needs. Group rates are available. Contact us for more details or request a quote online.

Tell us more
Added to cart View my cart