Objectives of the training
Learn how to secure applications from the design phase onwards, by incorporating secure development best practices and appropriate protection mechanisms.Targeted audience
Web developers, software architects, testers/QA, technical project managers, security managers/CISOsPrerequisite
Basic knowledge of web development (HTML, JavaScript, PHP, Java, or other server language). Understanding of how web applications work (HTTP, sessions, databases)Trainers
Benefits for Participants
• Understand the challenges of web application security.
• Identify and analyze the OWASP Top 10 vulnerabilities.
• Apply secure development best practices.
• Implement effective protection mechanisms.
• Integrate security into the software development lifecycle (SDLC).
Course architecture
Introduction to Web Security & OWASP Top 10
Chapter 1: Web Security Fundamentals
• Application Security Principles
• Common Threats and Attack Vectors
• Introduction to OWASP and the Top 10
Chapter 2: OWASP Vulnerabilities (1 to 5)
• Broken Access Control
• Cryptographic Failures
• Injection (SQL, LDAP, etc.)
• Insecure Design
• Security Misconfiguration
Workshop 1:
• Exploiting an SQL injection vulnerability in a test application
• Analysis of a real-world case of misconfiguration
OWASP Top 10 & Securing
Chapter 3: OWASP Vulnerabilities (6 to 10)
• Vulnerable and Outdated Components
• Identification and Authentication Failures
• Software and Data Integrity Failures
• Security Logging and Monitoring Failures
• Server-Side Request Forgery (SSRF)
Chapter 4: Secure Development Best Practices
• Client-side vs. server-side validation
• Error and exception handling
• Securing REST APIs
• Using secure frameworks Workshop 2:
• Analyzing vulnerable source code
• Collaborative correction of OWASP vulnerabilities
Advanced Security & Integration into the SDLC
Chapter 5: Integrating Security into the Development Cycle
• DevSecOps: Principles and Tools
• Automating Security Testing (SAST, DAST)
• Code review and security audit
• Secure CI/CD
Chapter 6: Case studies & feedback
• Analysis of real attacks (Equifax, Facebook, etc.)
• Feedback on secure projects
• Implementation of an application security policy
Workshop 3:
• Simulation of a complete security audit of a web application
• Drafting a remediation plan
Pedagogical details
Type of training
Private or personalized training
If you have more than 8 people to sign up for a particular course, it can be delivered as a private session right at your offices. Contact us for more details.
Request a quotePrivate or personalized training
If you have more than 8 people to sign up for a particular course, it can be delivered as a private session right at your offices. Contact us for more details.
Request a quote