Objectives of the training
Learn how to secure applications from the design phase onwards, by incorporating secure development best practices and appropriate protection mechanisms.Targeted audience
Web developers, software architects, testers/QA, technical project managers, security managers/CISOsPrerequisite
Basic knowledge of web development (HTML, JavaScript, PHP, Java, or other server language). Understanding of how web applications work (HTTP, sessions, databases)Trainers
Benefits for Participants
• Understand the challenges of web application security.
• Identify and analyze the OWASP Top 10 vulnerabilities.
• Apply secure development best practices.
• Implement effective protection mechanisms.
• Integrate security into the software development lifecycle (SDLC).
Course architecture
Introduction to Web Security & OWASP Top 10
Chapter 1: Web Security Fundamentals
• Application Security Principles
• Common Threats and Attack Vectors
• Introduction to OWASP and the Top 10
Chapter 2: OWASP Vulnerabilities (1 to 5)
• Broken Access Control
• Cryptographic Failures
• Injection (SQL, LDAP, etc.)
• Insecure Design
• Security Misconfiguration
Workshop 1:
• Exploiting an SQL injection vulnerability in a test application
• Analysis of a real-world case of misconfiguration
OWASP Top 10 & Securing
Chapter 3: OWASP Vulnerabilities (6 to 10)
• Vulnerable and Outdated Components
• Identification and Authentication Failures
• Software and Data Integrity Failures
• Security Logging and Monitoring Failures
• Server-Side Request Forgery (SSRF)
Chapter 4: Secure Development Best Practices
• Client-side vs. server-side validation
• Error and exception handling
• Securing REST APIs
• Using secure frameworks
Workshop 2:
• Analyzing vulnerable source code
• Collaborative correction of OWASP vulnerabilities
Advanced Security & Integration into the SDLC
Chapter 5: Integrating Security into the Development Cycle
• DevSecOps: Principles and Tools
• Automating Security Testing (SAST, DAST)
• Code review and security audit
• Secure CI/CD
Chapter 6: Case studies & feedback
• Analysis of real attacks (Equifax, Facebook, etc.)
• Feedback on secure projects
• Implementation of an application security policy
Workshop 3:
• Simulation of a complete security audit of a web application
• Drafting a remediation plan
Pedagogical details
Type of training
Private or personalized training
Do you have several employees interested in the same training course? Whether in person at your offices or remotely in virtual mode, we offer private training courses tailored to your team's needs. Group rates are available. Contact us for more details or request a quote online.
Request a quotePrivate or personalized training
Do you have several employees interested in the same training course? Whether in person at your offices or remotely in virtual mode, we offer private training courses tailored to your team's needs. Group rates are available. Contact us for more details or request a quote online.
Request a quote