TI275
Information technology

OWASP: Web Application Security

Master OWASP vulnerabilities and secure the software development lifecycle
Print


This training course provides an understanding of the most critical vulnerabilities in web applications according to the OWASP Top 10 ranking. It offers a practical approach to identifying, exploiting, and correcting these vulnerabilities through demonstrations and workshops.

Objectives

Learn how to secure applications from the design phase onwards, by incorporating secure development best practices and appropriate protection mechanisms.

Is it for you ?

Web developers, software architects, testers/QA, technical project managers, security managers/CISOs

Prerequisite

Basic knowledge of web development (HTML, JavaScript, PHP, Java, or other server language). Understanding of how web applications work (HTTP, sessions, databases)

Your benefits

  • Identify and exploit key OWASP Top 10 vulnerabilities through hands-on scenarios
  • Fix application security flaws using code analysis and secure review practices
  • Apply secure development best practices for APIs, validation, and error handling
  • Integrate security into DevOps using SAST, DAST, and secure CI/CD pipelines
  • Conduct full web application security audits and produce remediation plans

    • Content

    Introduction to Web Security & OWASP Top 10

    • Application Security Principles
    • Common Threats and Attack Vectors
    • Introduction to OWASP and the Top 10
    See more + / -

    Chapter 2: OWASP Vulnerabilities (1 to 5)

    • Broken Access Control
    • Cryptographic Failures
    • Injection (SQL, LDAP, etc.)
    • Insecure Design
    • Security Misconfiguration

    Workshop 1:

    • Exploiting an SQL injection vulnerability in a test application
    • Analysis of a real-world case of misconfiguration

    OWASP Top 10 & Securing

    • Vulnerable and Outdated Components
    • Identification and Authentication Failures
    • Software and Data Integrity Failures
    • Security Logging and Monitoring Failures
    • Server-Side Request Forgery (SSRF)

    Chapter 4: Secure Development Best Practices

    • Client-side vs. server-side validation
    • Error and exception handling
    • Securing REST APIs
    • Using secure frameworks

    Workshop 2:

    • Analyzing vulnerable source code
    • Collaborative correction of OWASP vulnerabilities

    Advanced Security & Integration into the SDLC

    • DevSecOps: Principles and Tools
    • Automating Security Testing (SAST, DAST)
    • Code review and security audit
    • Secure CI/CD

    Chapter 6: Case studies & feedback

    • Analysis of real attacks (Equifax, Facebook, etc.)
    • Feedback on secure projects
    • Implementation of an application security policy

    Workshop 3:

    • Simulation of a complete security audit of a web application
    • Drafting a remediation plan

    💡 Useful information

    Our training sessions are offered in Montreal or Quebec City, in person or in virtual format. Dates and locations are provided when you select your session below. If you have any questions regarding registration, schedules, the language of instruction, or cancellation policies, please consult our FAQ .

    Duration
    3 days
    Schedule
    9h to 16h
    Regular fee
    $1,485
    Preferential fee A preferential rate is offered to public institutions, to members of certain professional organizations as well as to companies that do a certain amount of business with Technologia. To know more, please read the "Registration and rates" section on our FAQ page. Please note that preferential rates are not available for online training courses. Discounts cannot be combined with other offers.
    $1,335
    Private or personalized training

    Do you have several employees interested in the same training course? Whether in person at your offices or remotely in virtual mode, we offer private training courses tailored to your team's needs. Group rates are available. Contact us for more details or request a quote online.

    Request a quote

    Request in-company training

    Do you have several employees interested in the same training course? Whether in person at your offices or remotely in virtual mode, we offer private training courses tailored to your team's needs. Group rates are available. Contact us for more details or request a quote online.

    Tell us more

    Similar trainings

    See all Surveillance and security trainings
    Added to cart View my cart