Security experts agree that the least effective approach to security is "penetrate and patch". It is far more effective to "bake" security into an application throughout its lifecycle. After spending significant time examining a poorly designed (from a security perspective) web application, developers are ready to learn how to build secure web applications starting at project inception. The final portion of this course builds on the previously learned mechanics for building defenses by exploring how design and analysis can be used to build stronger applications from the beginning of the software lifecycle.
Securing Web Applications is a seminar style course designed for web developers and technical stakeholders who need to produce secure web applications. They will thoroughly examine best practices for defensively coding web applications, covering all the 2021 OWASP Top Ten as well as several additional prominent vulnerabilities (such as file uploads and handling untrusted free-form text). Our web app security expert will share how to integrate security measures into the development process. You will also explore core concepts and challenges in web application security, showcasing real world examples that illustrate the potential consequences of not following these best practices.
This course is also PCI Compliant.
This course will walk you through how to recognize actual and potential software vulnerabilities and implement defenses for those vulnerabilities. You will explore most common security vulnerabilities faced by web applications today, examining each vulnerability from a coding perspective through a process of describing the threat and attack mechanisms, recognizing associated vulnerabilities, and, finally, designing and implementing effective defenses.
Guided by our application security expert, you will explore how to:
Need different skills or topics? If your team requires different topics or tools, additional skills or custom approach, this course may be further adjusted to accommodate. We offer additional programming, secure coding, secure software development, hacking, database security, bug hunting and other related topics that may be blended with this course for a track that best suits your needs. Our team will collaborate with you to understand your needs and will target the course to focus on your specific learning objectives and goals.
This is an overview-level , lecture and demonstration style course, designed to provide technical application project stakeholders with a first-look or baseline understanding of how to develop well defended web applications. Real-world programming experience is highly recommended for code reviews, but not required.
Take After: We offer a variety of introductory through advanced security, development, project management, engineering, architecture and design courses that serve as an excellent follow on to this course. Please inquire for details.
Please see the Related Courses tab for specific Pre-Requisite courses, Related Courses that offer similar skills or topics, and next-step Learning Path recommendations.
Session: Bug Hunting Foundation
Lesson: Why Hunt Bugs?
Lesson: Safe and Appropriate Bug Hunting/Hacking
Session: Moving Forward From Hunting Bugs
Lesson: Removing Bugs
Session: Foundation for Securing Web Applications
Lesson: Principles of Information Security
Session: Bug Stomping 101
Lesson: Unvalidated Data
Lesson: A01: Broken Access Control
Lesson: A02: Cryptographic Failures
Lesson: A03: Injection
Lesson: A04: Insecure Design
Lesson: A05: Security Misconfiguration
Session: Bug Stomping 102
Lesson: A06: Vulnerable and Outdated Components
Lesson: A07: Identification and Authentication Failures
Lesson: A08: Software and Data Integrity Failures
Lesson: A09: Security Logging and Monitoring Failures
Lesson: A10: Server-Side Request Forgery (SSRF)
Session: Moving Forward
Lesson: Applications: What Next?
Additional Topics: Time Permitting
Lesson: SDL Overview
Lesson: SDL in Action
Student Materials: Each participant will receive a digital Student Guide and/or Course Notes, code samples, software tutorials, step-by-step written lab instructions (as applicable), diagrams and related reference materials and resource links. Students will also receive the project files (or code, if applicable) and solutions required for the hands-on work.
Hands-On Setup Made Simple! Our dedicated tech team will work with you to ensure our ‘easy-access’ cloud-based course environment, or local installation, is accessible, fully-tested and verified as ready to go well in advance of the course start date, ensuring a smooth start to class and effective learning experience for all participants. In some cases we can also help you install this course locally if preferred. Please inquire for details and options.
Every-Course Extras = High-Value & Long-Term Learning Support! All Public Schedule courses include our unique EveryCourse Extras package (Course Recordings, Live Instructor Follow-on Support, Free *Live* Course Refresh Re-Takes, early access to Special Offers, Free Courses & more). Please inquire for details.
Live scheduled classes are listed below or browse our full course catalog anytime
Check out custom training solutions planned around your unique needs and skills.
Exclusive materials, ongoing support and a free live course refresh with every class.
Please see the current upcoming available open enrollment course dates posted below. Please feel free to Register Online below, or call 844-475-4559 toll free to connect with our Registrar for assistance. If you need additional date options, please contact us for scheduling.
Course Title | Days | Date | Time | Price | |
---|---|---|---|---|---|
Securing Web Applications | 2021 OWASP Top Ten and Beyond (Language Neutral) | 2 Days | Jan 30 to Jan 31 | 10:00 AM to 06:00 PM EST | $1,695.00 | Enroll |
Securing Web Applications | 2021 OWASP Top Ten and Beyond (Language Neutral) | 2 Days | Mar 27 to Mar 28 | 01:00 AM to 06:00 PM EST | $1,695.00 | Enroll |
Securing Web Applications | 2021 OWASP Top Ten and Beyond (Language Neutral) | 2 Days | May 22 to May 23 | 10:00 AM to 06:00 PM EST | $1,695.00 | Enroll |
Securing Web Applications | 2021 OWASP Top Ten and Beyond (Language Neutral) | 2 Days | Jul 24 to Jul 25 | 10:00 AM to 06:00 PM EST | $1,695.00 | Enroll |
Securing Web Applications | 2021 OWASP Top Ten and Beyond (Language Neutral) | 2 Days | Sep 25 to Sep 26 | 10:00 AM to 06:00 PM EST | $1,695.00 | Enroll |
Learning is Twice as Nice!
Buy One Get One Free!
Enroll by February 28 in any TWO public classes in 2023 for the price of ONE!
Special Offers
Limited Offer for most courses.
SAVE 50%