Web Application Security   Course

This course gives you an overview of the most important security concerns in web applications, and how to deal with them. You will learn how and why web apps are vulnerable. The course will cover the top 10 vulnerabilities, based on the Open Web Application Security Project. You will learn what each vulnerability is, and the best approach to counter the risk. This course does not focus on any particular programming language.

Do you need a quote? Want to discuss your requirements? We promise to get back to you within 1 working day.

Fields marked with * are required.


Please enter your name

Please enter your surname

Please enter a valid phone number eg. 0126662020

Please enter a valid email address

Incus Data does not sell or otherwise distribute email addresses. We will not divulge your personal information to anyone unless specifically authorised by you.

Audience: Is This The Right Course For Me?

You should attend the web security overview course if:

  • You are a web application developer, and you need to write secure applications.
  • You are a manager and you want to reduce your organisation's vulnerability to security attacks.
  • You are a network or server engineer, and you are responsible for application security.

Prerequisites: Am I Ready For The Course?

Before you attend the web security overview course:

  • You should have some technical background and a basic understanding of web applications.

Please ensure you meet the prerequisites for this course before you attend. Read the importance of course prerequisites to understand why this is necessary.

If you are not sure which is the right course for you, please call us. We will be happy to advise you, based on your training goals and your experience.

Objectives: What Will I Learn?

After you have completed the Web Application Security overview, you will:

  • Understand the concepts and terminology used in web security.
  • Be aware of the global organisations and standards that focus on web application security.
  • Know what the most important vulnerabilities are, and what countermeasures to take.
  • Know what is required to implement a secure development approach.
  • Be aware of best practices and secure design principles for development.

Download the Web Application Security course contents in PDF format

Technical Contents: What Does The Course Cover?

Introduction
  • Case studies and statistics.
  • Introduction to web applications.
  • Basics of web application architecture.
  • Application security risks.
  • Attack vectors.
  • Threat agents.
HTTP Protocol
  • HTTP protocol basics.
  • HTTP response headers.
  • HTTP versus HTTPS.
  • HTTP Strict Transport Security (HSTS).
  • X-Frame-Options.
  • X-XSS-Protection.
  • X-Content-Type-Options.
  • Content-Security-Policy.
  • Referrer-Policy.
  • Expect-CT.
Vulnerability Assessment and Penetration Testing
  • What is VAPT?
  • Steps involved in VAPT.
  • Black box vs grey box vs white box testing.
Global Organisations, Standards and Frameworks
  • The Web Application Security Consortium (WASC).
  • The Open Web Application Security Project (OWASP).
  • The National Institute of Standards and Technology (NIST).
  • The Common Weakness Enumeration (CWE) category system.
  • The SysAdm, Audit, Network, Security (SANS) Institute.
Fundamentals of a Secure Environment
  • CIA: Confidentiality, integrity, availability.
  • Policies and standards.
  • Acquiring secure software.
  • Training.
  • Secure architecture.
  • Physical security.
  • Introduction to secure SDLC.
Common Attack Categories
  • Insecure interaction between components.
  • Risky resource management.
  • Poroous defences.
OWASP Top 10 Web Application Vulerabilities
  • Injection.
  • Broken authentication and session management.
  • Sensitive data exposure.
  • XML external entity (XXE).
  • Broken access control.
  • Security misconfiguration.
  • Cross-site xcripting (XSS).
  • Insecure deserialization.
  • Using components with known vulnerabilities.
  • Insufficient logging & monitoring.
  • Definitions, explanations and examples.
  • Countermeasures.
Other Common Vulnerabilities
  • Clickjacking.
  • Cross-Site Request Forgery (CSRF).
  • Server Side Request Forgerty (SSRF).
  • Definitions, explanations and examples.
  • Countermeasures.
Secure Development Approach
  • The secure SDLC.
  • Threat modelling.
  • Source code review.
  • Common dangerous programming practices.
  • Common development mistakes.
Secure Design Principles and Best Practices
  • Defense in depth.
  • Fail safe.
  • Least privilege.
  • Separation of duties.
  • Economy of mechanism.
  • Complete mediation.
  • Open design.
  • Least common mechanism.
  • Psychological acceptability.
  • Weakest link.
  • Leveraging existing components.

Testimonials: What Other Delegates Say About This Course

This is a new course.

To get an idea of the quality you can expect, look at the testimonials for other related courses that we offer.

Duration: 2 days. Courses are presented from 08:30 to 16:30.
Price: R4,500.00 excluding VAT per delegate.

This price includes everything that you need:

  • All course material.
  • An attendance certificate.
  • Lunch and refreshments.
  • A voucher to re-attend the course for a minimal fee within 6 months.
  • A voucher for a free competency assessment within 6 months.
All you have to bring to the course is the desire to learn.
Location: The Incus Data Training Venue in Centurion, Pretoria.

If that doesn't suit you, we also offer:

Date: Please check the course schedule for the next date.
You can also contact us at tel: (+27) 12-666-2020 or cell/WhatsApp: (+27) 76-694-7705, or email us at info@incusdata.com to find out about dates that suit you.

How Do I Book?

It's easy to book: Fill in our course enrolment form (editable PDF file) and email it to us at info@incusdata.com.

After we have received your booking, we will send you a confirmation that you are booked on the course, an invoice and directions to the venue.

Tip: Most PDF readers, other than Adobe Reader, will let you save the form with the data you have entered. If you are using Adobe Reader, however, you might not be able to do this. But don't despair: when you have typed in the information, just print the file to PDF - and you'll have a completed enrolment form ready to email to us.