Security

Security in Testing Training

Web application security is a key aspect in designing, developing, and maintaining web applications.

Duration
6h
Ask about the program → See all
Who it's for

Ideal for teams that…

1 For software testers who want to expand their knowledge and skills in web application security
2 For individuals interested in a career as a junior web application pentester
3 For current web application developers who want to expand their knowledge and skills in web application security
Outcomes after the program

Application and infrastructure security — a workshop for technical teams.

Basic programming skills in Java, PHP, or .NET

Basic knowledge of JavaScript

Basic knowledge of SQL

Basic knowledge of IT solution architecture

Basic knowledge of web applications

Basic understanding of operating systems and computer networks

Program · 7 modules

What we actually do

M01
Introduction to Web Application Security
  • · Web application security fundamentals
  • · Web application architecture
  • · OWASP Top 10 (2021)
  • · CWE / CVE / CVSS – vulnerability classification and scoring
M02
Information Gathering and Enumeration
  • · Information gathering techniques
  • · Enumeration methods
  • · Tools used in reconnaissance
  • · Network traffic analysis
  • · FTP vs HTTP vs HTTPS
  • · GET request modification
  • · POST / PUT / DELETE request modification
M03
Vulnerability Analysis – Core Issues
  • · SQL Injection (SQLi) – SQL and NoSQL
  • · OS Command Injection (OSi)
  • · Unrestricted File Upload (UFU)
  • · Log content exposure
  • · Open source code leaks
  • · Low hanging fruit vulnerabilities
  • · Lack of proper error handling
M04
Network Traffic Security
  • · TLS / SSL fundamentals
  • · HTTP security headers
  • · Same-Origin Policy (SOP)
  • · Cross-Origin Resource Sharing (CORS)
M05
Advanced Vulnerability Analysis (Attack, Defense, Examples)
  • · Cross-Site Scripting (XSS)
  • · XML External Entity (XXE)
  • · XML Denial of Service
  • · Cross-Site Request Forgery (CSRF)
  • · Local File Inclusion (LFI)
  • · Remote File Inclusion (RFI)
  • · Directory Traversal (DT)
  • · Brute Force (BF)
  • · Insecure Direct Object Reference (IDOR)
  • · Server-Side Template Injection (SSTI)
  • · Server-Side Request Forgery (SSRF)
  • · Denial of Service (DoS) and Application DoS
  • · Vulnerable and outdated components
M06
API Security
  • · Authentication and authorization methods
  • · Common API security vulnerabilities
  • · OWASP API Security Top 10 (2019)
M07
Fuzzing and Specialized Testing
  • · Web application fuzzing
  • · Mobile application security basics
  • · Using proxies in security testing
  • · Reverse engineering fundamentals
Every module is adapted to your stack and context. The above is a starting point — not a fixed agenda.
How we work

From brief to retro in 30 days.

01

Brief & diagnosis

A call with the team lead + a short survey for participants. We define goals, gap and context.

02

Program customization

We adapt modules, case studies and code examples to your stack. Approval in 5 days.

03

Workshop

Trainer-led sessions, hands-on, code review. Mentor available between sessions too.

04

Retro + report

Outcome report for the team and lead. 30 days of consulting included.

Inquiry

Send a brief. We'll reply within 1 day.

After a short brief we'll prepare a program and a quote. No obligations — it's just a starting point.

Quote within 48h of the brief
First session within 30 days
Pilot before the full decision
VAT invoice, payment in instalments possible

Ochrona antyspamowa (Cloudflare Turnstile) zostanie aktywowana po wpięciu klucza.

Other programs for teams

See all →
Security

AWS Cloud Security Training

Application and infrastructure security — a workshop for technical teams.

Security
Security

Azure Cloud Security Training

Application and infrastructure security — a workshop for technical teams.

Security
Security

Container Security Management Training

Application and infrastructure security — a workshop for technical teams.

Security