Building Secure Web Applications

Course Duration: 2 days
Intended Audience: IT Staff, Managers, System Architects, Information Security Professionals, Developers, QA Professionals

This course is taught using a combination of theory, practical examples, and hands-on training. It is designed to provide an overview of the fundamental principles of Web application security.

Course Objective
This session presents students with an understanding of:

  • How web applications work
  • How vulnerabilities manifest in them
  • How hackers find and exploit these vulnerabilities
  • Solutions for protecting Web applications


  • Identify elements that can make a Web application an easy target
  • Learn about hackers’ tools and techniques
  • Understand how to identify vulnerabilities in Web applications
  • Learn how to test and exploit vulnerabilities in your Web applications using freely available tools

Group Training
WhiteHat Security also offers on-site education sessions for groups of 20 or more. Public courses are also available to individuals in cities across the country. To find out more about WhiteHat Education Services course curriculum, contact our corporate office at 408.343.8300.

WhiteHat courses are affordably priced to meet corporate budget concerns. Contact Education Services to learn more about our pricing structure.


Course Overview :: Introduction to Web Application Security

Evolution of Web applications, issues with Web applications, Web application vulnerabilities

– HTTP protocol
– Hackers’ Toolbox (HTML, JavaScript, AJAX)
– Request / response flow
– Encoding/decoding URLs, character sets,
   and HTML entities

Anatomy of an Attack
– How people exploit Web applications
– Why you can never trust anything that
   comes from the client

Top Web Application Attacks & Vulnerabilities (topics vary depending upon duration of course selected – one or two-day)
– Overview of the top Web app vulnerabilities
– How those vulnerabilities were introduced
   and how they can be avoided
– Concepts, examples, case studies, and
   scenarios for each class of attack:
   • XSS (Cross Site Scripting)
   • SQL Injection
   • Blind SQL Injection
   • Authentication, Authorization and
     Session Attacks
   • CSRF (Cross Site Request Forgery)
   • Business Logic Flaws
   • HTTP Response Splitting

Solutions for Protecting Your Applications
– Solutions that can improve the security
   of your Web application
– Identifying the weaknesses in your Web app
– Remediation

3970 Freedom Circle, Santa Clara, CA 95054 | 408.343.8300 |
2014 © Copyright | WhiteHat Security
Twitter facebook Youtube