When does class start/end?
Class hours may vary, please reach out to contact@ascendientlearning.com if you have any questions.
Securing Web Applications | 2021 OWASP Top Ten and Beyond (Language Neutral)
Security experts agree that the least effective approach to security is "penetrate and patch". It is far more effective to "bake" security into an application throughout its lifecycle. After spending...
Read MoreOverview
Security experts agree that the least effective approach to security is "penetrate and patch". It is far more effective to "bake" security into an application throughout its lifecycle. After spending significant time examining a poorly designed (from a security perspective) web application, developers are ready to learn how to build secure web applications starting at project inception. The final portion of this course builds on the previously learned mechanics for building defenses by exploring how design and analysis can be used to build stronger applications from the beginning of the software lifecycle.
Securing Web Applications is a seminar style course designed for web developers and technical stakeholders who need to produce secure web applications. They will thoroughly examine best practices for defensively coding web applications, covering all the 2021 OWASP Top Ten as well as several additional prominent vulnerabilities (such as file uploads and handling untrusted free-form text). Our web app security expert will share how to integrate security measures into the development process. You will also explore core concepts and challenges in web application security, showcasing real world examples that illustrate the potential consequences of not following these best practices.
This course is also PCI Compliant.
Skills Gained
- Understand the concepts and terminology behind defensive, secure coding including the phases and goals of a typical exploit
- Establish the first axiom in security analysis of ALL web applications for this course and beyond
- Establish the first axiom in addressing ALL security concerns for this course and beyond
- Ensure that any hacking and bug hunting is performed in a safe and appropriate manner
- Identify defect/bug reporting mechanisms within their organizations
- Avoid common mistakes that are made in bug hunting and vulnerability testing
- Develop an appreciation for the need and value of a multilayered defense in depth
- Understand potential sources for untrusted data
- Understand the consequences for not properly handling untrusted data such as denial of service, cross-site scripting, and injections
- Understand the vulnerabilities of associated with authentication and authorization
- Detect, attack, and implement defenses for authentication and authorization functionality and services
- Understand the dangers and mechanisms behind Cross-Site Scripting (XSS) and Injection attacks
- Detect, attack, and implement defenses against XSS and Injection attacks
- Understand the risks associated with XML processing, software uploads, and deserialization and how to best eliminate or mitigate those risks
- Learn the strengths, limitations, and use for tools such as code scanners, dynamic scanners, and web application firewalls (WAFs)
- Understand techniques and measures that can used to harden web and application servers as well as other components in your infrastructure
- Identify resources to use for ongoing threat intelligence
- Plan next steps after completion of this training
Who Can Benefit
This is an overview-level , lecture and demonstration style course, designed to provide technical application project stakeholders with a first-look or baseline understanding of how to develop well defended web applications.
Prerequisites
Real-world programming experience is highly recommended for code reviews, but not required.
Course Details
Session: Bug Hunting Foundation
- Lesson: Why Hunt Bugs?
- Lesson: Safe and Appropriate Bug Hunting/Hacking
Session: Moving Forward From Hunting Bugs
- Lesson: Removing Bugs
Session: Foundation for Securing Web Applications
- Lesson: Principles of Information Security
Session: Bug Stomping 101
- Lesson: Unvalidated Data
- Lesson: A01: Broken Access Control
- Lesson: A02: Cryptographic Failures
- Lesson: A03: Injection
- Lesson: A04: Insecure Design
- Lesson: A05: Security Misconfiguration
Session: Bug Stomping 102
- Lesson: A06: Vulnerable and Outdated Components
- Lesson: A07: Identification and Authentication Failures
- Lesson: A08: Software and Data Integrity Failures
- Lesson: A09: Security Logging and Monitoring Failures
- Lesson: A10: Server-Side Request Forgery (SSRF)
Session: Moving Forward
- Lesson: Applications: What Next?
- Lesson: SDL Overview
- Lesson: SDL in Action
Schedule
5 options available
-
Apr 14, 2025 - Apr 15, 2025 (2 days)
Virtual | 10:00 AM – 6:00 PM EDT Language English Select from 1 options below Virtual |10:00 AM – 6:00 PM EDT- Enroll
- Enroll Add to quote
-
Jun 16, 2025 - Jun 17, 2025 (2 days)
Virtual | 10:00 AM – 6:00 PM EDT Language English Select from 1 options below Virtual |10:00 AM – 6:00 PM EDT- Enroll
- Enroll Add to quote
-
Aug 18, 2025 - Aug 19, 2025 (2 days)
Virtual | 10:00 AM – 6:00 PM EDT Language English Select from 1 options below Virtual |10:00 AM – 6:00 PM EDT- Enroll
- Enroll Add to quote
-
Oct 20, 2025 - Oct 21, 2025 (2 days)
Virtual | 10:00 AM – 6:00 PM EDT Language English Select from 1 options below Virtual |10:00 AM – 6:00 PM EDT- Enroll
- Enroll Add to quote
-
Dec 1, 2025 - Dec 2, 2025 (2 days)
Virtual | 10:00 AM – 6:00 PM EDT Language English Select from 1 options below Virtual |10:00 AM – 6:00 PM EDT- Enroll
- Enroll Add to quote
FAQ
Does the course schedule include a Lunchbreak?
Classes typically include a 1-hour lunch break around midday. However, the exact break times and duration can vary depending on the specific class. Your instructor will provide detailed information at the start of the course.
What languages are used to deliver training?
Most courses are conducted in English, unless otherwise specified. Some courses will have the word "FRENCH" marked in red beside the scheduled date(s) indicating the language of instruction.
What does GTR stand for?
GTR stands for Guaranteed to Run; if you see a course with this status, it means this event is confirmed to run. View our GTR page to see our full list of Guaranteed to Run courses.
How do I find an Ascendient Learning training location?
We have training locations across the United States and Canada - View a complete list of classroom training locations.
Which delivery formats are available?
At Ascendient Learning, we offer training that is Instructor-Led, Online, Virtual, and Self-Paced.
Does Ascendient Learning deliver group training?
Yes, we provide training for groups, individuals and private on sites. View our group training page for more information.
What does vendor-authorized training mean?
As a vendor-authorized training partner, we offer a curriculum that our partners have vetted. We use the same course materials and facilitate the same labs as our vendor-delivered training. These courses are considered the gold standard and, as such, are priced accordingly.
Is the training too basic, or will you go deep into technology?
It depends on your requirements, your role in your company, and your depth of knowledge. The good news about many of our learning paths, you can start from the fundamentals to highly specialized training.
How up-to-date are your courses and support materials?
We continuously work with our vendors to evaluate and refresh course material to reflect the latest training courses and best practices.
Are your instructors seasoned trainers who have deep knowledge of the training topic?
Ascendient Learning instructors have an average of 27 years of practical IT experience and have also served as consultants for an average of 15 years. To stay current, instructors spend at least 25 percent of their time learning new, emerging technologies and courses.
Do you provide hands-on training and exercises in an actual lab environment?
Lab access is dependent on the vendor and the type of training you sign up for. However, many of our top vendors will provide lab access to students to test and practice. The course description will specify lab access.
Will you customize the training for our company’s specific needs and goals?
We will work with you to identify training needs and areas of growth. We offer a variety of training methods, such as private group training, on-site of your choice, and virtually. We provide courses and certifications that are aligned with your business goals.
How do I get started with certification?
Getting started on a certification pathway depends on your goals and the vendor you choose to get certified in. Many vendors offer entry-level IT certification to advanced IT certification that can boost your career. To get access to certification vouchers and discounts, please contact info@ascendientlearning.com.
Will I get access to content after I complete a course?
You will get access to the PDF of course books and guides, but access to the recording and slides will depend on the vendor and type of training you receive.
How do I request a W9 for Ascendient Learning?
View our filing status and how to request a W9.
Reviews
Topics, material and specially instructor (Graham Godfrey) was beyond my expectations.
Overall it was a good bootcamp. A lot to cover so it is understandable that the pace had to be a little fast.
Great and very intuitive. Better than the traditional hit the wrong button/lose points.
Brandon was a great instructor. The virtual course materials and labs provided were very informative.
it was good and very informative. Instructure covered everything in detail.
