Certified Web Application Security Professional
One of the most comprehensive, content-rich courses for those looking to enhance their security skills & awareness for better securing web applications.
Specialised knowledge of web application security is critical for securing business websites and web applications. With the massive digitisation of all business assets, there is a huge demand for Certified Web Application Security professionals. Those with the skills for securing web applications, underlying computer networks and operating systems are in high demand as their knowledge and expertise has become critical to business continuity and even profitability. This highly comprehensive course takes you through the fundamentals of Web Application Security and moves on to more advanced concepts and skills so that you emerge as a well-rounded, sought-after Web Application Security professional.
Benefits of choosing this course
Benefits of choosing the Certified Web Application Security Professional Course course
The ideal training for web app developers, testers, project managers, systems architects etc. looking to upskill themselves in security of web applications.
This training is also suited for business managers looking to enhance the security of business web information & implementing web application security best practices.
Designed and developed by practising experts, this covers all the key concepts and fundamentals required for real-world application.
Highlights of the Certified Web Application Security Professional course
3 extensive, content-rich modules with several sub-sections.
20 practical lab sessions that help you sharpen your learning for on-the-job application.
Case studies and self-assessments ensuring reinforced knowledge acquisition.
- Key Learning Objectives
Key Learning Objectives
After completing the Certified Web Application Security Professional course, you will be able to:
- Articulate what web application security entails, what is web application architecture and which tools are most often used in web application security.
- Enhance your knowledge of the global standards and/or frameworks for web application security such as NIST, OWASP, CWE etc.
- Understand and explain in your own words the significance of OWASP Top 10 and the OWASP Testing Guide
- Know how to check for SSL vulnerabilities or POODLE.
- Explain what the most common mistakes in web app development are and how to avoid them.
- Improve your knowledge of APIs, API Testing and common API vulnerabilities.
- Comprehend what Web Distributed Authoring and Versioning is and why it is important.
- Enhance your understanding of the Security Development Lifecycle and how it is different from and complementary to the Software Development Lifecycle or SDL.
- Explain in your words what Web Application Firewalls are and how they help protect your applications from the advanced cyber criminal.
- Better understand server side and browser side vulnerabilities.
Directly download the full Learning Objectives of the course here
Templates. Worksheets & Mind-maps
When you enrol in this course you will have access to several worksheets & templates that you can use immediately. Take a look at the course curriculum, below, to see whats included in this course.
The image immediately below is a gallery view of some of the templates and collateral available to students.
Continuing Professional Development
CPD points can be claimed for this course at the rate of 1 point per hour of training for this NCSC-certified and CIISec-approved course (8 points for one-day public course and 15 points for the two-day internal workshop - for when organisations host this course internally).
CIPR Student-Only Incident Response Plan Template
As a student you get access to unique content including our highly acclaimed Cyber Incident Response Plan Template. If you want, you can download the FREE version of the Incident Response Plan template here.
- M.2.1 Introduction to OWASP TOP 10 (3:25)
- M.2.2 Injection and Error-based Injection (9:10)
- M.2.2.A Injection and Error-based Injection (Lab) (6:14)
- M.2.3 Authentication Bypass using SQL Injection (1:39)
- M.2.3.A Authentication Bypass using SQL Injection (Lab) (3:20)
- M.2.4 Blind Injection using SQLMap (5:05)
- M.2.4.A Blind Injection using SQLMap (Lab) (2:45)
- M.2.5 SQL Injection Mitigations (10:25)
- M.2.6 Command Injection (7:02)
- M.2.6.A Command Injection (Lab) (2:08)
- M.2.7. Broken Authentication (5:52)
- M.2.7.A Brute Force (Lab) (2:52)
- M.2.7.B Brute Force (Lab) (3:22)
- M.2.8 Session Management (8:39)
- M.2.8.A Session Management (Lab) (2:23)
- M.2.9. Sensitive Data Exposure (3:53)
- M.2.9.A Sensitive Data Exposure (Lab) (1:45)
- M.2.10 Insufficient Transport Layer Security (6:27)
- M.2.10.A Insufficient Transport Layer Security (Lab) (1:11)
- M.2.11 A4 XXE (9:30)
- M.2.11.A A4 XXE (Lab) (2:10)
- M.2.12 A5 Broken Access Control IDOR (5:45)
- M.2.12.A A5 Broken Access Control IDOR (Lab) (1:08)
- M.2.13 A5 Broken Access Control MFLAC (6:05)
- M.2.13.A A5 Broken Access Control MFLAC (Lab) (0:51)
- M.2.13.B A5 Broken Access Control MFLAC (Lab) (1:00)
- M.2.13.C A5 Broken Access Control MFLAC (Lab) (2:36)
- M.2.14 A6 Security Misconfiguration (6:41)
- M.2.14.A A6 Security Misconfiguration (Lab) (1:55)
- M.2.14.B A6 Security Misconfiguration (Lab) (1:00)
- M.2.14.C A6 Security Misconfiguration (Lab) (1:35)
- M.2.15 A7 Cross Site Scripting (XSS) (18:42)
- M.2.15.A A7 Cross Site Scripting (XSS) (Lab) (3:24)
- M.2.16 A8 Insecure Deserialization (4:55)
- M.2.17 A9 Using Components with Known Vulnerabilities (5:10)
- M.2.17.A A9 Using Components with Known Vulnerabilities (Lab) (2:03)
- M.2.18 A10 Insufficient Logging and Monitoring (4:30)
- M.2 Web Application Security OWASP10 (PDF)
- M.3.1 Browser-based Vulnerabilities (2:57)
- M.3.2 Clickjacking (3:01)
- M.3.2.A Clickjacking (Lab) (2:16)
- M.3.3 POODLE (3:56)
- M.3.4 WebDav (3:58)
- M.3.5 WASC (3:37)
- M.3.6 Security Frameworks (15:05)
- M.3.7 SDLC (22:04)
- M.3.8 WAF (7:53)
- M.3.9 Case Study Penetrating a Bank (3:26)
- M.3.10 Content Spoofing (3:24)
- M.3.11 Fingerprinting (1:53)
- M.3.12 Advanced Recon (0:51)
- M.3 Web Application Security WAF (PDF)
Sign up and Start Today
Pay-in-full in your local currency (where available)
We take all major forms of payment and we use secure checkout.
Our most popular courses.
Cyber Incident Planning and Response Course
Government Certified, Accredited Course on Planning and Response Strategies to deal with Cyber-Attacks and Cyber Crises
NCSC-Certified CIPR and Playbooks eLearning Bundle
Access two NCSC-Certified Training courses for the price of one. Includes option for an online examination.
Find out more about how a Cybersecurity Crisis Tabletop Exercise can help you improve your organisational cyber resilience.