Content This web security workshop is targeted at software engineers who wish to get an insight into typical web security flaws and their possible consequences when exploited by a malicious user. The course takes mainly the perspective of an attacker since this is the most effective way to understand how and what enabled an attack. Possible countermeasures will be discussed in order to mitigate the risks.
In the first part of the course, past security breaches and the OWASP top 10 will be discussed. Participants will learn security concepts and participate in live hacking sessions.
In the second part of the workshop, an introduction to the Zed Attack Proxy penetration testing tool will be given and the attendees will have the opportunity to get their hands dirty in a hacking lab where they can exploit security vulnerabilities.
Participants will gain an in-depth understanding of the most prevalent security vulnerabilities found in web applications and be able to tackle them with effective countermeasures. Participants will also be able to exploit those security flaws by themselves through a series of hands-on exercises.
The course is aimed at software developers and architects who are involved with web technologies.