Introduction to Web Application Security Course

About this course

If you are involved in web application development, you need to understand the basics of security. The Introduction to Web Application Security course gives you an overview of the most important security concerns in web applications, and how to deal with them. You will learn how and why web apps are vulnerable.

The course includes the top 10 vulnerabilities, based on the Open Web Application Security Project. You will learn what each vulnerability is, and the best approach to counter the risk.

This course does not focus on any programming language or technology.

Why you want to attend

You should attend the Introduction to Web Application Security course if:
  • You are a web application developer, and you need to write secure applications.
  • You are a manager and you want to reduce your organisation’s vulnerability to security attacks.
  • You are a network or server engineer, and you are responsible for application security.

What you need to know first

Before you attend the Introduction to Web Application Security course, you should have some technical background and a basic understanding of web applications.

Price and duration

Price: R5,900.00 excluding VAT per delegate.

This price includes everything that you need:

  • All course material, provided in an electronic format.
  • An attendance certificate after the course, in PDF format.
Duration: 2 days.

The Introduction to Web Application Security course is presented virtually. Find out more about our virtual training and how it works.

This course is only scheduled on request for group bookings. Please contact us to discuss a date.

How to book

It’s so easy to book for the Introduction to Web Application Security course. Just email us at You can send us a purchase order, or fill in our course enrolment form. After we have received your booking, we will confirm that you are booked, and we’ll send you an invoice.

Detailed course contents


  • Case studies and statistics.
  • Introduction to web applications.
  • Basics of web application architecture.
  • Application security risks.
  • Attack vectors.
  • Threat agents.

HTTP Protocol

  • HTTP protocol basics.
  • HTTP response headers.
  • HTTP versus HTTPS.
  • HTTP Strict Transport Security (HSTS).
  • X-Frame-Options.
  • X-XSS-Protection.
  • X-Content-Type-Options.
  • Content-Security-Policy.
  • Referrer-Policy.
  • Expect-CT.

Global Organisations, Standards and Frameworks

  • The Web Application Security Consortium (WASC).
  • The Open Web Application Security Project (OWASP).
  • The National Institute of Standards and Technology (NIST).
  • The Common Weakness Enumeration (CWE) category system.
  • The SysAdm, Audit, Network, Security (SANS) Institute.

Fundamentals of a Secure Environment

  • CIA: Confidentiality, integrity, availability.
  • Policies and standards.
  • Acquiring secure software.
  • Training.
  • Secure architecture.
  • Physical security.
  • Introduction to secure SDLC.

Common Attack Categories

  • Insecure interaction between components.
  • Risky resource management.
  • Poroous defences.

OWASP Top 10 Web Application Vulerabilities

  • Injection.
  • Broken authentication and session management.
  • Sensitive data exposure.
  • XML external entity (XXE).
  • Broken access control.
  • Security misconfiguration.
  • Cross-site xcripting (XSS).
  • Insecure deserialization.
  • Using components with known vulnerabilities.
  • Insufficient logging & monitoring.
  • Definitions, explanations and examples.
  • Countermeasures.

Other Common Vulnerabilities

  • Clickjacking.
  • Cross-Site Request Forgery (CSRF).
  • Server Side Request Forgerty (SSRF).
  • Definitions, explanations and examples.
  • Countermeasures.

Testing and Monitoring

  • Static application security testing.
  • Dynamic application security testing.
  • Interactive application security testing.
  • Runtime application self-protection.
  • Monitoring tools.

Secure Development Approach

  • The secure SDLC.
  • Threat modelling.
  • Source code review.
  • Common dangerous programming practices.
  • Common development mistakes.

Secure Design Principles and Best Practices

  • Defense in depth.
  • Fail safe.
  • Least privilege.
  • Separation of duties.
  • Economy of mechanism.
  • Complete mediation.
  • Open design.
  • Least common mechanism.
  • Psychological acceptability.
  • Weakest link.
  • Leveraging existing components.

Download the course outline

Download the Introduction to Web Application Security course outline in PDF format.

Thank You

We're Excited!

Thank you for completing the form. We're excited that you have chosen to contact us about training. We will process the information as soon as we can, and we will do our best to contact you within 1 working day. (Please note that our offices are closed over weekends and public holidays.)

Don't Worry

Our privacy policy ensures your data is safe: Incus Data does not sell or otherwise distribute email addresses. We will not divulge your personal information to anyone unless specifically authorised by you.

If you need any further information, please contact us on tel: (27) 12-666-2020 or email

How can we help you?

Let us contact you about your training requirements. Just fill in a few details, and we’ll get right back to you.