Secure Web Development Workshop

This course is about security issues of web technologies from the point of view of web developers. Recent incidents and common attack vectors are shown. The processes of software development and security software testing are presented in detail. The OWASP Testing Guide is the main part of this workshop. Therefore on the basis of examples and exercises, well-established vulnerabilities are illustrated and exploited. For each vulnerability, the source code will be reviewed and a patch developed. This course is based on OWASP Top Ten, CWE/SANS Top 25 and Best Practices of BSI (German Federal Office for Information Security).



  1. Introduction
    • Recent Incidents
    • Attack Vectors of Web Applications
  2. Secure Development Life Cycle
    • Standards and Best Practices
      • ISO 27034
      • BSI Guideline For Developing Secure Web Applications
  3. Security Testing Process
    • Security Requirements
    • Threat Modeling
      • Exercise: Creating a threat model
    • Static Source Code Analysis
    • Fuzzing
      • Demo: Live Fuzzing
  4. OWASP Testing Guide Hands-on
    • Configuration and Deployment Management Testing
    • Identity Management Testing
      • Exercise: Access-Control Matrix
    • Authorization and Authentication Testing
      • Exercise: Role-based Access Control
    • Session Management Testing
      • Exercise: Session Fixation
    • Input Validation Testing
    • Exercises:
      • Cross-Site-Scripting Lab
      • BeeF XSS Framework
      • Cross-Site Request Forgery
      • SQL-Injection Lab
    • Client Side Testing
      • Exercise: DOM XSS Lab
    • Testing for Error Handling and Weak Cryptography

Every participant will receive a certificate of attendance.

Learning goals

The participants are capable of identifying, exploiting and fixing well-established vulnerabilities. They are aware of recent security incidents and common attack vectors. The participants are able to apply the security testing process on their own projects.

Duration: 2 Tage


  • At least 4 persons
  • Basic knowledge in networking, programming and web technologies
  • Laptop with up-to-date VirtualBox software and administrator access

Target audience:

  • Software developer/designer
  • Software tester
  • Administrators

Needless to say, everyone who is interested and satisfy the requirements can participate.

1.300.- Euro excl. 16% MwSt. (VAT)
(Lunch and beverages are included)
The course takes place at softSchecks office. On Request we also offer an inhouse training.

For sign up or further questions:
+49 2241 255 43 0