The 2-day workshop builds solid foundation of web security concepts and web security testing. It is not a course focused on a set of tools to do security testing rather the focus is on concepts and hands-on exercises during the workshop.

Following is what would be covered at a high level:

  • HTTP Essentials – Aspects of the protocol important for security
  • Security Basics
  • Attributes of Security
  • Anotomy of Web Security Attacks
  • Sources of Information on Web Security/Vulnerabilities
  • Relation to Testing Techniques and Approaches in Functional Testing
  • Automation aspects in Security Testing
  • Useful Browser Extensions
  • Using Web Proxies
  • Request Manipulation
  • OWASP Top 10
  • Thread Modeling
  • Fuzzing
  • Hands-On Threat Modeling
  • Exercises using WebGoat and other demo web applications

If you are interested in attending the workshop/knowing further details, please use the contact form or write to me at

Leave a Reply

Your email address will not be published. Required fields are marked *