Call 1-800-305-3855 for more information on available plans and pricing
Study at your own pace
PWD comes with life-time access to course material and flexible access to the world’s best virtual labs on Web Application Security.
Practice Web App defense against real world attacks. PWD includes the most sophisticated virtual lab on IT Security: Hera Lab
Obtain the eWDP certification and prove your practical skills with the only 100% practical certification on Web Application Defense
Course at a glance
- Close the gap between Web application attack and defense
- Mitigation advices for multiple platforms and languages
- The most comprehensive and practical coverage of the OWASP Testing Guide
- Comprehensively aligned to OWASP methodologies, tools and tests
- Covers and goes beyond OWASP TOP 10
- Detailed techniques and methodology to simplify defense of web applications
- No boring theory: practice oriented curriculum
- Over 20 different lab scenarios to practice with
- Advanced usage of OWASP ZAP, OWASP OWTF, ModSecurity…
- Coverage of OWASP Cheat Sheets, OWASP OpenSAMM, OWASP ModSecurity Core Rule Set
- After obtaining the eWDP certification qualifies you for 40 CPE
- 25 hours of video training material
- Over 2700 slides
- 20 Labs in Hera
- Self-paced / HTML5, PDF, MP4
- Off-line access available
- Access from PC, Tablet and Smartphone
- Module 1 : Tool Introduction
This module illustrates basic usage of the main tools used during this course.
- Module 2 : Information Gathering
This part of the course is very important to understand how a malicious attacker may attempt to exploit a security problem on your website and how each of these attacks can be mitigated.
- Module 3 : Configuration Management
This module focuses on specific defense tactics against configuration management attacks.
- Module 4 : Authentication
This module focuses on specific defense tactics against authentication attacks.
- Module 5 : Authorization
This module focuses on specific defense tactics against authorization attacks.
- Module 6 : Session Management
This module focuses on specific defense tactics against session management attacks.
- Module 7 : Business Logic Flaws
This module focuses on specific defense tactics against business logic attacks. Business logic attacks are perhaps some of the most difficult flaws to defend against because they are the kind of security problems that automated tools are particularly poor at finding.
- Module 8 : Data Validation
This module focuses on specific defense tactics against data validation attacks. As you will see in this module, “data validation”, in many cases really depends on what the data is going to be used for later on and this may not be trivial to anticipate.
- Module 9 : Cryptography
This module focuses on specific defense tactics against attacks to try to get around cryptographic security controls.
- Module 10 : Denial Of Service
This module focuses on specific defense tactics against denial of service attacks.
- Module 11 : WebServices
This module focuses on specific defense tactics against web service attacks.
- Module 12 : Client Side and Phishing
This module focuses on specific defense tactics against Client Side attacks and Phishing.
- Module 13 : Error Handling and Logging
This module focuses on specific defense tactics to handle error conditions and logging.
- Module 14 : Applied Secure Coding Principles
This module focuses on general strategies to produce secure code.
- Module 15 : Virtual Patching and Intrusion Detection
This module defines strategies to: mitigate security issues when fixing the root cause might not be immediately possible and detect and quickly respond to security breaches
- Module 16 : Securing Web Applications
This module focuses on the widely accepted best practices necessary to secure web applications.
- Basic knowledge of programming fundamentals: loops, variables, functions, include files etc
- Reading and understanding PHP code will help although not mandatory.
- Basic knowledge of tools such as curl, Wireshark, OWASP ZAP (or Burp).
- Knowledge of security concepts will be an advantage but is not required
This training course is for…
- Web developers
- Web app security researchers
- Penetration testers
- IT admins and staff
Each lab is associated with a chapter from the course and will provide you with a broken web application (or web service) that implements security flaws in the given chapter. You are expected to find security issues, develop a POC (Proof Of Concept) exploit for each issue found, fix the issue found, verify that the POCs no longer work and verify that the application remains working as intended.
Each lab will additionally provide you with “extra mile” challenges that you can use to get ready for the exam or just get more practice and experience.
|Lab 1||Tool Introduction: OWASP, OWTF and the OWASP Testing Guide||Intro|
|Lab 2||Information Gathering||Web App Defense|
|Lab 3||Configuration Management||Web App Defense|
|Lab 4||Authentication||Web App Defense|
|Lab 5||Authorization||Web App Defense|
|Lab 6||Information Gathering||Web App Defense|
|Lab 7||Session Management||Web App Defense|
|Lab 8||Business Logic Flaws||Web App Defense|
|Lab 9||Data Validation||Web App Defense|
|Lab 10||Cryptography||Web App Defense|
|Lab 11||Denial of Service||Web App Defense|
|Lab 12||Web Services: XML-RPC||Web App Defense|
|Lab 13||Web Services: JSON-RPC||Web App Defense|
|Lab 14||Web Services: SOAP||Web App Defense|
|Lab 15||Web Services: REST||Web App Defense|
|Lab 16||Web Services: XML-RPC II||Web App Defense|
|Lab 17||Web Services: REST II||Web App Defense|
|Lab 18||Client Side and Phishing||Web App Defense|
|Lab 19||Error Handling and Logging||Web App Defense|
|Lab 20||Virtual Patching and Intrusion Detection||Web App Defense|
|Lab 21||Exam Preparation||Web App Defense|