Call 1-800-305-3855 for  more information on available plans and pricing

Study at your own pace

PWD comes with life-time access to course material and flexible access to the world’s best virtual labs on Web Application Security.

Extremely Hands-on

Practice Web App defense against real world attacks. PWD includes the most sophisticated virtual lab on IT Security: Hera Lab

Become Certified

Obtain the eWDP certification and prove your practical skills with the only 100% practical certification on Web Application Defense

Course at a glance
  • Close the gap between Web application attack and defense
  • Mitigation advices for multiple platforms and languages
  • The most comprehensive and practical coverage of the OWASP Testing Guide
  • Comprehensively aligned to OWASP methodologies, tools and tests
  • Covers and goes beyond OWASP TOP 10
  • Detailed techniques and methodology to simplify defense of web applications
  • No boring theory: practice oriented curriculum
  • Over 20 different lab scenarios to practice with
  • Advanced usage of OWASP ZAP, OWASP OWTF, ModSecurity…
  • Coverage of OWASP Cheat Sheets, OWASP OpenSAMM, OWASP ModSecurity Core Rule Set
  • After obtaining the eWDP certification qualifies you for 40 CPE
Course Material
  •     25 hours of video training material
  •     Over 2700 slides
  •     20 Labs in Hera
Course Delivery
  •     Self-paced / HTML5, PDF, MP4
  •     Off-line access available
  •     Access from PC, Tablet and Smartphone
Syllabus
  • Module 1 : Tool Introduction

    This module illustrates basic usage of the main tools used during this course.

  • Module 2 : Information Gathering

    This part of the course is very important to understand how a malicious attacker may attempt to exploit a security problem on your website and how each of these attacks can be mitigated.

  • Module 3 : Configuration Management

    This module focuses on specific defense tactics against configuration management attacks.

  • Module 4 : Authentication

    This module focuses on specific defense tactics against authentication attacks.

  • Module 5 : Authorization

    This module focuses on specific defense tactics against authorization attacks.

  • Module 6 : Session Management

    This module focuses on specific defense tactics against session management attacks.

  • Module 7 : Business Logic Flaws

    This module focuses on specific defense tactics against business logic attacks. Business logic attacks are perhaps some of the most difficult flaws to defend against because they are the kind of security problems that automated tools are particularly poor at finding.

  • Module 8 : Data Validation

    This module focuses on specific defense tactics against data validation attacks. As you will see in this module, “data validation”, in many cases really depends on what the data is going to be used for later on and this may not be trivial to anticipate.

  • Module 9 : Cryptography

    This module focuses on specific defense tactics against attacks to try to get around cryptographic security controls.

  • Module 10 : Denial Of Service

    This module focuses on specific defense tactics against denial of service attacks.

  • Module 11 : WebServices

    This module focuses on specific defense tactics against web service attacks.

  • Module 12 : Client Side and Phishing

    This module focuses on specific defense tactics against Client Side attacks and Phishing.

  • Module 13 : Error Handling and Logging

    This module focuses on specific defense tactics to handle error conditions and logging.

  • Module 14 : Applied Secure Coding Principles

    This module focuses on general strategies to produce secure code.

  • Module 15 : Virtual Patching and Intrusion Detection

    This module defines strategies to: mitigate security issues when fixing the root cause might not be immediately possible and detect and quickly respond to security breaches

  • Module 16 : Securing Web Applications

    This module focuses on the widely accepted best practices necessary to secure web applications.

Pre-requisites
  • Basic knowledge of programming fundamentals: loops, variables, functions, include files etc
  • Reading and understanding PHP code will help although not mandatory.
  • Basic knowledge of tools such as curl, Wireshark, OWASP ZAP (or Burp).
  • Knowledge of security concepts will be an advantage but is not required
This training course is for…
  • Web developers
  • Web app security researchers
  • Penetration testers
  • IT admins and staff
Labs

Each lab is associated with a chapter from the course and will provide you with a broken web application (or web service) that implements security flaws in the given chapter. You are expected to find security issues, develop a POC (Proof Of Concept) exploit for each issue found, fix the issue found, verify that the POCs no longer work and verify that the application remains working as intended.

Each lab will additionally provide you with “extra mile” challenges that you can use to get ready for the exam or just get more practice and experience.

Lab IDDescriptionCategory
Lab 1Tool Introduction: OWASP, OWTF and the OWASP Testing GuideIntro
Lab 2Information GatheringWeb App Defense
Lab 3Configuration ManagementWeb App Defense
Lab 4AuthenticationWeb App Defense
Lab 5AuthorizationWeb App Defense
Lab 6Information GatheringWeb App Defense
Lab 7Session ManagementWeb App Defense
Lab 8Business Logic FlawsWeb App Defense
Lab 9Data ValidationWeb App Defense
Lab 10CryptographyWeb App Defense
Lab 11Denial of ServiceWeb App Defense
Lab 12Web Services: XML-RPCWeb App Defense
Lab 13Web Services: JSON-RPCWeb App Defense
Lab 14Web Services: SOAPWeb App Defense
Lab 15Web Services: RESTWeb App Defense
Lab 16Web Services: XML-RPC IIWeb App Defense
Lab 17Web Services: REST IIWeb App Defense
Lab 18Client Side and PhishingWeb App Defense
Lab 19Error Handling and LoggingWeb App Defense
Lab 20Virtual Patching and Intrusion DetectionWeb App Defense
Lab 21Exam PreparationWeb App Defense

Call 1-800-305-3855 for  more information on available plans and pricing