Security is everyone’s responsibility—developers, service engineers, and product managers alike must understand the fundamentals of security. This knowledge helps them build secure software and services that balance business needs and deliver user value.

In this two-day workshop, we’ll explore why security is critical, how common attacks are executed, and what developers can do to protect their systems from these threats.

Participants will engage in hands-on exercises, learning by doing and gaining practical experience in securing web applications.

Target audience
This workshop is ideal for web developers working across various platforms, including .NET, Java, JavaScript, and PHP.

Prerequisites
Participants should have a basic understanding of how the web works and experience in web development, including familiarity with HTTP, HTML, and JavaScript.

In this workshop, we will cover concepts like:

Social Engineering
Securing HTTPS
Unicode
Cross-Site Scripting (XSS)
Preventing XSS with Content Security Policy (CSP)
Cross-Site Request Forgery (CSRF)
Securing your cookies
Same site cookies
Cross-Origin Resource Sharing (CORS)
SQL Injections
Authentication
Application DoS attacks
Securing passwords
Preventing data leaks
Intercepting proxies
Supply-chain attacks
Subresource Integrity

And much more…

have been teaching this course to companies for over 10 years, and this workshop is identical to the one offered here: Web Security Fundamentals. It is a highy apprechiated course.

The workshop is designed for web developers at all skill levels who want to build a solid foundation in web security.

To facilitate hands-on learning, I provide a cloud-based exercise environment using Azure Cloud VMs. This setup allows participants to connect via remote desktop without needing to install anything locally, making it accessible to anyone with a remote desktop connection.

I will also provide all the exercises in paper-form, because having the exercises in digitl form will make the workshop experience worse.