Skip to main content

Top 10 Web Threats for Developers (12 Oct)

When: 12-Oct-2022 10:00


In this course, CyResLab has included live demos of attacks, exercises in detecting and leveraging threats, examples of weak and vulnerable code and the process of repairing it and fixing vulnerabilities, mitigation tactics, developer-specific best practices and discussions on how not to write vulnerable code in the process of daily work. The course is mostly technical and not organizational.


TrainersProfessionals from ESI CEE’s Cyber Resilience Lab (CyResLab), partner of Software Engineering Institute, Carnegie Mellon University.


Top 10 Web Threats

Various sources identify that between 20% and 60% of websites have each at least one serious vulnerability. A serious issue is the diversity of threats on Web platforms – different types of attacks can shut down entire services, steal valuable data, impersonate legitimate sites, intercept data on-the-fly, forge user actions, etc.


This 1-day hands-on course is designed to introduce developers to the inner workings of the top web threats, how they are exploited, and how to write code that is secure against these threats. The course includes attack demonstrations, and vulnerability exercises, examples of weak and vulnerable code, mitigation tactics, developer-specific best practices. The course is mostly technical and not organizational.


The goal: of this course is to enable participants to:

  • Be aware of the top threats in Web development;
  • Know the tactics used to mitigate these threats;
  • Do not systematically allow security vulnerabilities to 'slip in' while developing a product/website.


Course agenda:

  • Network and crypto basics
  • Injection
  • Broken Authentication
  • Sensitive Data Exposure
  • XXE
  • Broken Access Control
  • Security Misconfiguration    
  • XSS
  • Insecure Deserialization
  • Using Components with Known Vulnerabilities
  • Insufficient Logging & Monitoring
  • DoS
  • Development process tips, Q & A

* If signing up for this course, consider enrolling in the "Advanced Web Threats" course.

Ideal for: Web front-end and back-end developers, software engineers and architects that have a good grasp on development processes but have had no specific training in security. Also appropriate for mobile developers working on hybrid and/or pure Web platforms.


Prerequisites: Good knowledge of Web technologies and working experience in Web development

Please be advised that participants should bring a laptop/notebook with a modern web browser (JS and AJAX support) for the training


Certificate: Upon successful completion of the course, attendees will receive a certificate from ESI CEE.