Skip to main content

Top 10 Web Threats for QA (28 Nov)

When: 28-Nov-2019 9:00 AM


Trainers:  Professionals from ESI CEE’s Cyber Resilience Lab (CyResLab), partner of Software Engineering Institute, Carnegie Mellon University.


Top 10 Web Threats for QA

By popular demand, CyResLab has developed a version of the "Top 10 Web Threats" course for QA specialists.


The course shifts focus from secure coding and programming countermeasures to security defect detection and analysis (a.k.a. triage), as well as the tools that are needed to master this process.


This 1-day hands-on course is designed to introduce QA specialists to the working mechanisms for the top web threats, as well as how they are identified and triaged in practice. The course includes attack demonstrations, and vulnerability exercises, examples of detection tools and tactics, as well as best practices for security-specific defects. The course is mostly technical and not organizational.


The course includes free access to an interactive online exercise environment for one week, following the course’s completion.


The goal: of this course is to enable participants to:

  • Be aware of the top threats in Web development;
  • Know the tactics used to identify these threats;


Course agenda:

  • Network and crypto basics
  • Injection
  • Broken Authentication
  • Sensitive Data Exposure
  • XXE
  • Broken Access Control
  • Security Misconfiguration
  • XSS
  • Insecure Deserialization
  • Using Components with Known Vulnerabilities
  • Insufficient Logging & Monitoring
  • DoS
  • Development process tips, Q & A


Ideal for: Junior and Senior QA specialists


Prerequisites: Good knowledge of Web technologies


Please be advised that participants should bring a laptop/notebook with a modern web browser (JS and AJAX support) for the training


Certificate: Upon successful completion of the course, attendees will receive a certificate from ESI CEE.