Practical Web Defense

What about this course?

<br>The Practical Web Defense course is a fully guided and practical self-study course about how web applications are attacked in the real world and what you can do to mitigate every attack. Configuration management is among the first topics you will come across, showing you how to properly configure and secure admin interfaces, DB listeners, old/backup files, file uploads and applications in general. Mitigations against common authentication and authorization attacks are up next. Specifically, you will learn how to protect your applications against user enumeration, brute force attacks, default credentials being active, authentication schema bypasses, path traversal attacks, local file inclusion attacks, IDOR attacks etc. Session management is another important module you will come across during the PWD course, in which you will learn how to mitigate session fixation, exposed session variables, CSRF etc. Business logic flaws and their impact on the overall security posture of an application is also covered with clear examples. As you would have guessed, proper data validation is covered in detail, in order to mitigate attacks such as XSS, HTTP parameter pollution, ORM, SQLi, XXE, SSI, XPATH injection, Command injection, RFI and many more. A holistic defense approach should not neglect attacks against crypto implementations and web services (XML & JSON-RPC, SOAP & REST, spoofing/action attacks, etc.). Applied secure coding is also included highlighting matters such as attack surface reduction, strict input validation, least privilege principle, secure access to data & functions etc. When no access to code is provided, virtual patching is the way to go. PWD teaches how to perform virtual patching and how to leverage it for intrusion detection/prevention purposes.</br> <br>This course is part of the Web Defense Professional Learning path which prepares you for the eWDP exam and certification</br>

2 days
subtitle-line-moduleINE's world-class IT training

Instructor for this course

Abraham Aranguren


This course is composed by the following modules

INE's world-class IT training
Our platform

Nail Your Next Project

Take your technical training into your own hands and stay engaged with our learn-by-doing platform where you can put your skills to the test with hands-on exercises, quizzes, and labs.


Train On-Demand

Choose the training you want from 18,000+ videos of instructor-led content. Watch anywhere.

Learn More

Get Hands-On

INE quizzes, labs, projects, and exercises help reinforce your knowledge.

Learn More

Learning Paths

Organized training helps guide you through the most relevant subjects for certification prep.

Learn More

Access to All Courses & Updates

We add new courses and learning materials to the platform weekly so you're always up-to-date.

Learn More

Common Course Questions

If you have a question you don’t see on this list, please visit our Frequently Asked Questions page by clicking the button below. If you’d prefer getting in touch with one of our experts, we encourage you to call one of the numbers above or fill out our contact form.

Need training for your entire team?

Schedule a Demo

Hey! Don’t miss anything - subscribe to our newsletter!

© 2022 INE. All Rights Reserved. All logos, trademarks and registered trademarks are the property of their respective owners.
instagram Logofacebook Logotwitter Logolinkedin Logoyoutube Logo