What about this course?

<br>The Practical Web Defense course is a fully guided and practical self-study course about how web applications are attacked in the real world and what you can do to mitigate every attack. Configuration management is among the first topics you will come across, showing you how to properly configure and secure admin interfaces, DB listeners, old/backup files, file uploads and applications in general. Mitigations against common authentication and authorization attacks are up next. Specifically, you will learn how to protect your applications against user enumeration, brute force attacks, default credentials being active, authentication schema bypasses, path traversal attacks, local file inclusion attacks, IDOR attacks etc. Session management is another important module you will come across during the PWD course, in which you will learn how to mitigate session fixation, exposed session variables, CSRF etc. Business logic flaws and their impact on the overall security posture of an application is also covered with clear examples. As you would have guessed, proper data validation is covered in detail, in order to mitigate attacks such as XSS, HTTP parameter pollution, ORM, SQLi, XXE, SSI, XPATH injection, Command injection, RFI and many more. A holistic defense approach should not neglect attacks against crypto implementations and web services (XML & JSON-RPC, SOAP & REST, spoofing/action attacks, etc.). Applied secure coding is also included highlighting matters such as attack surface reduction, strict input validation, least privilege principle, secure access to data & functions etc. When no access to code is provided, virtual patching is the way to go. PWD teaches how to perform virtual patching and how to leverage it for intrusion detection/prevention purposes.</br> <br>This course is part of the Web Defense Professional Learning path which prepares you for the eWDP exam and certification</br>