Cybersecurity Training

Web Application Security

Building and Breaking: Web Applications

Our “Building and Breaking” series is ideal for those looking to break into cyber security as a career or develop their security testing skills. So whether you’re a software developer looking to build more secure applications, or wanting to become a penetration tester in the future – this course will help you build the key skills needed for your role.

Course Overview

This course covers the methodology for performing effective security testing, an overview of common vulnerabilities and defensive mechanisms, and hands-on labs to let you test your understanding and experiment with common real-world vulnerabilities.

On the day, we’ll start with the OWASP Top 10 and cover key vulnerabilities such as Injection and Cross-site Scripting, before moving on to more complex issues such as filter evasion and business logic issues.

The Methodology

There’s more to effective security testing and secure system development than just knowing about vulnerabilities and their exploitation – we also cover the stages of a penetration test to ensure that your approach to security testing achieves good coverage:

  • Intelligence Gathering
  • Application Mapping
  • Vulnerability Discovery
  • Exploitation and Filter Evasion
  • Proof-of-Concept Development
  • Privilege Escalation

Hands-on Labs

Our bespoke hands-on labs cover common vulnerabilities with a range of difficulties and filters, allowing you to ensure that you’ve understood the fundamentals of a vulnerability before moving on to more challenging examples. We have a range of labs, such as:

  • SQL Injection
  • Command Injection
  • XML External Entity (XXE) Injection
  • Cross-site Scripting (XSS)
  • DOM-based Cross-site Scripting
  • Path Traversal
  • File Upload and Web Shells


Whilst it’s often the least talked about part of security testing – remediation is of course the most important. It doesn’t matter how many vulnerabilities you find if you can’t quickly and effectively explain to the team how they can fix them. For each vulnerability discussed we will discuss a specific remediation, as well as giving examples of hardening options throughout to make applications more resilient to attacks in general.

Report Writing

Whatever the reason you’re hunting security bugs is, you’ll very likely need to share the findings of your hunting with other people. Therefore we’ll also cover effective report writing techniques. Covering how to write reports efficiently so you can spend more time hacking, as well as how to ensure that your report includes the right amount of technical detail within the description, steps to recreate, and remediation sections.

Optional: Recruitment Guide

For those looking specifically to break into a penetration testing role, we also include content based around common recruitment techniques and technical assessments used by penetration testing companies to ensure that you’re in the best position to secure your first role.

Benefits of our bespoke workshops:

Raise cybersecurity awareness within your organisation.

Up-skill your technical teams on how to more effectively defend your systems.

Deploy and improve internal protections to defend against attacks.

Our other training courses

Building and Breaking: Networks and Infrastructure

Our “Building and Breaking” series is ideal for those looking to break into cyber security as a career or develop their security testing skills. So whether you’re a system admin looking to build more secure networks, or wanting to become a penetration tester in the future – this course will ...

Security Awareness Training

Awareness Training can be a key part to reducing the risk of threats such as social engineering and phishing – but many companies struggle to put together effective security awareness training sessions. It’s an understandable problem though, putting together a talk about passwords and emails, but keeping it interesting, is ...

In addition to Cybersecurity Training we also offer Penetration Testing and Cybersecurity Consultancy to offer a comprehensive suite of cybersecurity services.

Penetration Testing

Penetration Testing is one of the most effective ways to assess your systems security, discover vulnerabilities, and determine the real-world risk of any vulnerabilities that are present.

It goes much further than simply checking for missing software updates or weak passwords. Plus, it’s more effective than simple vulnerability scanning.

Cybersecurity Consultancy

From security architecture to security assessment, we offer a wide range of services to ensure the protection of your assets. We use a highly flexible methodology to ensure that our services are fully aligned to your needs, delivered by a bespoke team with the precise skills and depth of experience needed to understand your issues and then effectively deliver the desired outcome. With our security assurance services, you can have peace of mind knowing that your systems and data are well-protected.





    Play Cover Track Title
    Track Authors