CVL005 – Defensive Security Engineering

This is a fully guided and practical course about how web applications are attacked and defended in the real world. The course/training provides all the advanced skills necessary to carry out a thorough and professional penetration test against modern web applications

Target Audience:

A student who wants to enroll in the course must possess a solid understanding of web applications and web application security models. Web development teams that want to get inline with security that affect their applications for organizations or otherwise are eligible to take on this course. 

No deep programming skills are required. However, JavaScript/HTML/PHP and other web application based languages will be essential during the course.


Course Outline

Section A. Introducing Modern Web Application Stacks and DevOps
  •  Overview, devops and web technologies
  •  Proactive security testing and considerations
  •  Web application protocols, infrastructure and programming languages
  •  Labs walkthrough and set up
Section B. Extensive and Esoteric Recon for web applications
  • Vertical and Horizontal Recon Techniques
  • Web application Mapping and infrastructure lay out
  • Hands on Labs
Section C. Authentication and Session Management Flaws
  • Authentication and session management schemes
  • Identifying and exploiting authentication and session management flaws
  • Labs
Section D. Detecting and Exploiting Injection Flaws
  • SQL injection
  • HTML, XML injection
  • Poor data validation and injection vulnerabilities
  • Hands on Labs
Section E. Finding and Exploiting JavaScript and Cross-Site Flaws
  • Cross site scripting
  • Cross site request forgery
  • JavaScript language flaws and issues
  • Hands on Lab
Section F. Attacking the client side flaws
  • Analysing client code side implementations (AJAX, html5, Client Side JavaScript)
  • Bypassing Client Side Controls
  • Mitigations
  • Client Side Vulnerabilities Labs
Section G. Attacking Cryptographic flaws
  • SSL, TLS and other web cryptography applications and designs
  • Identifying weak and custom cryptography implementations
  • Common misconceptions and flaws in web cryptographic implementations
  • Web Crypto Labs
Section H. Conclusion
  • Combining all the sections
  • Hands on CTF Lab for web application security covering all aspects

The student is required to have a modern laptop device that can support virtualization technologies. With a minimum of 8 GB RAM and 60 GB of storage.


Whilst we provide everything you need to know on the course, experience of working in Windows and Linux environments as well as using command line interfaces would be advantageous.

You will need to bring a laptop with local administrator/root access.

To book a training course please contact us at or call +25620209067