Best Practices for Secure Web Applications

Now available for teams as an interactive online training from the


This basic seminar provides a comprehensive introduction to Web Application Security and a coherent, in-depth concept for creating sustainable security for web applications, web presences and servers.

Approaches to solutions in programming, software and system architecture are given as generic patterns that can be easily adapted to your own environment. The participants are thus able to create secure web applications, to analyze and evaluate existing applications with regard to essential security vulnerabilities and to derive appropriate measures.

The seminar includes the work of the OWASP (Open Web Application Security Project) considered to have a significant impact on the future. At the same time, the contents go far beyond the common standard of the OWASP Top 10. Particular importance is given to the practicability and feasibility of the described measures.

Our easy-to-use mobile training environment is used for all exercises. The vulnerabilities are identified by the participants by solving specific tasks and are then discussed in the group. We place particular emphasis on participants using their own laptops with their individual working environment.

All contents can be adapted according to your specific needs!


  • Basics
    • HTTP-Basics
    • Authentication/authorization, Access Control
    • Sessions, Cookies, Dom Storage, JWT
    • SOP, CORS
    • Security header (CSP, HSTS, etc.)
    • Cryptography (basics, SSL/TLS, certificates etc.)
    • SOAP, JSON
  • Attacks
    • XSS (reflected, stored, dom-based)
    • Injection (SQL, LDAP, XML, Code, …)
    • Object deserialization
    • CSRF, clickjacking
    • JSONP hijacking, CORS misconfiguration
    • XML external entity includes
    • Logical/Semantic attacks, Phishing
  • Defense
    • Network separation, firewalls, WAFs
    • Input validation, output encoding
    • Anti-Automatisierung
    • Best practices of programming

Target audience

  • Software developer
  • Software architect
  • Project manager


2 to 3 days or individually configured




Dr. Bastian Braun
Security consultant in many software projects
Mirko Richter
Experienced SSDLC consultant with 15+ years of experience
Dr. Benjamin Kellermann
Experienced penetration tester and IT security consultant
Björn Kirschner
Experienced penetration tester and IT security consultant
Reinhard Böhme photo Reinhard Böhme
Experienced penetration tester in web and infrastructure

Our training courses are aimed at companies and organisations. A training course can be economical with just three or more participants. The trainings take place at your premises or is organised by us in your desired environment.

Now available for teams as an interactive online training from the


Mirko Richter

Your Contact:

Dr.-Ing. Benjamin Kellermann

Contact us via email.
Or call us or use our special contact form.