Live Chat
Monday - Friday 8am - 6pm EST Chat Now
Contact Us
Monday - Friday 8am - 8pm EST 1-866-716-6688 Other Contact Options

Cart () Loading...

    • Quantity:
    • Delivery:
    • Dates:
    • Location:


Web Application Security Fundamentals

IBM Course Code: TK330G

GK# 2160 Vendor# TK330G

Course Overview


This course focuses on common web security attack vectors, how attackers exploit them, and how to prevent the exploits. It also introduces the Open Web Application Security Project (OWASP) as an industry standard security resource. Students learn through hands-on labs how to exploit web security vulnerabilities.


  • Delivery Format:
  • Date:
  • Location:
  • Access Period:


What You'll Learn

  • Discuss common web application security issues and the organizations and testing techniques that can help prevent them
  • Describe basic web application components
  • Discuss the OWASP web application security attack classifications:
    • Injection
    • Broken authentication and session management
    • Cross-site scripting
    • Insecure direct object references
    • Security misconfiguration
    • Sensitive data exposure
    • Missing function level access control
    • Cross-site request forgery
    • Using components with known vulnerabilities
    • Unvalidated redirects and forwards
  • Use vulnerability testing and threat modeling to implement web application security throughout the software development life cycle


Viewing outline for:

Classroom Live Outline

  • Unit 1: Introduction to web application security problems
  • Unit 2: Web application security basics
  • Unit 3: Injection flaws
  • Unit 4: Broken authentication and session management
  • Unit 5: Cross-site scripting
  • Unit 6: Insecure direct object references
  • Unit 7: Security misconfiguration
  • Unit 8: Sensitive data exposure
  • Unit 9: Missing function-level access control
  • Unit 10: Cross-site request forgery
  • Unit 11: Using components with known vulnerabilities
  • Unit 12: Unvalidated redirects and forwards
  • Unit 13: Integrating security into the software development lifecycle

Who Should Attend


This basic course is for web developers, quality assurance specialists, security auditors, and users who are new to IBM Security AppScan products.

Course Delivery

This course is available in the following formats:

Classroom Live

Receive face-to-face instruction at one of our training center locations.

Duration: 1 day

Virtual Classroom Live

Experience expert-led online training from the convenience of your home, office or anywhere with an internet connection.

Duration: 1 day

Request this course in a different delivery format.