These are the slides to my 2-day "Web Application Security Training Workshop". The workshop is intended for all IT staff involved in web application development, e.g. software engineers, system analysts, quality engineers or application administrators.
The goals of the workshop are:
* Build security awareness for web applications
* Get to know attack methods of hackers
* Learn ways to discover security vulnerabilities
* Learn the basics of secure web development
The training starts with a motivation of the topic and then dives head-first into the most severe vulnerabilities of web applications based on the OWASP Top 10 list. The attacks on those vulnerabilities are discussed and can be tried out by the students in the intentionally insecure web application OWASP Juice Shop. For each vulnerability possible countermeasures and mitigations are discussed after the practical hacking session.
/!\ Performing attacks on any website or server you do not own yourself is a crime in most countries!