This document outlines an agenda for a training on web application hacking and security. It introduces common web application vulnerabilities like injection, broken authentication, cross-site scripting, and more. Examples of real-world hacking incidents are provided. The bulk of the training focuses on the OWASP Top 10 list of critical security risks, demonstrating each one through examples and a demo of the WebGoat vulnerability practice application. The training concludes with a discussion of additional topics and a question/answer period.