Web Application Security
This 5-week CPD training course is open for all software developers interested in improving their knowledge and practical skills in cyber security. In the course, we introduce participants to the key concepts of cyber security and discuss the importance of security in web applications.
The course will provide an overview of security vulnerabilities in web application and teach how to choose and implement appropriate security countermeasures. The course will provide practical, hands-on experience of conducting web application penetration testing and implementing a wide range of security countermeasures in web applications.
No upcoming dates available
There are currently no upcoming dates available for this course, but you can register your interest. We will be in touch when a new course date is scheduled.
You have successfully registered your interest in this course. We will be in touch if new dates become available.
Who it’s for
The course is designed for software developers and web application developers, computer scientists and IT experts who are interested in improving their web application security knowledge and skills.
Pre-requisite knowledge and technical requirements
A participant must have Java programming experience, and knowledge of SQL databases. The knowledge of the Spring framework is beneficial.
A participant will require an access to an Internet-connected computer for the duration of the course. All software used in this module is open source. A list of required software includes IntelliJ IDEA (community edition) or another Java IDE, MySQL Server or MariaDB, and MySQL Workbench. Further information about required tools will be provided closer to the start date.
What you’ll learn
On successful completion of the course a participant will be able to:
- Use key security terminology associated with the topics covered
- Choose (with justification) an appropriate security countermeasure(s)
- Secure data in transit and at rest
- Implement authentication and authorisation in a web application
- Prevent CSRF, XSS and SQL injection attacks
- Prevent information leakage, and direct object reference vulnerabilities
- Secure a database system
- Penetration test web applications
- Write a penetration test report.
- Cyber security key concepts and terminology
- Encryption and hashing, and its applications
- OWASP Top Ten
- Common web application vulnerabilities and countermeasures
- Effective logging and monitoring
- Prevention of information leakage
- User input validation
- Authentication and authorization
- Insecure direct object reference vulnerability
- Injection vulnerabilities, including SQL injection
- Encryption in transit and at rest
- API security
- Database systems security
- Penetration testing procedure and tools.
How will the course be delivered?
This is a 5-week course which consists of weekly live sessions and asynchronous learning activities. Suggested weekly time commitment is 5-7 hours, including 2 hours of live sessions and 3-5 hours of guided study following provided material and tutorials.
The asynchronous learning activities will be made available online for participants to complete in their own time ahead of the weekly live sessions, which are offered face-to-face at Cardiff University or alternatively participants can attend remotely, via Teams.
Live sessions will take place on Thursdays 2-4 pm, starting Thursday 9 June 2022 and running for five consecutive weeks. The live sessions will include practical demonstrations of the vulnerabilities and countermeasures taught, as well as group discussions and Q&A/help sessions.
The online forum for the participants will be available for the duration of the course and will allow participants to discuss questions with each other, and with the course leads.
The course material will be accessible for 3 months after the taught sessions.
At the end of the course, the knowledge will be assessed via an online knowledge test (optional). A certificate of attendance and of successful completion will be provided at the end of the course.
The course is delivered in English.
CPD course delivery team
Dr Yulia Cherdantseva is a Senior Lecturer in cyber security at the School of Computer Science & Informatics at Cardiff University and a cyber skills lead at the Cardiff Centre for Cyber Security Research. Yulia worked as a lead researcher on the project “Supervisory Control and Data Acquisition Systems Cyber Security Lifecycle (SCADA-CSL)” funded by the Airbus Group Endeavr Wales and the Welsh Assembly Government, where she developed a novel SCADA Cyber Security, Safety and Risk (SCADA CSSR) graphical extension for BPMN 2.0 and a configurable dependency model of a SCADA system. In 2020-2021, she led an NCSC and RISCS funded project about cyber-security decision-making by SMEs which resulted in the development of the Best Practice Guide for SME in Cyber Security Investment Decision-Making. In 2021, she was awarded an EPSRC grant for developing a framework for risk-informed and metrics-enriched cyber security playbooks for enhancing CNI resilience. As a cyber skills lead, Yulia is interested in cyber security education from the primary school up to professional development level. Since May 2021, Yulia is a member of the CyBOK Executive Board. Yulia is passionate about equality, diversity and inclusion in cyber security.
Dr Philip Smart received his PhD in Computer Science from Cardiff University in 2009. After working as a researcher in the field of Geospatial Ontologies for three years, he spent a further eight years at Cardiff University as a senior developer developing bespoke Identity and Access Management systems. For the past 2 years he has been working for Jisc as a Trust and Identity Technical Specialist offering various consultancy services. Two days a week he works for the Shibboleth Consortium helping develop the Security Assertion Markup Language (SAML) based single-sign-on product, Shibboleth.