Application Security for Security Professionals

Security professionals come from all backgrounds and technical disciplines. For some of us, our careers require us to support fast moving application development teams regardless of whether we have ever actively developed software before (or indeed worked with developers). That makes keeping our applications safe, especially challenging.

This course allows security professionals to gain hands on experience with common web application vulnerabilities whilst learning more about how to coach and work with development teams to avoid them happening.

Our 2 day course provides an engaging and safe environment to get hands on with application security and learn how to work with application developers to build security into their world.



This course is aligned with the Open Web Application Security Project (OWASP) top 10 application security vulnerabilities. These include:

  1. Injection

  2. Broken Authentication and Session Management

  3. Cross-Site Scripting (XSS)

  4. Insecure Direct Object References

  5. Security Misconfiguration

  6. Sensitive Data Exposure

  7. Missing Function Level Access Control

  8. Cross-Site Request Forgery (CSRF)

  9. Using Components with Known Vulnerabilities

  10. Unvalidated Redirects and Forwards

 In addition to these vulnerabilities, students will gain skills and experience with the following:

  • Modern development styles, approaches and architectures

  • Motivations and mindsets shared across development teams

  • Fostering security culture change from outside of the development area

  • Scaling security support without scaling the number of security people you have

 This course is designed to be hands on and interactive. Lecture material is combined with a range of custom built labs to test students and let them experiment with the vulnerabilities in action.


2 days (08:30 - 16:30)




All security roles supporting application development teams

Price per person

$1200 (excluding GST)