Break & Fix Web Applications

Course Outline

Web applications play a crucial role in the visible web. Organisations must have a web presence to conduct a variety of activities, which were once limited to internal networks or specific setups, but are now more internet-facing. Web applications hold far more control, data and power over an organisation then ever before. This is why we have designed a course that covers both the offensive and defensive aspects of web application security.

The course includes a comprehensive approach to web application security, covering both the offensive and defensive aspects. It includes code-assisted penetration testing, which is a method of testing the security of a web application by analysing the source code. It covers attack and defense techniques, as well as detection methods. Our course takes an exploratory approach, providing attendees with an environment to not only attack but also fix and test the resilience of the fix, giving them a well-rounded understanding of web application security.

Course Syllabus


  • Security Development Life Cycle
  • Setting up Application CI / CD Pipeline
  • Basics of Threat Modelling
  • Attack Surface mapping


  • Software supply chain
  • Identity and Access Management
  • Injection Attacks such as SQL, SSRF, SSTI, CSTI, XSS and more
  • API
  • Deserialization


  • Adding Security to CI / CD
  • Holistic security setup
  • Protecting the supply chain

How to attend

Cyfinoid offers its trainings via multiple international conference. Details for the next class will be updated here.

Scroll to Top