AhmedMC Header - top and botton header
Login
shape
shape
shape

Web Security

Home / Web Security

Web Security
  • Basic computer skills.
  • Understands English.
  • A stable internet connection.
  • A laptop or desktop computer with Windows OS or macOS.
  • Recommended: Basic HTML/CSS and general web development knowledge.

4 weeks

$25 monthly

  • Beginner to intermediate web developers.
  • Students learning full-stack or backend development.
  • Developers who want to understand OWASP Top 10 risks.
  • Anyone building or maintaining web applications.
  • Aspiring cybersecurity or application security professionals.

Web Security

Web Security is a practical course designed to help trainees understand how modern web attacks happen and how to protect websites and web applications. This course focuses on the most common vulnerabilities used by attackers and the security best practices developers must follow.

You will learn how to identify real-world web security risks such as weak authentication, insecure inputs, session issues, and misconfigurations, and you will practice applying secure coding and security checks to reduce risk in modern web applications.

This course emphasizes thinking like both a defender and a tester: you will learn how attacks work (at a safe, controlled level), how to detect them, and how to fix them using secure design patterns and configuration hardening.

Learning format: This course does not require live class attendance. Course content unlocks weekly by topics, allowing trainees to study tutorials on their own schedule. Unlocked topics include assignments or projects that must be completed and submitted before their deadlines. The instructor provides weekly announcements, feedback, and reminders outlining the topics and tasks to be completed for that week.

By the end, you will be able to:

  • Explain the OWASP Top 10 risks and how they show up in real applications.
  • Harden authentication and access control (sessions, roles, permissions).
  • Prevent common injection issues (SQL injection, command injection) with safe patterns.
  • Reduce XSS, CSRF, and security header risks using modern browser protections.
  • Secure APIs (auth, rate limiting, input validation, CORS) and avoid common API mistakes.
  • Perform basic security testing and write a simple remediation plan.
  • Week 1: Introduction to web security (threat model, attacker mindset, OWASP Top 10 overview)
  • Week 1: Authentication basics (password storage, MFA concepts, sessions, login security)
  • Week 2: Access control (roles/permissions, IDOR, authorization failures, least privilege)
  • Week 2: Input validation & injection (SQLi basics, parameterized queries, validation patterns)
  • Week 3: Cross-site scripting (XSS) & output encoding (reflected/stored/DOM XSS, safe rendering)
  • Week 3: CSRF, cookies, and secure headers (SameSite, HttpOnly, Secure, CSP basics)
  • Week 4: Secure APIs (tokens, JWT pitfalls, rate limits, CORS, broken object level auth)
  • Week 4: Misconfiguration & deployment security (secrets, env vars, HTTPS, logging, safe defaults)
  • Capstone: Security review + remediation plan for a sample web app

Course window: Classes start at a specific time and end at a specific time.

Study format: Tutorials are self-paced and can be completed at any time during the course window.

Weekly structure: New topics unlock each week.

Deadlines: Assignments must be submitted before deadlines.

Instructor support: Weekly announcements and reminders are posted.

Registration Closed