The 2-day workshop builds solid foundation of web security concepts and web security testing. It is not a course focused on a set of tools to do security testing rather the focus is on concepts and hands-on exercises during the workshop.

Following is what would be covered at a high level:

  • HTTP Essentials – Aspects of the protocol important for security
  • Security Basics
  • Attributes of Security
  • Anotomy of Web Security Attacks
  • Sources of Information on Web Security/Vulnerabilities
  • Relation to Testing Techniques and Approaches in Functional Testing
  • Automation aspects in Security Testing
  • Useful Browser Extensions
  • Using Web Proxies
  • Request Manipulation
  • OWASP Top 10
  • Thread Modeling
  • Fuzzing
  • Hands-On Threat Modeling
  • Exercises using WebGoat and other demo web applications

If you are interested in attending the workshop/knowing further details, please use the contact form or write to me at

Leave a Reply


1 2 12
June 30th, 2020

Arjuna 1.1.0 Production Release

July 23rd, 2017

The Last Keynote on Software Testing

July 23rd, 2017

The Agile Qtopia

July 23rd, 2017

Reflections:: Persistent Learning

February 28th, 2017

Reflections :: Servitude

January 9th, 2017

Reflections on Testing: Dignity

May 10th, 2016

The Pluralistic School of Testing

May 9th, 2016

Don’t Ignore Your Special Users

May 9th, 2016

The Dogmatic Agile – A Critique of Deliberate Blindness

October 9th, 2015

Pattern Thinking for Performance Engineers