Web Application Vulnerabilities – Workshop for Auditors
This hands‑on course equips auditors with the practical skills needed to understand, test, and evaluate web application security risks in real environments. Participants investigate each of the OWASP Top Ten Web Application vulnerabilities—along with additional high‑impact weaknesses—through guided exploitation labs that demonstrate how vulnerabilities behave, how to validate them safely, and what evidence is required to support audit conclusions. Each module blends a concise technical briefing with practical exercises that strengthen an auditor’s ability to identify control gaps, assess risk, and communicate findings with clarity and confidence.
Throughout the course, auditors explore how weaknesses arise in code, configuration, and architecture, and how to map those weaknesses to security controls, governance expectations, and industry frameworks. By the end of the training, participants will have a deeper understanding of each vulnerability category, improved ability to interpret audit results, and the confidence to provide actionable, risk‑aligned recommendations to both technical and non‑technical stakeholders. This workshop guides auditors through 20+ hands-on labs covering critical web application vulnerabilities—from broken access controls and injection flaws to insecure authentication, cryptographic issues, privilege escalation, modern API threats and many more.
CPE:
8
Program Level:
Intermediate
Delivery Method:
Live
Cost :
$275 for this 1-day workshop
Course Contents/Objectives
Key Learning Outcomes
-
Understand each OWASP Top Ten category from an auditor’s perspective, including risk drivers and control expectations
-
Perform hands‑on testing using tools, intercepting proxies, and structured audit procedures
-
Identify insecure patterns in code and configuration and link them to missing or ineffective controls
-
Evaluate remediation approaches and determine whether they sufficiently mitigate risk
-
Map vulnerabilities to audit evidence, risk ratings, and reporting requirements
-
Strengthen collaboration with developers, CISOs, and IT teams through shared technical understanding
NOTE: This course has an extensive hands-on component, since it is a workshop. Students should expect the majority of the class to be spent completing hands-on exercises. A laptop with the appropriate configuration is a requirement.
Laptop Required
Students are required to have a laptop in order to complete the hands-on exercises. The laptop should meet the following specifications for the student to get the most from the exercises:
• 16 GB RAM or higher
• 25 GB available hard drive space
• Windows 11 professional or later
• Administrator privileges including the capability to install and run tools, as well as disable anti-virus
• VMWare Workstation should be installed
Target Audience
• Internal Auditors
• IT Specialist Auditors
• IT Auditors
• IT Audit Managers
• Information System Auditors
• Information Technology Auditors
• Information Security Officers
• Developers
Prerequisites
Participants should be familiar with Internet technologies and commonly used Internet security controls. VMware Workstation should be installed before coming to class.
What People Say About Us
Denny
Linda
Paul