We offer web security training courses for primarily two target audiences: First, developers who want to learn about web application security, Single Sign-On, TLS, XML, and web service technologies. Second, penetration testers who want to get an in-depth knowledge about web security. Our discussed topics are both known, and also usually unknown attacks, along with their countermeasures. Furthermore, we go into detail regarding solutions to automate security tests.

In the training for Secure Web Development, we use real-life examples where the participant will be taught how an attacker finds and exploits security vulnerabilities in web applications. In addition to well-known attacks such as SQL-injections, remote file inclusion, and cross-site scripting, there are also new threats from HTML(5) and NoSQL (e.g., MongoDB). The goal of this intensive training is to enable you to conduct smaller audits and penetration tests on your own. In addition, you will be able to understand and evaluate common attacks and to continually secure your web application regarding to these topics.

The training will address the following questions, among others:

  • How do attackers proceed when looking for vulnerabilities in a web application? Which tools and procedures are used?
  • How well is my web application protected against attacks? Where is it vulnerable?
  • How can I harden my web application against attacks in just a few steps?
  • Which measures are necessary to prevent future attacks against my web application?

Training Contents:

  • Short Introduction: HTTP, HTML, CSS, XML and DOM
  • Same-Origin Policy & Cross-Origin Resource Sharing
  • Social Engineering
  • Information Disclosure
  • Logical Flaws
  • Cross-Site Request Forgery
  • Cross-Site Scripting
    • Non-persistent XSS
    • Persistent XSS
    • DOM-based XSS
    • Self-XSS
    • Mutation-based XSS
    • Scriptless Attacks
  • Dangling Markup
  • Session Hijacking and Session Fixation
  • UI Redressing and Clickjacking
  • DOM Clobbering
  • File Inclusions and Path Traversal
  • Remote Command and Code Execution
  • SQL- and NoSQL-Injections
  • Secure Coding
    • OWASP TOP-10
    • Character Sets
    • DOCTYPE-Switch
    • Content Security Policy
    • Burp Suite
  • Security Requirements

Requirements: The course is designed for people who wish to familiarize themselves with web hacking. This course is particularly helpful for web developers (both front-end and back-end), heads of web development departments, and information security officers. It is also helpful if you have knowledge of web languages, such as HTML.

For your participation all you need is a computer. For optimal sound quality, we recommend using a headset.

Fixed dates for online training courses

In addition to the possibility of booking this training individually for your team, it is possible to register for one of our fixed dates. The next date for this online training is 15.09. - 17.09.2021. This training will be held in German.

Registration: Registration for the online training courses is via email to Prof. Dr. Marcus Niemietz and is possible until Wednesday, 01.09.2021.


  • Date: Wednesday, Thursday and Friday, 15.09. - 17.09.2021
  • Time: each day from 09:00 to 17:00
  • Duration: 3 days, 8 hrs. per day (incl. breaks)
  • Total price: 1.950€ plus VAT (per person)
  • Registration: by email to Prof. Dr. Marcus Niemietz
  • Registration deadline: Wednesday, 01.09.2021
  • Note: This training will be held in German.
  • Note: We reserve the right to cancel the training if there are less than 5 participants. A possible cancellation will be communicated at least one week before the training date.

Example: 15 Slides
Flyer: Secure Web Development

Dr. Marcus Niemietz

Your Contact for This Training

Prof. Dr. Marcus Niemietz