Web Security Bootcamp

2 or 3 Days
In-House or Remote
German or English

Hands-on Attack & Defense

Prior to conducting the training with your team, we’ll have an initial scoping meeting. This session is designed to customize the course to your specific requirements, helping us decide on the most suitable approach and focus areas to address your needs effectively.

In my fully packed hands-on bootcamp-style training, you will experience how hackers approach a typical web application to learn about the security vulnerabilities seen in many web applications and backends/APIs.

Also, we often switch the sides during the training into the defender’s perspective to learn how primary and secondary countermeasures harden the security posture of today’s applications and backends in a defense-in-depth way.

All exercises are executed against an attendee-individual training environment, which I prepare and individually spawn for each attendee in my cloud. Just a web browser is required to attend and no pre-installations are necessary on the attendees’ machines. To allow recapping the practical exercises, attendees receive Docker containers after the course with the training environment and all exercises to be able to run them locally on their machines.

The material and hands-on exercises cover the latest Top 10 contents: OWASP Top 10 2021 + OWASP API Top 10 2023.

My hands-on web security bootcamp covers many vulnerabilities and defense measures, including:

  • Injection Vulnerabilities, including Post-Exploitation towards Remote Code Execution (RCE)
  • XML External Entity Attacks (XXE)
  • Path-Traversals (including ClassPath-Traversals)
  • Cross-Site Scripting (XSS): Reflected, Persistent, DOM-based and different contexts
  • Session Attacks, etc.
  • Authentication Bypass
  • Information Disclosures
  • Server-Side Request Forgery (SSRF), especially in cloud-based environments
  • Attacks on File-Uploads and -Downloads
  • Attacks on WebSockets
  • Java Deserialization Vulnerabilities & Attacks
  • Advanced XML Attacks (leading to RCEs)
  • JSON Attacks (leading to RCEs)
  • and many more

This bootcamp-style training introduces the mentioned vulnerabilities and focuses also on defensive aspects to remediate these vulnerabilities in a defense-in-depth style. If instead you’re more offensive-oriented and interested in the art of exploitation of these vulnerabilities rather than the defensive approaches, the Pentesting Training might be of more interest to you.

Being a full-fledged bootcamp training, also DevSecOps scan automation techniques are presented. If you’re interested in automation of security scans inside CI/CD build pipelines, the DevSecOps Coaching might also be of more interest to you, either as an addition or a replacement.

What attendees will receive

All my trainings can be held in German (native speaker) or English (business fluent).

Attendees receive the following along with my training:

  • Access to cloud-based training environments (individually spawned for each attendee).
  • All slides and workshop material as a set of PDFs.
  • Lifetime access to GitHub and DockerHub repos with my training environments in order to recap all exercises with a working setup (including freshly added stuff in the future).
  • Support via mail for setup and exercise handling afterwards.
  • Printed and signed Certificate of Attendance listing the training contents.

Training Certificates

Interested in your organization’s individual quote? Let’s talk.

Different Options

As always in life, there is no one-fits-all solution. So regarding the concrete setup and execution of my trainings and workshops, you have different options and variants to choose from.

Fully customizable training agenda

In case you want certain aspects of your technology stack or specific internal process or tools covered during the training: The training agenda can be customized to your needs, resulting in an individual setup and content.

On-site or Remote? – Choice is yours!

My trainings and workshops can be executed on-site (either directly at your office or at one of my training sites) as well as fully remote for home-office workers. Even hybrid variants are possible, where some remote-only workers can join online, while I execute the training on-site for the majority of the attendees. I’ve already conducted numerous online-based variants of my training, even for bigger audience groups.

Either way, attendees just need a browser as nothing needs to be installed locally, since my training runs with attendee-individual environments in my cloud.

Alternative option: Professional training recording

In case you would like to have a customized version for your company recorded as a set of chapters and lessons for your in-house video-based electronic learning platform: Let’s talk

I can record a customized training session (without attendees) and provide you with professionally cut chapters exported as SCORM, MPEG, and other formats. This package includes digital training slides and the runnable training environment for local offline training. If you and all attendees prefer to record a live training while being held, this is also possible and would produce a video handout of the full course.

That way, several companies have successfully enriched their own internal video-based training offers with my hands-on security workshops imported into their own electronic learning platforms.

Professional Recording

Self-paced training preferred? — No problem

My live Web Security Bootcamp is also available as a set of self-paced training video sets along with the training material and a cloud-based training environment for the exercises. This package encompasses over 25 high-quality module videos, each lasting between 30 and 60 minutes, tailored for participants to learn at their own pace.

As participants advance through the course in their personalized cloud environment, they might have questions or need clarification on certain topics. Therefore, learners can opt to jump into regular Q&A sessions with me (for example, offered weekly or bi-weekly) to discuss their queries and delve deeper into specific areas of interest. Participants are also welcome to email me for tailored guidance on the module they’re currently working on, ensuring an interactive and supportive learning experience.

As a company, you can opt to incorporate special topic update-modules into the subscription. These modules are designed to cover the latest trends and advancements in web security, keeping your employees abreast of the ever-evolving landscape of the cyber-security world.

This subscription model is perfect for larger groups seeking the freedom of self-paced learning with the benefits of still having live interaction with me as their trainer and ongoing support. Upon successfully completing the course units, learners will be awarded a certificate of participation, showcasing their commitment and expertise in web security.

Let’s discuss the details and tailor a solution that best fits your needs in web security training.


What Customers Are Saying

Ein tolles Seminar. Inhalte und Methodik bitte unverändert lassen!

Training Attendee

Fachlich sehr fit, ist sehr gut auf Rückfragen eingegangen.

Workshop Attendee

Thank you very much for your training! It was very interesting and bit too short though for such a pile of knowledge :-) People of the team have learnt a lot and talk positively about it.

Training Attendee

Von meiner Seite nochmals vielen Dank für die Durchführung des Trainings. Die Rückmeldungen der Teilnehmenden war in allen Belangen positiv und auch immer mit dem Vermerk, dass das Training zu unserem Unternehmen passt.

Training Organizer

Fachlich sehr gut — sehr gute Präsentation

Training Attendee

Auf diesem Wege noch einmal Feedback zu den vergangenen drei Tagen: Die Schulung entsprach absolut meinen Vorstellungen. Die Themen die behandelt wurden sowie die Mischung zwischen praktischen und theoretischen Teilen waren absolut passend. Da merkt man deine jahrelange Erfahrung.

Training Attendee

Time well spent! Thanks a lot, I thoroughly enjoyed the training and depth of content.

Training Attendee

Ich fand die Schulung insgesamt sehr informativ und hilfreich. Die Erklärungen waren klar und gut strukturiert. Es wurden wichtige Sicherheitskonzepte abgedeckt und es gab ausreichende Beispiele, um Konzepte zu veranschaulichen. Ich konnte vieles mitnehmen. Vielen Dank für die Schulung :)

Training Attendee

Sehr intensives Seminar, sehr gut und klar dargestellt!

Training Attendee

Insiderwissen aus dem Security-Pentesting Bereich wurde echt gut vermittelt. Fachlich in der Thematik sehr breit und top aufgestellt. Er ist speziell eingegangen auf die bei uns eingesetzten Technologien. Trainer ist fachlich, didaktisch und persönlich spitze. Geht gut auf Fragen ein. Guter Aufbau der Fortbildung.

Training Attendee

Hervorragende Beispiel-Anwendungen. Dozent kann sehr gut erklären.

Training Attendee

Sehr hohe Fachkompetenz! Didaktisch sehr gut. Interessant mit vielen praktischen Übungen. Ein vermeintlich “trockenes”, aber sehr wichtiges Thema, wurde sehr gut transportiert und weitervermittelt.

Training Attendee

Sehr interessant, sehr praxisnah, kurzweilig & auf alles eine Antwort ;)

Training Attendee

Thank you Christian! Superb content and explanations, I learned a lot.

Workshop Attendee

Die Teilnehmer waren von der Schulung begeistert, kaum eine Umfrage fällt so gut aus! Wir freuen uns, dass die Rückmeldungen so positiv ausgefallen sind und die Teilnehmer sich derart für das Thema begeistern konnten! Wir hoffen sehr, dass wir in Zukunft noch mal (und hoffentlich oft) die Gelegenheit haben werden zusammenzuarbeiten!

Training Company

Sehr praxisnah, instruktiv, und didaktisch hervorragend aufbereitet! Hat irre Spaß gemacht!

Workshop Attendee

Es wurde auf sehr viele Themen hingewiesen, die mir neu waren und für meine Arbeit wichtig sind.

Workshop Attendee

Thank you so much Christian, very informative, substantial and useful.

Workshop Attendee

Die Fortbildung war absolut klasse. Ich habe mittlerweile über 10 Jahre Berufserfahrung und in all den Jahren ist die Fortbildung eine der besten gewesen, die ich absolvieren konnte.

Training Attendee

Vielen Dank nochmal für den sehr sehr guten Workshop heute. Ich wollte nochmal ein großes Lob zu deinen Vorträgen und deinem Workshop aussprechen, wirklich sehr gelungen! Man möchte einfach damit loslegen und es selbst ausprobieren. Einfach klasse!

Workshop Attendee

Jeder Entwickler sollte die Schulung mal gehabt haben.

Training Attendee

Spannende und inspirierende Veranstaltung mit einem Referenten, der sein Wissensgebiet vollumfänglich beherrscht.

Workshop Attendee

Thanks a lot, it was a very interesting and entertaining training!!! 🙌

Training Attendee

Really amazing and brilliant course. Happy to have chosen your training. Thanks for all the preparations and for accommodating lots of questions after the time ;).

Training Attendee

Ich möchte mich nochmals für das spannende Training von letzter Woche bedanken. Die vermittelten Inhalte waren sehr gut aufbereitet und das Training ergab ein gut geschnürtes Paket.

Training Attendee

Dein Workshop bei uns hat Wirkung gezeigt: Viele Teilnehmer haben versucht, in ihren Projekten Schwachstellen zu finden, auch mit Erfolg.

Workshop Organizer

Vielen Dank noch einmal für das hervorragende Intensivtraining diese Woche.

Training Attendee

Vielen Dank Christian! Obwohl ich kein Dev bin, konnte ich fast alles nachvollziehen und habe einiges gelernt. Absolut empfehlenswert!

Training Attendee

I enjoyed and can highly recommend this training. Christian is an awesome educator and teacher.

Training Attendee

Erst noch einmal recht herzlichen Dank für die 3 sehr inspirierenden Tage. Deinen Vortrag empfand ich sowohl didaktisch als auch inhaltlich sehr, sehr gut. Die vielen Workshop-Übungen haben zudem viel zum besseren Grundverständnis der Theorie beigetragen.

Workshop Attendee

Mega guter Workshop! DANKESCHÖN

Workshop Attendee

Vielen herzlichen Dank. Super vorgetragen und sehr sehr viele wichtige Informationen! Ich hab einiges neues gelernt…

Workshop Attendee

Thanks a lot! Also for the brilliant explanations and well-presented practical examples!

Training Attendee
Web Security Bootcamp
Join my upcoming two-day online training event:
21. – 22. November 2024 (click here to see details)