Practical Web Defense

Curious about this course?

Enroll now and get access to all of our material and labs!

Plans and Pricing


View enrollment pricing for individual students.


Purchase eLearnSecurity courses for your company.

Extremely Hands-on

Practice Web App defense against real world attacks. PWD includes the most sophisticated virtual lab on IT Security: Hera Lab

Discover Labs

Become Certified

Obtain the eWDP certification and prove your practical skills with the only 100% practical certification on Web Application Defense

Discover eWDP

Course at a glance

  • Close the gap between Web application attack and defense
  • Mitigation advices for multiple platforms and languages
  • The most comprehensive and practical coverage of the OWASP Testing Guide
  • Comprehensively aligned to OWASP methodologies, tools and tests
  • Covers and goes beyond OWASP TOP 10
  • Detailed techniques and methodology to simplify defense of web applications
  • No boring theory: practice oriented curriculum
  • Over 20 different lab scenarios to practice with
  • Advanced usage of OWASP ZAP, OWASP OWTF, ModSecurity...
  • Coverage of OWASP Cheat Sheets, OWASP OpenSAMM, OWASP ModSecurity Core Rule Set
  • After obtaining the eWDP certification qualifies you for 40 CPE

Course material

  • 25 hours of HQ video training material
  • 2700+ slides
  • 20 labs in Hera

Course delivery

  • Self-paced
  • Off-line access available
  • Access from PC, Tablet and Smartphone

Test drive this course for free

I agree to receive emails from Caendra Inc.


Download PDF Syllabus


  • Basic knowledge of programming fundamentals: loops, variables, functions, include files etc
  • Reading and understanding PHP code will help although not mandatory.
  • Basic knowledge of tools such as curl, Wireshark, OWASP ZAP (or Burp).
  • Knowledge of security concepts will be an advantage but is not required

This training course is for...

  • Web developers
  • Web app security researchers
  • Penetration testers
  • IT admins and staff


Each lab is associated with a chapter from the course and will provide you with a broken web application (or web service) that implements security flaws in the given chapter. You are expected to find security issues, develop a POC (Proof Of Concept) exploit for each issue found, fix the issue found, verify that the POCs no longer work and verify that the application remains working as intended.

Each lab will additionally provide you with "extra mile" challenges that you can use to get ready for the exam or just get more practice and experience.

Lab IDDescriptionCategory
Lab 1 Tool Introduction: OWASP, OWTF and the OWASP Testing Guide Intro
Lab 2 Information Gathering Web App Defense
Lab 3 Configuration Management Web App Defense
Lab 4 Authentication Web App Defense
Lab 5 Authorization Web App Defense
Lab 6 Information Gathering Web App Defense
Lab 7 Session Management Web App Defense
Lab 8 Business Logic Flaws Web App Defense
Lab 9 Data Validation Web App Defense
Lab 10 Cryptography Web App Defense
Lab 11 Denial of Service Web App Defense
Lab 12 Web Services: XML-RPC Web App Defense
Lab 13 Web Services: JSON-RPC Web App Defense
Lab 14 Web Services: SOAP Web App Defense
Lab 15 Web Services: REST Web App Defense
Lab 16 Web Services: XML-RPC II Web App Defense
Lab 17 Web Services: REST II Web App Defense
Lab 18 Client Side and Phishing Web App Defense
Lab 19 Error Handling and Logging Web App Defense
Lab 20 Virtual Patching and Intrusion Detection Web App Defense
Lab 21 Exam Preparation Web App Defense


Get the eWDP Certification

eLearnSecurity's eWDP (eLearnSecurity Web Defender Professional) certification proves that you have the hands-on skills to understand how web applications are attacked in the real world and what you can do to mitigate each and every attack. It will also improve your company's reputation and ensure your IT staff is well educated.

Learn more


  • Abraham Aranguren
    Abraham Aranguren

    Abraham Aranguren (CISSP, OSCP, GWEB, OSWP, CPTS, CEH, MCSE) is currently the Managing Director at 7ASecurity (7asecurity.com), a company specialising in penetration testing, code reviews, security advice and training, he is also the Project founder and leader of OWASP OWTF (owtf.org), an OWASP flagship project. Abraham has penetration testing experience since 2007 and web application design, development and architecture experience since 2000.After an information security honor mark at university, from 2000 until 2007 Abraham's contact with security was mostly from a defensive point of view: fixing vulnerabilities, source code reviews and vulnerability prevention at the design level as an application and framework architect. From 2007 forward Abraham focused more on the offensive side of security with special focus on web app security.

Enroll now and get access to all of our material and labs!

Go to top of page