Last reviewed 29 September 2019 by Chris Riley (Trainer)


Building sites and applications that are secure is paramount. In this session we'll be looking at how to recognise vulnerabilities in existing developments, how these could be exploited and, of course, how to fix and guard against attacks.

Why this is important

It is our duty to build with security in mind. If what we build is not safe and secure, critical business relationships can be compromised. Insecurity allows for the spread and escalation of malware, attacks on other websites, and even attacks against national targets and infrastructure.


At the end of this training you will be able to:

  1. Recognise certain vulnerabilities of a web application, including those frequently featured in the OWASP top 10
  2. Test for security issues and understand how to prevent them

Learner Requirements

  1. Understanding of PHP, HTML and JS


  1. Intro to web security and common vulnerabilities
  2. Activity: Hack this site
  3. Review Activity


During Training

  1. Explore an application and find vulnerabilities in it.
  2. Discussion on impact of security vulnerabilities.
  3. Discuss as a group what steps need to be taken to prevent these security flaws.

After Training


Resources / Reference

  1. Intro Slides on Google Drive
  2. OWASP Top Ten
  3. Building secure web applications in PHP
  4. Building secure web applications in PHP 2018 edition