Web Security always is the impotent issue in web development. To face the newest threat of web vulnerability, keep learning to improve yourself and understand the root cause of vulnerability is the most impotent thing.

In the entry level course, we will introduce the OWASP TOP 10 basic web vulnerabilities, trainer will use the real world used cases to help students learn from basic to advanced. During the step by step laboratories to introduce the potential web attacks caused by the newest web development techniques and tools. In the end, we will introduce the method and theory of many web security defending mechanism. And explain why those mechanisms will fail and how many still be used in this days.

1. OWASP TOP 10
2. Lab 1 : Easy practices
3. Read world case study
4. Lab 2 : Hands-on practices part 1.
5. History of web security
6. Lab 3 : Hands-on practices part 2.
7. Introduce the defending mechanisms in the past
8. Lab 4 : Attack against your neighbors

In this lab, we will use the tool developed by trainer insteat of the comment web security exercise page. (Such as DVWA, WebGoat, etc)

Background knowledge:
- Know HTML, javascript
- Know how HTTP work
- • Know some basic knowledge of web security

Tool:
- Know python

Good to have:
- Experience of web development
- Experience of using open source software

Ubuntu (14.04 or 16.04) with docker installed

蘇學翔 (SYUE-SIANG SU) a.k.a. Boik
2 years experience in computer security focus on web security. He is active in promoting computer security and CTF in National Sun Yat-sen University.
Recently contribute some open source project in github.

TDOH system reacher team, 4th place of F-Secure Taiwan IT Security Competition, 2nd place of Vulreport vulnerability report points race, member of Bamboofox.