Web Security Essentials

A Pragmatic Web Security course

This 2-day course will show you how hackers target your applications, how you can protect them, and which best practices you should be applying today!

Learn more Register

How are hackers coming after your applications?

Do you have any idea how many files you send to the user are modified in transit?

When a user logs in, do you know if they are impersonated by an attacker?

Do you know what an attacker can do with a single XSS vulnerability, regardless whether it's stored or reflected?

Unsure about the answer to one of these questions? Then be sure that the Web Security Essentials course is a perfect fit for you. During this intensive 2-day course, we will explore how hackers abuse common vulnerabilities. You will learn which countermeasures are available. In the end, you walk away with a set of current best practices you should be applying today!

All previous participants highly recommend the course to others. Here are a few notes of what they had to say.

This 2-day training already makes a world of difference.

One-on-one discussions during the lab sessions help solve specific questions.

Great training, very up-to-date with information about the latest security technologies.

Whether you’re a veteran or new, everyone in the industry should attend this training.

To ensure an interactive and immersive experience, seating for this course is limited.
Book your seat now

Web Security Essentials

October 15 - 16, 2018 — Leuven (BE)

Day 1

Registration and welcome coffee
The security model of the web
Lab session
The impact of HTTPS on an application
Coffee break
Lab session
The modern TLS certificate ecosystem
Lunch break
Secure password storage
Coffee break
Lab session
Authentication best practices
End of day 1

Day 2

Welcome coffee
Multi-factor authentication
Lab session
Coffee break
Implementing secure sessions
Lab session
Lunch break
Cross-Site Scripting (XSS)
Lab session
Coffee break
Content Securuity Policy (CSP)
Lab session
Overview of best practices
End of day 2

Security for developers

Philippe De Ryck

PhD in web security
Google Developer Expert

Philippe De Ryck is the founder of Pragmatic Web Security, where he travels the world to train developers on web security and security engineering.

During his Ph.D., Philippe gained a deep understanding of the web, its vulnerabilities and its security technologies. In this course, he channels this knowledge into practical and actional security advice for developers.

Lectures, demos and labs

In-depth lectures focus on focus on understanding why vulnerabilities exist, and how defenses work. Hands-on lab sessions, based on a custom-built training application, explore attacks and defenses in a realistic setting.

Actionable advice

Each module provides actionable advice to improve the security of your applications. Throughout the course, we build up a set of best practices. In the concluding module, we give an overview of best practices, and their priorities.

State-of-the-art technologies

As the web security landscape is in constant evolution, so is the Web Security Essentials course. Each module covers current best practices, but also looks forward to upcoming security features, currently being implemented across browsers.


Previous participants gave the Web Security Essentials course a 100% recommendation rate. The testimonials below tell you why you should attend this course.

Web security and application security are gaining more and more attention. As a developer, you know what's going on, but since these domains are very broad, it is hard to see the full picture. We were not sure whether the Web Security Essentials course was a good fit for our company.

Once the course started, these doubts vanished. The course is well-structured, and accessible for both frontend and backend developers. It changes the way you look at the development of web applications. Following theory sessions with hands-on labs creates an interesting combination. On top of that, you get a head start with the right tools to assess your own application. The gained knowledge and skills are directly applicable, and immediately shared with colleagues. This training has changed the way we work and affected the security of our product.

This training deserves a high recommendation. The course offers varied, up-to-date and detailed content. Security may still be low on the radar, but this 2-day training already makes a world of difference.

Sam Verschueren — Lead Software Engineer, Pridiktiv NV

Whether you’re a veteran or new, everyone in the industry should attend this training. Either the hands on sessions will be an eye opener on the dangers of failing security and you'll learn how to avoid creating security holes, or it’ll bring you up to speed on latest HSTS policy or CSP headers and properly protect your application using the latest standards.

Thank you Philippe for our in-depth and valuable talks!

Maarten Segers — Consultant, AMPLEXOR

As web architect, security is an important concern in the design and implementation of an application. However, I must admit, my knowledge on the subject was quite sparse as it was difficult to me to find a main reference on the subject.

For this reason I decided to join the Web Security Essentials training. The course allowed me to have a complete overview on the subject, understand the main security pitfalls, and use some of the most important tools to overcome them.

The awareness of the main security threats is key in my daily work with big companies and the course well addresses it via the presentations and the practical labs. I would recommend this training to all web developers and architects: the balance between the slide sessions and the practical labs made the course a joyful full-immersion in the security field.

Nicola Di Giorgio — Software Architect/CEO, PREGIOTEK sprl

Thanks for providing this course packed with very up-to-date information. I greatly appreciated the good balance between theory and hands-on labs which allowed me to gain a deeper understanding and new insights on web security measures to defend against current threats. I'm also really grateful for the excellent hand-outs, providing concise but complete information presented in a way that helped me a lot to better understand the more advanced web security mechanisms.

Stefan Eestermans — ICT Security Consultant, Optaris sprl

I was looking for information to get an idea of what kind of issues modern web applications face (or do not face), and how much an attacker needs to invest to launch various kinds of attacks. I do not believe such information can be obtained from high-level overview presentations. I was looking for a more hands-on approach, to get some experience with issues that managers often sweep under the rug as unimporant.

The course delivered on my expectations, not only by confirming that modern web applications face various threats, but also by clarifying that numerous threats depend on the level of freedom users have. Thanks to the Web Security Essentials course, I know have a better and more concrete understanding of what needs to happen to build a secure application.

Paul Valckenaers — Senior Researcher, UCCL

Practical information

What do I need to participate in the lab sessions?

You will receive a VirtualBox image containing all required software and tools at the start of the training. All you need to bring is a computer capable of running VirtualBox VMs.

What course materials do I get?

Pragmatic Web Security offers high-quality course materials. The detailed slides used throughout the lectures are provided both in print and in PDF format. Documentation for the lab sessions is provided within the training environment.

Do you offer course certificates?

Yes, at the end of the course, you receive a personalized and signed certificate of completion.

What is the price?

The price for participating in the full course is € 1 200 excluding VAT. An Early Bird discount is available for a limited period.

If you are a startup, you may be eligible for the Startup Discount Plan (see below).

What is the Startup Discount Plan?

To encourage startups to take security seriously, the Startup Discount Plan offers a 50% discount on the price of the full course. This discount is available to any company that meets all of the following requirements:

  • Is privately held
  • Has been in business for no more than 3 years
  • Is engaged in development of a software-based product or service
  • Is an established business with a website and/or existing public references on the Internet
    Please note that any recently registered affiliates of existing business entities and business entities that were incorporated as a result of any legal/business process (merger, acquisition, etc.) do not qualify for this discount.

If you want to benefit from the Startup Discount Plan, please provide documentation to show that you meet these critera (e.g. Memorandum of Association). You can reach Pragmatic Web Security at registrations@pragmaticwebsecurity.com. After approval, you will receive a discount code which you can use to register for the course.

How do I register?

Registrations are handled by EventBrite, which offers various methods of payment. You can purchase a ticket using one of the registration buttons on this page.

Where will the training take place?

The course takes place at the Faculty Club in Leuven, Belgium. The full address is Faculty Club, Groot Begijnhof 14, 3000 Leuven. The venue offers free parking, and is easily reachable by public transportation. For more information, check out the site of the venue.