Securing Your E-Commerce Web Application Against Cyber Threats - HKPC Academy
Securing Your E-Commerce Web Application Against Cyber Threats
HKPC Building 78 Tat Chee Avenue Kowloon
Ms LEE Tel: +852 2788 5704

COVID-19 has made companies pay more effort in the development of their websites to incorporate e-commerce function.

As business websites can hold a vast amount of valuable client data, they become attractive targets of hackers. Hence, insecure web applications can increase the risk of data leakages and system compromise incidents.

This programme helps website administrators keep abreast of the recent development of web applications, common web applications, common web application security issues and tactics to secure websites. A hands-on lab will be provided for participants to gain practical experience in checking and verifying the security (or penetration testing) of a fully functioned e-commerce website.


1/F, HKPC Building, 78 Tat Chee Avenue, Kowloon, Hong Kong


Cantonese with English terminology

Course Outline

Latest Web Security Landscape

    • Basics of web technology
    • Well known web compromised security incidents

Common web application issues (on different platforms and applications)

    • Insufficient HTTP Headers
    • CSP, SOP, CORS
    • Issues with Client-Side Security Measures
    • In-depth into Cookies and Sessions
    • Local Storage
    • Insufficient Data Escaping

OWASP Top 10

    • OWASP Top 10 2021 for Web Application
    • How to harden website to prevent OWASP Top 10 issues

OWASP Juice Shop Workshop

    • Hands on exercise to identify security vulnerabilities and fix them

Tools for Website Security Testing and Verification

    • Useful Chrome browser plugins for developers
    • etc.


Early Bird Price : 

    • Staff of Organiser or Member of Supporting Organisation: HK$6,000
    • Non-member : HK$6,200

Regular Price:

    • Staff of Organiser or Member of Supporting Organisation: HK$6,200
    • Non-member : HK$6,400


Mr Bernard KAN

Bernard KAN has over 20 years of experience in information security as a security team leader in Banking and Telecommunication industries and HKCERT.

He has been delivering quality information security training to enterprises, talks in in security conference and sharing sessions to NGOs. He was a frequent speaker for security awareness training.

He had been a part-time lecturer a post-graduate Information Security certificate course of City University of Hong Kong for 6 years.

Bernard holds various professional certifications, including CISSP, GCIA, GCIH, CWSP, CCNP, MCSE and CEC. He is a Master of Science degree in E-Commerce.

Target Audience

    • Website owners interested in web application security
    • Web application developers
    • Information security staff interested in enhancing hands-on experience on web application testing

Certificate of Training

Participants who have attained 75% or more attendance will be awarded Attendance Certificate.

Download Full Course Detail ▼