COVID-19 has made companies pay more effort in the development of their websites to incorporate e-commerce function.
As business websites can hold a vast amount of valuable client data, they become attractive targets of hackers. Hence, insecure web applications can increase the risk of data leakages and system compromise incidents.
This programme helps website administrators keep abreast of the recent development of web applications, common web applications, common web application security issues and tactics to secure websites. A hands-on lab will be provided for participants to gain practical experience in checking and verifying the security (or penetration testing) of a fully functioned e-commerce website.
Date and Time
9 – 10 November 2022, 09:30 – 17:00
1/F, HKPC Building, 78 Tat Chee Avenue, Kowloon, Hong Kong
Cantonese with English terminology
Latest Web Security Landscape
- Basics of web technology
- Well known web compromised security incidents
Common web application issues (on different platforms and applications)
- Insufficient HTTP Headers
- CSP, SOP, CORS
- Issues with Client-Side Security Measures
- In-depth into Cookies and Sessions
- Local Storage
- Insufficient Data Escaping
OWASP Top 10
- OWASP Top 10 2021 for Web Application
- How to harden website to prevent OWASP Top 10 issues
OWASP Juice Shop Workshop
- Hands on exercise to identify security vulnerabilities and fix them
Tools for Website Security Testing and Verification
- Useful Chrome browser plugins for developers
- OWASP ZAP
Early Bird Price (deadline on 30 September 2022):
- Staff of Organiser or Member of Supporting Organisation: HK$6,000
- Non-member : HK$6,200
- Staff of Organiser or Member of Supporting Organisation: HK$6,200
- Non-member : HK$6,400
Mr Bernard KAN
Bernard KAN has over 20 years of experience in information security as a security team leader in Banking and Telecommunication industries and HKCERT.
He has been delivering quality information security training to enterprises, talks in in security conference and sharing sessions to NGOs. He was a frequent speaker for security awareness training.
He had been a part-time lecturer a post-graduate Information Security certificate course of City University of Hong Kong for 6 years.
Bernard holds various professional certifications, including CISSP, GCIA, GCIH, CWSP, CCNP, MCSE and CEC. He is a Master of Science degree in E-Commerce.
- Website owners interested in web application security
- Web application developers
- Information security staff interested in enhancing hands-on experience on web application testing
Certificate of Training
Participants who have attained 75% or more attendance will be awarded Attendance Certificate.