Secure Coding and Application Security Workshop - HKPC Academy
Secure Coding and Application Security Workshop
HKPC Building 78 Tat Chee Avenue Kowloon
Ms. LEE Tel: +852 2788 5704

Secure design and coding in DevOps with Threat Modelling are advanced and innovative in the software development market.

COVID-19 has accelerated digitalisation of businesses and increased presence of e-commerce. While company security doesn’t run at the same pace, it widens the appetite of hackers. As a result, many data leakage events arose from non-secure web applications.

It is crucial for businesses to make sure that their points of contacts (web applications) are secure to use in order to provide a safe experience for the customers.

The 2-day workshop is tailored for the ones with programming experience. It will take you through the web technology knowledge, common coding issues of web application, cloud security and secure coding to protect them. A practical hands-on lab will be provided to enhance participants’ understanding of secure coding.

Date and Time

8-9 March 2023, 09:30 – 17:00


1/F, HKPC Building, 78 Tat Chee Avenue, Kowloon, Hong Kong


Cantonese with English terminology

Course Outline


    • Latest web security landscape
      • Web technology concepts
      • Well known web compromised security incidents
    • OWASP ZAP and its usage
      • Hand-on exercise with OpenCart
    • OWASP Top 10
      • OWASP Top 10 2021 for Web Application
      • Demonstration with OWASP Juice Shop
      • How to harden website to prevent OWASP Top 10 issues


    • Summary on common web application issues (on different platforms and applications)
      • Insufficient HTTP Headers
      • CSP, SOP, CORS
      • Issues with Client-Side Security Measures
      • In-depth into Cookies and Sessions
      • Local Storage
      • Insufficient Data Escaping
    • Application Security Threat Modeling
      • Common threat models: STRIDE, Cyber Kill Chain, etc.
      • Threat modeling process
      • Tool: OWASP Threat Dragon
      • Threat modeling exercise
    • Secure coding workshop
      • Secure coding concepts
      • Hands on exercise on securing web application (virtual machine with all relevant security tools will be provided)
    • Application security in the cloud
      • DevSecOps and CI/CD
      • Cloud application security best practices


Early Bird Price (deadline on 8 Feb 2023): 

    • Staff of Organiser or Member of Supporting Organisation: HK$6,500
    • Non-member : HK$6,600

Regular Price:

    • Staff of Organiser or Member of Supporting Organisation: HK$6,700
    • Non-member : HK$6,800


Mr Bernard KAN

Bernard KAN has over 20 years of experience in information security as a security team leader in Banking and Telecommunication industries and HKCERT.

He has been delivering quality information security training to enterprises, talks in security conference and sharing sessions to NGOs. He was a frequent speaker for security awareness training. 

He had been a part-time lecturer a post-graduate Information Security certificate course of City University of Hong Kong for 6 years. 

Bernard holds various professional certifications, including CISSP, CCSP, GCIA, GCIH, CWSP, CCNP, MCSE and CEC. He is a Master of Science degree in E-Commerce.

Target Audience

Anyone new in cyber security with an interest in coding and application security includes:

    • IT Officer/Manager
    • Programme/Developer
    • Information Security Personnel
    • Product Manager

Note: Programming experience is required.

Certificate of Training

Participants who have attained 75% or more attendance will be awarded Attendance Certificate.

Download Full Course Detail ▼