How to Break Applications!

  • 2 Days
  • Intermediate
  • Virtual | Classroom
  • £ On Request

Learn how malicious actors can attack and break applications and infrastructure (and what you can do about it) in this 2-day workshop for software developers and quality assurance engineers.

Book For My Team


To better understand how to protect your software applications and infrastructure you first need to understand how malicious actors can target and attempt to hack into software systems. This course will show you how readily-available tools can be used to find and exploit vulnerabilities in your software, what you can do to avoid such exploits and how you can identify when your systems have been compromised.


This course will help software engineers understand how hackers break into applications and in doing so help them better understand how to protect their software and identify when things have been compromised.

  • Learn techniques used for breaking web applications
  • How to use of tools and automation to learn more about your software
  • Understand proactive vs reactive security
  • Identify indicators of potential issues, such as a compromised system


Setting the Scene

  • Understanding the impact of security issues
  • The threats haven’t changed but the method for delivery has
  • Every team member has an impact


  • Examples of successful compromises
  • The frequency and severity of attacks
  • Legislative requirements: CRA, DORA, Biden Cyber Security
  • Compliance requirements: ASVS, MASVS, OVS

How Attackers Identify Targets & Perform Reconnaissance

  • Use of tools to understand what is exploitable
  • Identifying areas of weakness
  • Identifying target information from OSINT sources
  • How to proxy HTTP traffic and understand weaknesses using Burp Suite
  • Open Source intelligence

Practical Security Issues

  • How to break stuff via the tools
  • Metasploit exploitation of vulnerabilities
  • Common flaws in authentication and session management
  • Choosing between allowlists and blocklists for validating input
  • Identifying and fixing misconfigurations
  • Guarding against sensitive data exposure
  • Introducing function level access control
  • Preventing cross site request forgery
  • Avoiding components with known vulnerabilities
  • Preventing unvalidated requests and forwards

Capture The Flag

  • Guided leaderboard session exploring & practising penetration & security testing techniques
  • Using of relevant Capture the Flag software depending on audience
  • OWASP Juice Shop for developers and testers involved with Front End development


Attendees should have at least 6 months' experience building applications. Ideally they should also have attended our threat modelling training.

About The Trainer

Simon Whittaker has been providing security services & training to both local organisations and some of the world’s largest companies for over 10 years.

Simon’s background in both development & System/Network Administration provides a great view on how best to compromise and secure required services & applications while also ensuring that training courses, content & practicals can be aimed at the right audiences.

Most of Simon’s work involves working with companies to test and improve secure coding practices, penetration & security testing and providing security consultancy to companies that are keen to improve their processes & procedures.

Simon also has great experience in developing & implementing efficient and effective practices across departments to assist with securing and retaining external quality recognition such as ISO27001.

Simon Whittaker

Helps companies and developers protect their software from the bad guys.

Follow Simon
For a breakdown of what to expect in our training, check out our training overview page.

Hugely interesting course and eye opening to understand all the vulnerabilities that exist. Even though we have security reps within the company this would make you think there is a need for specially trained staff whose sole focus is that.

This was a very detailed and interesting course that has covered number of topics which were interactive and easy to fallow. Simon was a great teacher who has explained everything really well and was very approachable. Thank you for your time and effort.

Deloitte logo
Atlassian logo
Workday logo
BMW logo
Amex logo
McAfee logo
PWC logo