Proactive Web Defense


A three-day cyber security training course in web application security and secure coding practices, helping to ensure that your software is resilient to attacks.


Proactive Web Defence is an exercise-driven training course that will guide you through exploiting vulnerabilities in a realistic website. Step-by-step tutorials will ensure that you gain a thorough understanding of a modern attacker’s mind-set and capabilities.

Equipped with this understanding, we will move our attention back to secure coding best practice and defensive programming techniques that can be used to make our applications robust and resilient to attacks.

How is the course different?

  • The course is delivered by experienced security professionals, who perform web application security assessments on a daily basis.
  • We focus on teaching offensive security techniques, so that you can fully understand the capabilities of modern attackers and therefore how to defend against them.
  • This is a practical, exercise driven course. We’ve developed a realistic web application with common flaws which allows us to show you how attackers would exploit these vulnerabilities in the real world.
  • We teach you how to introduce security in your development life-cycle in a practical manner, by combining secure coding principles, design and source code reviews and vulnerability assessment tools.

Who should attend

The course is aimed primarily at web developers although it is also suitable for technical project managers. The content caters for beginners with limited or no security knowledge and gradually progresses to advanced topics. Prior to attending Proactive Web Defence, it is recommended that you:

  • Can build a dynamic web application that can communicate with a database
  • Have a basic understanding of relational databases and SQL
  • Can read basic JavaScript (even if you can’t write it)
  • Understand the basic principles of web servers and HTTP

Course highlights

  • How to identify, exploit and remediate all the common web application security flaws, over and above the OWASP Top Ten
  • How to build secure web applications that can withstand advanced attacks
  • How hackers attack web applications, web servers and database servers
  • How to deploy secure web and database servers that can withstand an attack
  • The most up to date and effective secure coding practices

Benefits to your organisation

  • Helps to ensure that your software is resilient to an attack, against even the most advanced threats
  • Increases levels of trust and reputation when developing for external organisations
  • Increases your organisation’s overall understanding of security, reducing the time and cost of remediating vulnerabilities
  • Stimulates a positive attitude and an understanding of the importance of security within the development team
  • Fulfils secure coding requirements for PCI DSS


Download the Proactive Web Defense Brochure below for the full syllabus




MWR Training Proactive Web Defence


Interested in our PWD course?

Enter your details below and a member of the team will contact you with more information and to find out what your requirements are:

In house courses

We also offer in-house courses for up to 50 members of your staff, which can be customized to suit your unique requirements.

For private courses in the UK, call +44 (0)1256 300 920.

For private courses in South Africa, call +27 (0)10 100 3157.

For private courses in the US, call +1-888-742-9528.

You can also send us a message and we will get back to you to discuss your requirements.

Accreditations & Certificates

MWR is an accredited member of The Cyber Security Incident Response Scheme (CSIR) approved by CREST (Council of Registered Ethical Security Testers).
MWR is certified under the Cyber Incident Response (CIR) scheme to deal with sophisticated targeted attacks against networks of national significance.
We are certified to comply with ISO 9001 and 14001 in the UK, internationally accepted standards that outline how to put an effective quality and environmental management systems in place.
MWR is certified to comply with ISO 27001 to help ensure our client information is managed securely.
As an Approved Scanning Vendor MWR is approved by PCI SSC to conduct external vulnerability scanning services to PCI DSS Requirement 11.2.2.
We are members of the Council of Registered Ethical Security Testers (CREST), an organisation serving the needs of the information security sector.
MWR is a supplier to the Crown Commercial Service (CCS), which provides commercial and procurement services to the UK public sector.
MWR is a Qualified Security Assessor, meaning we have been qualified by PCI to validate other organisation's adherence to PCI DSS.
As members of CHECK we are measured against high standards set by NCSC for the services we provide to Her Majesty's Government.
MWR’s consultants hold Certified Simulated Attack Manager (CCSAM) and Certified Simulated Attack Specialist (CCSAS) qualifications and are authorized by CREST to perform STAR penetration testing services.