Popular ISO 9001 Quality management > ISO 13485 Quality management for medical devices > ISO 14001 Environmental management > ISO 22301 Business continuity > ISO/IEC 27001 Information security > ISO 45001 (OHSAS 18001) Occupational health and safety > View all standards >
Access and buy standards How to access standards > Decide which option works best for your business Buy standards > Standards subscriptions > BSOL > Full standards collections Compliance Navigator > Medical device standards Eurocodes PLUS > Structural design standards BSI Membership > Services include knowledge centre, events and discounts
About standards What are standards? > Find out on how standards can help The role of BSI > UK Standards Organization, ISO, IEC, CEN, CENELEC, ETSI Get involved > Become a standards maker, join a committee Have your say > Propose or comment on a standard Consumer alerts > Know which products have been recalled
Working with standards Business and industry > Build trust and win more business, no matter the size of your company Government > Enhancing standards infrastructure, technical assistance and capacity building Education > Supporting students, research programmes, and young professionals Consumers > Tackling issues consumers face through BSI Kitemark and Consumer and Public Interest Network (CPIN)
Standards and information Access and buy standards > Search our standards catalogue Develop a standard > Work with BSI to develop a standard Online subscription services > BSOL, Compliance Navigator, Eurocodes PLUS, BSI Membership and SCREEN Standards services > Create a fast-track standardization document, Consultancy, Research and Insights and International Projects
Auditing, certification and training Assessment and ISO certification > ISO certification and others eg: IATF, FSSC Auditing and verification > Supplier audits, custom audits and internal audits Product testing and certification > BSI Kitemark, CE marking and verification, Market access solutions Validate BSI-issued certificates > Check company, site and product certificates
Training courses > Individual, group and company-wide training Medical devices services > CE marking for medical devices, MDR and IVDR, quality management for medical devices Compliance software and solutions > Software tools and solutions for governance, cyber security, risk and supply chain management
Consulting practices Cybersecurity and information resilience > Standards Consulting > Management advisory service Supply chain management > View all BSI services >
Industry reports, research and news COVID-19 > Digital construction > BIM, smart cities and connected assets Future of mobility > Global market access > Health, safety and wellbeing >
Information security > Cybersecurity, privacy (GDPR) and compliance Innovation > Internet of things (IoT) > Organizational resilience > Sustainability and circular economy > View all topics >
Blogs Built Environment > Cybersecurity and information resilience > Food Industry > Medical devices > Small Business > View all blogs >
About BSI > BSI impartiality > Our accreditation > Our clients and partners > Our financial information >
Our governance > Our legal information > Our Royal Charter > UK National Standards body > The global role of BSI as the national standards body
Careers > Events and conferences > Media centre > Social responsibility > Modern slavery statement Contact us >
Data protection (GDPR) > Data subject access request (DSAR) > Outsourced data protection officer (DPO) > Cybersecurity and compliance services > Cloud security services > Incident response > Security testing > Vulnerability assessment > PCI DSS consultancy > ISO 27001 consultancy > IT audit and assessment > Cybersecurity audit and assessment > View all our services >
Services Email security > End user security awareness > eDiscovery/eDisclosure and digital forensics > Critical infrastructure security > Security testing cyber lab > Ransomware prevention and recovery > Public sector services >
Our solutions Secure web gateway > Cloud access security broker > Identity and access management > Managed security > Cloud encryption > Vulnerability management > Cloud and endpoint data backup > View all our solutions >
Our partners Zscaler > Proofpoint > McAfee > Okta > Druva > Alert Logic > Qualys > BitSight > MediaPRO >
Cybersecurity training courses Certified Information Privacy Professional Europe (CIPP/E) > Certified Data Protection Officer (CDPO) training course > Certified Information Security Manager (CISM®) > Certificate in Information Security Management Principle (CISMP) > View all cybersecurity training courses >
Training solutions Proofpoint - End user security awareness training > MediaPRO - Cybersecurity and Privacy Education >
Fundamentals of Web Application Defence training course Our one-day Fundamentals of Web Application Defence training course is a great opportunity for you to look at web applications through the eyes of the hacker. You'll learn about insecurities, vulnerabilities and exploits that lay within web applications and how to use secure design and development best practices to eliminate these risks. This course will give you the confidence to reduce the risk of web applications for your business. Who should attend? Those responsible for developing, managing, testing or maintaining web based applications, or anyone with an interest in ensuring the security of their web presence, such as: Web application developers Compliance officers Technical managers Information security team members IT Managers Team leaders What will I learn? Web application security Authentication Session management Authorization Data validation Information disclosure Code injection Cross site scripting Path traversal OWA SP Top 10 Threat modelling Security methodology How will I benefit? Gain an understanding of the best practices for web application defence Get the opportunity to sample our vulnerable web application – helping you put the theory into practice Gain insight into the insecurities, vulnerabilities and exploits that lay within your web applications Confidently identify and eliminate these new risks before they result in damage to the organization What's included? Comprehensive course materials Penetration testing toolkit Access to a vulnerable web application Certificate of attendance Lunch Refreshments
