APIs · Foundations
Web Security Essentials
Threat-model common web stacks, implement mitigations, and communicate risk without fear-mongering.
3 weeks · 18 hours · Live online · Mon · 19:00–21:00 GMT
From £420 GBP · Certificate on completion
Overview
Security belongs in stand-ups, not only audits. You will practise STRIDE-lite thinking, cookie settings, CSRF defences, and dependency hygiene your pipeline can enforce.
What you work through
- Content Security Policy iteration without breaking analytics
- OAuth/OIDC mental models without treating tokens casually
- Secrets scanning in CI with sensible baselines
- Dependency review cadence tied to business risk
- Incident tabletop tailored to SMB scale
- Secure headers checklist for static hosts
- Privacy-by-design notes aligned with UK GDPR expectations
Outcomes
- Produce a one-page threat model stakeholders actually read
- Configure headers and cookies that survive QA
- Prioritise vulnerability backlog without everything marked critical
Lead contact
Elliot Fraser
Curriculum designer — security chapter lead.
Practical questions
Pen-testing?
Ethical hacking labs are out of scope; we focus on preventative engineering.
Compliance certifications?
Not included — we map concepts to ISO-style language only.
Limitation?
Mobile native security is mentioned but not exercised.
Participant notes
CSP module finally made our marketing site stop fighting the tag manager — Web Security Essentials was blunt in a useful way.
Ready to talk scope? Request information — we respond within two business days for general enquiries. See Money-Back Policy for cooling-off terms.