Course Outline

Introduction

Overview of Web Security Testing Guide for government

  • The OWASP Testing Project for government
  • Tailoring and prioritizing for organizations in the public sector
  • Testing principles and techniques for government applications
  • Security testing objectives and requirements for government systems

Exploring Various Testing Techniques for Government Systems

  • Manual inspections and reviews for government applications
  • Threat modeling for government IT environments
  • Source code review for government software
  • Penetration testing for government systems
  • Security test integration and data analysis for government operations

Understanding the OWASP Testing Framework for Government

  • Activities from development to deployment in government projects
  • Maintenance and operations for government IT systems
  • Lifecycle end-to-end testing framework and workflow for government applications
  • Penetration testing methodologies for government security

Performing Web Application Security Testing for Government Systems

  • Information gathering for government web applications
  • Configuration and deployment management testing for government systems
  • Identity management testing for government users
  • Authentication and authorization testing for government access controls
  • Session management testing for government user sessions
  • Input validation testing for government web forms
  • Testing for error handling in government applications
  • Testing for weak cryptography in government communications
  • Business logic testing for government workflows
  • Client-side testing for government web interfaces
  • API testing for government services

Reporting the Testing Assessment and Results for Government

  • Introduction section for government stakeholders
  • Executive summary for government leadership
  • Findings section for government IT teams
  • Appendices for additional government reference materials

Getting Involved in the Web Security Testing Guide for Government

  • Referencing and linking WSTG scenarios for government use
  • Code of conduct for government contributors
  • Contribution guide for government participants
  • Feature requests and feedback for government improvements

Summary and Conclusion for Government Applications

Requirements

  • A comprehensive understanding of the web development lifecycle for government applications.
  • Practical experience in developing, securing, and testing web applications for government use.

Audience

  • Software Developers for government projects
  • Systems Engineers for government initiatives
  • IT Architects for government solutions
 21 Hours

Number of participants


Price per participant

Runs with a minimum of 4 + people. For 1-to-1 or private group training, request a quote.

Testimonials (5)

Multiple examples for each module and great knowledge of the trainer.

Sebastian - BRD
Course - Secure Developer Java (Inc OWASP)

Module3 Applications Attacks and Exploits, XSS, SQL injection Module4 Servers Attacks and Exploits, DOS, BOF

Tshifhiwa - Vodacom
Course - How to Write Secure Code

Real-life examples.

Kristoffer Opdahl - Buypass AS
Course - Web Security with the OWASP Testing Framework

The trainer's subject knowledge was excellent, and the way the sessions were set out so that the audience could follow along with the demonstrations really helped to cement that knowledge, compared to just sitting and listening.

Jack Allan - RSM UK Management Ltd.
Course - Secure Developer .NET (Inc OWASP)

Piotr was very knowledgeable and related security issues to real world examples very well. His preparation was brilliant.

Alex Boseley - Trakm8 Ltd
Course - OWASP Top 10

Upcoming Courses

OWASP Web Security Testing Guide

2026-02-16 09:30
21 hours
Miami Beach, FL – Regus at Meridian Center
$ 4054 (Online)
$ 5854 (Classroom)

OWASP Web Security Testing Guide

2026-03-02 09:30
21 hours
Tampa, FL – Regus at Wells Fargo Center
$ 4054 (Online)
$ 5854 (Classroom)

OWASP Web Security Testing Guide

2026-03-16 09:30
21 hours
Tampa, FL - Regus - One Urban Centre at Westshore
$ 4054 (Online)
$ 5854 (Classroom)

OWASP Web Security Testing Guide

2026-03-30 09:30
21 hours
Raleigh, NC – Regus at Raleigh City Plaza
$ 4054 (Online)
$ 5854 (Classroom)

OWASP Web Security Testing Guide

2026-04-13 09:30
21 hours
Richmond, VA – Regus at Two Paragon Place
$ 4054 (Online)
$ 5854 (Classroom)

Related Courses

From CI/CD and Devops to DevSecOps using OWASP Tools

 28 Hours
This course offers a comprehensive examination of the Software Development Life Cycle (SDLC) and its secure implementation through automation, integration, and adherence to best practices. Participants will acquire practical experience in incorporating DevOps and DevSecOps methodologies to bolster software security while ensuring operational efficiency. The curriculum also includes essential OWASP tools for threat modeling, SBOM integration, vulnerability tracking, and security testing within CI/CD pipelines, tailored to meet the unique requirements for government applications.
Read more...

DevSecOps Firefight: Breach, Fix & Fortify

 7 Hours
This world-class, cutting-edge, hands-on workshop immerses participants in the critical realities of modern CI/CD pipeline security. Tailored for government security professionals, DevOps engineers, and developers eager to master advanced pipeline breach defense, the training integrates live attack simulations with industry-leading tools and practical defense techniques, ensuring alignment with public sector workflows, governance, and accountability.
Read more...

Web Security Testing - Security and Testing of Web Applications using OWASP

 21 Hours

This instructor-led, live training (online or onsite) is aimed at developers, engineers, and architects seeking to secure their web apps and services for government.

By the end of this training, participants will be able to integrate, test, protect, and analyze their web apps and services using the OWASP testing framework and tools for government.

Read more...

OWASP GenAI Security

 14 Hours
In accordance with the latest OWASP GenAI Security Project guidance, participants will gain the skills to identify, assess, and mitigate AI-specific threats through practical exercises and real-world scenarios. This training is designed to enhance cybersecurity capabilities for government agencies, ensuring alignment with public sector workflows, governance, and accountability.
Read more...

OWASP Mobile Security Testing Guide

 21 Hours
This instructor-led, live training (available online or on-site) is designed for government developers, engineers, and architects who wish to apply the Mobile Security Testing Guide (MSTG) principles, processes, techniques, and tools to enhance the security of their mobile applications and services. By the end of this training, participants will be able to: - Examine testing methodologies to develop a strategic approach to implementing effective security testing within the development lifecycle. - Conduct testing procedures to identify and mitigate general vulnerabilities and risks in mobile applications. - Execute various security testing processes to ensure the protection of their Android and iOS mobile applications for government use.
Read more...

OWASP Top 10

 14 Hours
This instructor-led, live training in US (online or onsite) is designed for government web developers and leaders who wish to explore and implement the OWASP Top 10 reference standard to enhance the security of their web applications. By the end of this training, participants will be able to strategize, implement, secure, and monitor their web applications and services using the OWASP Top 10 document for government.
Read more...

How to Write Secure Code

 35 Hours

This Course in US aims to assist in the following:

  1. Enable Developers to master the techniques of writing secure code for government systems.
  2. Support Software Testers in conducting thorough security assessments before deploying applications to production environments for government use.
  3. Assist Software Architects in comprehending the risks associated with government applications and designing robust security frameworks.
  4. Help Team Leaders establish security baselines for developers working on government projects.
  5. Aid Web Masters in configuring servers to prevent misconfigurations that could compromise government systems.
Read more...

Secure Developer Java (Inc OWASP)

 21 Hours
This course provides an overview of secure coding concepts and principles using Java, aligned with the Open Web Application Security Project (OWASP) testing methodology. OWASP is a global online community dedicated to advancing the field of web application security by developing freely available articles, methodologies, documentation, tools, and technologies. The content is designed to enhance cybersecurity practices for government and other organizations, ensuring robust and secure software development processes.
Read more...

Secure Developer .NET (Inc OWASP)

 21 Hours
This course provides an in-depth examination of secure coding concepts and principles using ASP.NET, aligned with the Open Web Application Security Project (OWASP) methodology. OWASP is a global online community dedicated to creating freely available articles, methodologies, documentation, tools, and technologies in the field of web application security. The course delves into the security features of the .NET Framework and explores strategies for securing web applications. It is designed to equip participants with the knowledge and skills necessary to enhance security practices for government and other critical systems.
Read more...

Related Categories

OWASP
OWASP