Introduction to web application firewalls

Train the Trainer Course on 24 August 2023 (12:00-14:00 CET) to better enable EDIHs and their representatives to provide web application firewall training to their SME / PSO clients.

Course content:

• The course will cover the theory and practical application of Web Application Firewalls (WAFs), including:
  • How they operate;
  • How they can be deployed to protect vulnerable applications without modifying the application code, with a real-life example;
• Real-life example of a vulnerable WebShop which will be protected with a Web Application Firewall:
  • Please note that this micro-course is not being delivered in a lab environment;
  • The Lab used in the example is only used as a reference and hands on exercises are optional.

Course prerequisites:

• Introduction to Web Application Firewalls (WAF) is a Train the Trainer course that teaches the basics of web application security, focusing on the deployment, configuration and management of WAFs to protect web applications from various attacks;
• To maximize your success in this course, it is recommended that you meet the following prerequisites:
  • Basic understanding of web technologies: Familiarity with HTML, CSS, JavaScript, and the HTTP protocol is essential for understanding how web applications work and interact with WAFs;
  • Networking fundamentals: Basic knowledge of networking concepts such as IP addresses, ports, and protocols will help you to grasp how WAFs protect web applications from external threats;
  • Web server administration: Basic experience of configuring and managing web servers (such as Apache, Nginx, or IIS) will provide you with a better understanding of how WAFs are integrated into the application infrastructure;
  • Application security concepts: Familiarity with common web application vulnerabilities like SQL Injection, Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF) is crucial for understanding the threats that WAFs aim to mitigate;
  • Familiarity with programming languages: Some knowledge of programming languages, particularly those used in web development (such as PHP, Python, Ruby, or JavaScript), can be beneficial for understanding code-level vulnerabilities and WAF rules.

Course goals:

By the end of this course, participants will be able to:

• Understand and impart the role of Web Application Firewalls (WAF) in web application security
• Guide clients on how to identify common web application vulnerabilities and how WAFs can help mitigate these threats
• Impart practical knowledge on how to deploy a WAF as a reverse proxy in various web application environments

Course provider: South Eastern Finland University of Applied Sciences

To enrol in and access this course and materials, please visit the eLearning Platform and follow the steps outlined in the EDIH Academy Trainee User Guide below.