Running an e-commerce business, for most entrepreneurs, is about having a user-friendly website, effective marketing strategy, and growing revenues. But for those who became subject to website attacks, big or small, every e-commerce site is a vulnerable target. Most of us only work once we experienced attacks. Depending on damage incurred, this can erode consumer trust.

Every e-commerce entrepreneur today must protect their website from various threats, whether you host local or overseas, from viruses, botnet, spam, malicious domains, attacks, cyber threats, among others. As most of these can be done in an automated manner, the size of your  online business does not matter making every entrepreneur – big or small – a target.

We are focused on the technical components in building an e-commerce platform that will help an entrepreneur become more comfortable in dealing with codes, back-end, and online technical operations.

This training program is conducted in partnership with Isaac Sabas and Jonathan Mantua of Pandora Security Labs. (offers advance IT security training and provider of WebRanger – an online security monitoring and attack blocking service)

Training objectives:

1. Learn about web application security threats and how to mitigate them.
2. Learn and apply secure programming best practices.
3. Learn and perform web application testing.

Target audience:

1. Entrepreneurs who would like to under how e-commerce security works and become tech-savvy when dealing with web developers and Internet security specialists.
2. E-Commerce developers who would like to level-up their capabilities by building and maintaining secure websites.

Topics: (click on topic title to access the lecture video and download handouts)

Module 1: Open Web Application Security Project (OWASP) Top 10

• Code Injection and Session Management
• Cross-site Scripting (XSS) and Insecure Direct Object References
• Security Configuration, Sensitive Data Exposure, and Access Control
• Cross-site Forgery Request (CSRF), Components with Vulnerabilities, and Unvalidated Redirects/Forwards

Module 2: Secure Programming Best Practices

• Using SSL/TLS and Proper Password Storage
• Authentication and Session Management
• Usage of Parameterized Queries & Stored Procedures, Input/Output Validation, and CSRF Tokens
• Logging, Error Messaging, and Using Secure Components

Module 3: Web Application Testing

• Introduction to Web Application Testing
• Recon, Mapping, and Analyzing Web Apps
• Penetration Testing Methodologies
• Building your Own Lab

WARNING: STUDENTS PARTICIPATING IN THIS PROGRAM SHOULD USE THE KNOWLEDGE AND INSIGHTS GAINED IN A RESPONSIBLE MANNER. Probing and attacking websites, whether successful or not, is a CYBERCRIME and will make you liable under the E-Commerce Law, CyberCrime Law, and Data Privacy Law.

For inquiries about this boot camp, contact Janette Toral at 0917-4490011 or send her a private message via Facebook.

Your use and membership in this boot camp site is governed by our terms and conditions.