Training for application security


Overview & schedule

Rohde & Schwarz Cybersecurity offers customers and partners a range of certified training programs covering the implementation cycle of Application Security products. Our courses are mainly designed for security architects, implementation engineers and system administrators and may be taken by anyone tasked with implementing or managing the Rohde & Schwarz Cybersecurity products. The product certificates are issued at the end of each course upon successful completing of the assessment.

More advanced web attack training providing deeper understanding into how to design effective security to protect web applications is available on demand.

All training classes are instructor-led and are delivered in one of our Rohde & Schwarz Cybersecurity locations (see table below). Our courses can also be tailored to meet specific requirements and delivered on customer premises. Our instructors are able to deliver the training in English, German and French.

Please contact us if you do not find the dates or location corresponding to your requirements.

For detailed information please see our certification training flyer.

Training schedule


Course setup requirements

Adequate network access will be provided. All participants must bring the following equipment:

  • A 64-bit laptop with minimum 4 GB of RAM
  • A recent browser is required with software or an extension to the HTTP trace connector (HttpFox, HttpWatch, TamperData, Wireshark, etc)
  • A Virtualization solution (VMware, VirtualBox, etc)

Understanding prerequisites

  • Knowledge of HTTP / HTTPS and TCP / IP network protocols
  • Basic knowledge of the reverse proxy technology
  • Basic knowledge of regular expressions
  • Basic knowledge of the Linux System Administration

Web Access Manager requirements

  • Basic knowledge of web application authentication and / or SAML
  • Basic knowledge of LDAP / Active directory / PKI
  • Basic knowledge of HTML

API Security requirements

  • Knowledge of XML standards XSD, WSDL
  • Basic knowledge of Web Services

Product training

Learning objectives

To obtain knowledge and experience necessary to install, configure, maintain, monitor and control ¸Web Application Firewall.

Technical prerequisites

  • HTTP/HTTPS protocols
  • TCP/IP Networks
  • Reverse Proxy Technology
  • Basic knowledge of Web Services
  • LDAP / Active directory
  • PKI
  • Regular Expression
  • Linux Administration
  • Knowledge of XML, XSD, WSDL standards
  • Web application authentication and / or SAML


The training is carried out on the latest stable version of the product, the content covering the latest features and capabilities. The list below only outlines some of the items that may be covered during the training. Each module consists of two parts: an instructor-led presentation and a hands-on practical workshop.

Web attack training


Web attack is a live classroom training designed to broaden your knowledge of web application attacks and bypass mechanisms used by hackers to counter modern application security. With experienced security professional is mind, it provides valuable student-instructor interaction working on real case studies. This training is only available on demand is always run at customer location.

  • Duration: 3 days
  • Audience: Security Teams

Learning objectives

By the end of this training, every participant should be able to achieve the following:

  • Identify families of specific web application vulnerabilities (XSS, SQL Injection, CSRF, XXE, SSRF)
  • Exploit previously identified vulnerabilities
  • Bypass basic protection mechanisms
  • Operate the most common tools
  • Adapt the tools to their specific needs

Technical prerequisites

  • HTTP/HTTPS protocols
  • TCP/IP Networks


  • Reminders on http: Requests and responses, status and cache management, redirection, authentication, encryption, implicit browser actions...
  • Common attacks: Introduction to “OWASP Top 10”: injections (HTML and SQL), unsecured direct references, CSRF, version management.
  • Tools: Browser extensions (Chrome, Firefox), interception and replay tools (ZAP, Burp Suite)
  • Practical exercises: SQL injection, query manipulation (cookies and settings), password cracking, data extraction...
  • Advanced exploitation: Advanced techniques related to the exploitation of SQL and XSS Injection: access to the file system, bypassing filters, mass exploitation, chaining of techniques...
  • Vulnerabilities outside “OWASP Top 10”: Theory and practice of modern attacks (JSONP injection, SSRF, XXE...)

Enrollment & payment

Rohde & Schwarz Cybersecurity training is available as classroom training at one of our training centers or at your company location. To register, please:

Further information