Training for application security

Overview & schedule

Rohde & Schwarz Cybersecurity offers customers and partners a range of certified training programs covering the implementation cycle of Application Security products. Our courses are mainly designed for security architects, implementation engineers and system administrators and may be taken by anyone tasked with implementing or managing the Rohde & Schwarz Cybersecurity products. The product certificates are issued at the end of each course upon successful completing of the assessment.

More advanced web attack training providing deeper understanding into how to design effective security to protect web applications is available on demand.

All training classes are instructor-led and are delivered in one of our Rohde & Schwarz Cybersecurity locations (see table below). Our courses can also be tailored to meet specific requirements and delivered on customer premises. Our instructors are able to deliver the training in English, German and French.

Please contact us if you do not find the dates or location corresponding to your requirements.

For detailed information please see our certification training flyer.


Course setup requirements

Adequate network access will be provided. All participants must bring the following equipment:

  • A 64-bit laptop with minimum 4 GB of RAM
  • A recent browser is required with software or an extension to the HTTP trace connector (HttpFox, HttpWatch, TamperData, Wireshark, etc)
  • A Virtualization solution (VMware, VirtualBox, etc)

Understanding prerequisites

  • Knowledge of HTTP / HTTPS and TCP / IP network protocols
  • Basic knowledge of the reverse proxy technology
  • Basic knowledge of regular expressions
  • Basic knowledge of the Linux System Administration

Web Access Manager requirements

  • Basic knowledge of web application authentication and / or SAML
  • Basic knowledge of LDAP / Active directory / PKI
  • Basic knowledge of HTML

API Security requirements

  • Knowledge of XML standards XSD, WSDL
  • Basic knowledge of Web Services

Product training

Learning objectives

To obtain knowledge and experience necessary to install, configure, maintain, monitor and control ¸Web Application Firewall.

Technical prerequisites

  • HTTP/HTTPS protocols
  • TCP/IP Networks
  • Reverse Proxy Technology
  • Basic knowledge of Web Services
  • LDAP / Active directory
  • PKI
  • Regular Expression
  • Linux Administration
  • Knowledge of XML, XSD, WSDL standards
  • Web application authentication and / or SAML


The training is carried out on the latest stable version of the product, the content covering the latest features and capabilities. The list below only outlines some of the items that may be covered during the training. Each module consists of two parts: an instructor-led presentation and a hands-on practical workshop.

Web attack training


Web attack is a live classroom training designed to broaden your knowledge of web application attacks and bypass mechanisms used by hackers to counter modern application security. With experienced security professional is mind, it provides valuable student-instructor interaction working on real case studies. This training is only available on demand is always run at customer location.

  • Duration: 3 days
  • Price: 4.500 € (minimum 8 participants)
  • Audience: Security Teams

Learning objectives

By the end of this training, every participant should be able to achieve the following:

  • Identify families of specific web application vulnerabilities (XSS, SQL Injection, CSRF, XXE, SSRF)
  • Exploit previously identified vulnerabilities
  • Bypass basic protection mechanisms
  • Operate the most common tools
  • Adapt the tools to their specific needs

Technical prerequisites

  • HTTP/HTTPS protocols
  • TCP/IP Networks


  • Reminders on http: Requests and responses, status and cache management, redirection, authentication, encryption, implicit browser actions...
  • Common attacks: Introduction to “OWASP Top 10”: injections (HTML and SQL), unsecured direct references, CSRF, version management.
  • Tools: Browser extensions (Chrome, Firefox), interception and replay tools (ZAP, Burp Suite)
  • Practical exercises: SQL injection, query manipulation (cookies and settings), password cracking, data extraction...
  • Advanced exploitation: Advanced techniques related to the exploitation of SQL and XSS Injection: access to the file system, bypassing filters, mass exploitation, chaining of techniques...
  • Vulnerabilities outside “OWASP Top 10”: Theory and practice of modern attacks (JSONP injection, SSRF, XXE...)

Enrollment & payment

Rohde & Schwarz Cybersecurity training is available as classroom training at one of our training centers or at your company location. To register, please:

Further information

Request information

Do you have questions or need additional information? Simply fill out this form and we will get right back to you.

Marketing permission

I want to receive information from Rohde & Schwarz via

What does this mean in detail?

I agree that Rohde & Schwarz GmbH & Co. KG and the Rohde & Schwarz entity or subsidiary company mentioned in the imprint of this website, may contact me via the chosen channel (email or postal mail) for marketing and advertising purposes (e.g. information on special offers and discount promotions) related to, but not limited to, products and solutions in the fields of test and measurement, secure communications, monitoring and network testing, broadcast and media, and cybersecurity.

Your rights

This declaration of consent may be withdrawn at any time by sending an email with the subject "Unsubscribe" to Additionally, a link to unsubscribe from future email advertisements is contained in each email sent. Further details on the use of personal data and the withdrawal procedure are set out in the Statement of Privacy.

Your request has been sent successfully. We will contact you shortly.
An error is occurred, please try it again later.