Office of the Chief Information Security Officer


Workshops are for members of the UW community and are taught by CISO staff.
See registration information below each course description.

Secure Code

Web App Security 101: Thinking Like An Attacker

  • Get hands-on experience hacking a vulnerable web application
  • Explore common vulnerabilities such as XSS, SQL injection, and web parameter tampering
  • 3 hours

Web App Security 102: Mitigating Common Threats

After having gained a foundational understanding of some common web app vulnerabilities from Web App Security 101, you’ll move on to explore the browser security model, as well as features of the modern browser you can leverage right now to reduce the overall risk to your web applications. This is a 6-hour course, including an hour break for lunch.

Topics we’ll cover include:

  • Same Origin Policy
  • CORS
  • Content Security Policy
  • HTTP Strict Transport Security
  • Subresource Integrity
  • Explicit MIME Types
  • Safer Cookies

Course requirements (for both)

  • Your own laptop (Mac or Windows) with Firefox browser installed
  • A basic understanding of HTML and JavaScript
  • A basic understanding of HTTP
  • Familiarity with Developer Tools in Firefox

Both courses will incorporate hands-on exercises throughout, including modifying server configurations to learn how to put the above techniques to use.

To sign up, email with “Secure Code 101 (or 102)” in the subject line, and you’ll be contacted with information about the next available date. Please note that Web App Security 101 is a prerequisite for the 102 course.

Find Bad Things on Windows Server

Join other admins and IT professionals to detect vulnerabilities that can be exploited in the Windows environment. We will learn together as we explore the Mitre ATT&CK framework for understanding the techniques and tactics used by adversaries. You will receive a AWS CloudFormation template to spin up Windows Server for practice after the workshop.

Worskhops are offered the 3rd Tuesday of each month (time of day TBD)

To sign up, email with “Bad Things on Windows Server” in the subject line, preferably a week in advance.

If the current month’s workshop is full, you will be added to the list for the next one.