This workshop examines the common vulnerabilities that can occur in the design and implementation of web-based applications and services. The laboratory tool kit is based upon the OWASP (Open Web Application Security Project) project and incorporates use of WebGoat, WebScarab and various web services.