Aperçu du cours
Objectif de formation : Cette formation englobe analyse et compréhension des différents éléments axés applications web pour une exploration du domaine des vulnérabilité et attaques orientées WEB
Prérequis
- Avoir des connaissances dans la sécurité des SI, dans la sécurité des applications web et en programmation Web (PHP, JavaScript, HTML)
Objectifs pédagogiques
- Apply techniques used to audit and test the security of web applications
- Apply techniques used to conduct discovery, exploration and investigation of a website and web application features
- Apply tools and techniques used to discover and exploit vulnerabilities
- Understand and Apply port scanning techniques
- Understand application flowcharting and session analysis
- Understand Client Injection Attacks
- Understand Cross-Site & Server-Side Request Forgery (CSRF / SSRF)
- Understand Cross-Site Scripting (XSS)
- Understand how a web application manages client sessions
- Understand how a web application tracks user activity
- Understand how a web application uses SSL/TLS in modern web communications
- Understand how to bypass and exploit weak authentication
- Understand how to enumerate users
- Understand HTTP, HTTPS, and AJAX within the context of security, vulnerabilities, and essential operations
- Understand identifying services and configurations
- Understand processes and mechanisms used to secure web applications by authentication
- Understand spidering web applications
- Understand SQL injection attacks and how to identify SQL injection vulnerabilities in applications
- Understand the attacks leveraged against flaws in session states
- Understand the technologies, programming languages and structures involved in the construction and implementation of a website
- Understand the tools and techniques used to audit and identify flaws in the design or implementation in the configuration of a website
- Understand the use of proxies, fuzzing, scripting, and application logic attacks
- Understand tools and techniques required to perform web application security testing on modern web-based languages such as JavaScript with AJAX
Public ciblé
- Auditeurs de sécurité
- Développeurs chargés de la sécurité des applications web
- Responsables DSI
- Consultants en sécurité informatique
- Responsables sécurité informatique
- Toute personne en charge de la sécurité informatique
Programme de formation
-
Web Application Assessment Concepts
-
Penetration Testing
-
Application Penetration Testing
-
Risk Assessment and Management
-
OWASP Testing Guide
-
Web Application Security Consortium Threat Classification
-
Penetration Testing Execution Standard
-
Pre-Engagement Interactions
-
Intelligence Gathering
-
Threat Modelling
-
Vulnerability Analysis
-
Exploitation
-
Post Exploitation
-
Reporting
-
OWASP Zed Attack Proxy (ZAP)
-
BurpSuite
-
Browser Exploitation Framework (BeEF)
-
Other Tools
-
-
Web Application Reconnaissance
-
Reconnaissance – WHOIS
-
Reconnaissance – Domain Name System (DNS)
-
Reconnaissance – Virtual Host (vHost) Discovery
-
Open-Source Intelligence (OSINT) – Definitions
-
Open-Source Intelligence (OSINT) – Frameworks & Tools
-
Protocols – Hypertext Transfer Protocol (HTTP)
-
Protocols – Hypertext Transfer Protocol (HTTP) – Cookies
-
Protocols – Hypertext Transfer Protocol (HTTP) – Headers
-
Protocols – Hypertext Transfer Protocol (HTTP) – Request Methods
-
Protocols – Hypertext Transfer Protocol (HTTP) – Status Codes
-
Protocols – Hypertext Transfer Protocol (HTTP) – 1.0, 1.1, 2.0 & 3.0
-
Protocols – Hypertext Transfer Protocol (HTTP) – Cross-Origin Resource Sharing (CORS)
-
Protocols – Hypertext Transfer Protocol (HTTP) – Content Security Policy
-
Protocols – Secure Sockets Layer (SSL)
-
Protocols – Secure Sockets Layer (SSL) – Configuration
-
Protocols – Secure Sockets Layer (SSL) – Weaknesses
-
Interception Proxies – Definitions & Types
-
Interception Proxies – Fiddler
-
Interception Proxies – BurpSuite Proxy
-
Interception Proxies – OWASP Zed Attack Proxy (ZAP) Proxy
-
SSL Proxying – Definition
-
SSL Proxying – Through BurpSuite Pro
-
SSL Proxying – Through OWASP Zed Attack Proxy (ZAP)
-
-
Content Discovery, Authentication and Session Testing
-
Content Discovery – Logging and Monitoring
-
Content Discovery – Website Spidering
-
Content Discovery – Content Analysis
-
Authentication – Web Authentication Mechanisms – Cookie-Based Authentication
-
Authentication – Web Authentication Mechanisms – Token-Based Authentication
-
Authentication – Web Authentication Mechanisms – Third Party Access (OAuth, API Token)
-
Authentication – Web Authentication Mechanisms – OpenID
-
Authentication – Web Authentication Mechanisms – SAML
-
Authentication – Username Harvesting
-
Authentication – Password Guessing
-
Authentication – Authentication and Authorisation Bypass
-
Session Testing – Brute Forcing Unlinked Files
-
Session Testing – Brute Forcing Directories
-
Session Testing – Burp Sequencer
-
Tools – Fuzzing with ZAP
-
Tools – Fuzzing with ffuf
-
Tools – Fuzzing with Burp Intruder
-
Sessions – Session Management
-
Sessions – Session Attacks
-
Training Platforms – Mutillidae
-
-
Injection, Inclusion, and XML External Entity (XXE)
-
Traversal Attacks – Directory Traversal
-
File Inclusion Attacks – Local File Inclusion (LFI)
-
File Inclusion Attacks – Remote File Inclusion (RFI)
-
SQL Attacks – SQL Injection
-
SQL Attacks – Blind SQL Injection
-
SQL Attacks – Error-Based SQL Injection
-
SQL Attacks – Exploiting SQL injection
-
SQL Attacks – Tools – sqlmap
-
Injection Attacks – Command Injection
-
Injection Attacks – Insecure Deserialisation
-
Injection Attacks – XML External Entity (XXE)
-
-
XML External Entity (XXE) Deep Dive
-
Client-Side Attacks – Cross-Site Scripting (XSS)
-
Tools – Browser Exploitation Framework (BeEF)
-
Techniques – Asynchronous JavaScript and XML (AJAX)
-
Languages – Extensible Markup Language (XML)
-
Languages – JavaScript Object Notation (JSON)
-
Models – Document Object Model (DOM)
-
Attacks – Application Programming Interface (API)
-
Attacks – Application Programming Interface (API) – Authentication Hijacking
-
Attacks – Application Programming Interface (API) – Data Exposure
-
Attacks – Application Programming Interface (API) – Parameter Tampering
-
Attacks – Application Programming Interface (API) – Unencrypted Communications
-
Principles – Representational State Transfer (REST)
-
Protocols – Simple Object Access Protocol (SOAP)
-
-
Request Forgery, Logic Flaws and Advanced Tools
-
Web Attacks – Cross-Site Request Forgery (CSRF)
-
Web Attacks – Server-Side Request Forgery (SSRF)
-
Web Attacks – Application Logic Attacks
-
Programming – Python for Web Application Penetration Testing
-
Tools – WPScan
-
Tools – ExploitDB
-
Tools – BurpSuite Pro Scanner
-
Tools – Metasploit
-
Business of Penetration Testing – Preparation
-
Business of Penetration Testing – Post Assessment and Reporting
-
Instructeur
