Aperçu du cours
This training will allow architects and developers to understand the main Web vulnerabilities, to correct them and to prevent them. Through a series of hands-on exercises putting you at the place of a penetration tester, you will acquire knowledge about how attackers proceed to exploit each of the vulnerabilities of the OWASP Top 10.
All along the course, Students will practice on several ways to cover each of the vulnerability, allowing them to discover the mistake and understand how to mitigate.
Prérequis
- Introduction to application security
- A basic understanding of the 10 application security risks according to OWASP
- Basic knowledge of the technologies used in Web development (HTML, Javascript, SQL, etc.)
Objectifs pédagogiques
- Understand the main Web Vulnerabilities
- Prevent the main Web Vulnerabilities
- Correct the main Web Vulnerabilities
Public ciblé
- Architects
- Developers
- Technical project managers
Programme de formation
-
OWASP Intro
-
Refreshing about HTTP Protocol
-
WEB Application architecture
-
Briefing about OWASP and the Top 10
-
-
Broken Access Control
-
CORS
-
Parameter Tampering
-
-
Identification and Authentication Failures
-
Brute-Force Attacks and Weak passwords
-
Credential Stuffing
-
SSO and MFA : security myths
-
-
Injection
-
SQL Injection
-
Data validation
-
-
Server-Side Request Forgery
-
XXE attack
-
TOCTOU (Race Condition)
-
Network Segmentation
-
-
Security Misconfiguration
-
Error Handling Failures
-
Environment Hardening
-
-
Insecure Design
-
DevOps and Security
-
Threat Modeling
-
Network Segmentation
-
-
Cryptographic Failures
-
Certificates and Secure Channels
-
Data Security at Rest
-
-
Vulnerable and Outdated Components
-
Vulnerability Assessments and tools
-
Patch Management
-
-
Software and Data Integrity Failures
-
Trusted Repositories
-
Case of the SolarWinds Sunburst Attack
-
Insecure Deserialization
-
-
Security Logging and Monitoring Failures
-
Log Storage & Format
-
Incident Handling
-
Digital Forensics
-