Aperçu du cours
Objectif de formation : Cette formation englobe analyse et compréhension des différents éléments axés applications web pour une exploration du domaine des vulnérabilité et attaques orientées WEB
Prérequis
- Avoir des connaissances dans la sécurité des SI, dans la sécurité des applications web et en programmation Web (PHP, JavaScript, HTML)
Fonctionnalités
- Apply techniques used to audit and test the security of web applications
- Apply techniques used to conduct discovery, exploration and investigation of a website and web application features
- Apply tools and techniques used to discover and exploit vulnerabilities
- Understand and Apply port scanning techniques
- Understand application flowcharting and session analysis
- Understand Client Injection Attacks
- Understand Cross-Site & Server-Side Request Forgery (CSRF / SSRF)
- Understand Cross-Site Scripting (XSS)
- Understand how a web application manages client sessions
- Understand how a web application tracks user activity
- Understand how a web application uses SSL/TLS in modern web communications
- Understand how to bypass and exploit weak authentication
- Understand how to enumerate users
- Understand HTTP, HTTPS, and AJAX within the context of security, vulnerabilities, and essential operations
- Understand identifying services and configurations
- Understand processes and mechanisms used to secure web applications by authentication
- Understand spidering web applications
- Understand SQL injection attacks and how to identify SQL injection vulnerabilities in applications
- Understand the attacks leveraged against flaws in session states
- Understand the technologies, programming languages and structures involved in the construction and implementation of a website
- Understand the tools and techniques used to audit and identify flaws in the design or implementation in the configuration of a website
- Understand the use of proxies, fuzzing, scripting, and application logic attacks
- Understand tools and techniques required to perform web application security testing on modern web-based languages such as JavaScript with AJAX
Public ciblé
- Auditeurs de sécurité
- Développeurs chargés de la sécurité des applications web
- Responsables DSI
- Consultants en sécurité informatique
- Responsables sécurité informatique
- Toute personne en charge de la sécurité informatique
Détails
- 12 Sections
- 188 Lessons
- 28 heures
Expand all sectionsCollapse all sections
- Web Application Assessment Concepts17
- 1.1Penetration Testing
- 1.2Application Penetration Testing
- 1.3Risk Assessment and Management
- 1.4OWASP Testing Guide
- 1.5Web Application Security Consortium Threat Classification
- 1.6Penetration Testing Execution Standard
- 1.7Pre-Engagement Interactions
- 1.8Intelligence Gathering
- 1.9Threat Modelling
- 1.10Vulnerability Analysis
- 1.11Exploitation
- 1.12Post Exploitation
- 1.13Reporting
- 1.14OWASP Zed Attack Proxy (ZAP)
- 1.15BurpSuite
- 1.16Browser Exploitation Framework (BeEF)
- 1.17Other Tools
- Web Application Assessment Concepts17
- 1.1Penetration Testing
- 1.2Application Penetration Testing
- 1.3Risk Assessment and Management
- 1.4OWASP Testing Guide
- 1.5Web Application Security Consortium Threat Classification
- 1.6Penetration Testing Execution Standard
- 1.7Pre-Engagement Interactions
- 1.8Intelligence Gathering
- 1.9Threat Modelling
- 1.10Vulnerability Analysis
- 1.11Exploitation
- 1.12Post Exploitation
- 1.13Reporting
- 1.14OWASP Zed Attack Proxy (ZAP)
- 1.15BurpSuite
- 1.16Browser Exploitation Framework (BeEF)
- 1.17Other Tools
- Web Application Reconnaissance23
- 2.18Reconnaissance – WHOIS
- 2.19Reconnaissance – Domain Name System (DNS)
- 2.20Reconnaissance – Virtual Host (vHost) Discovery
- 2.21Open-Source Intelligence (OSINT) – Definitions
- 2.22Open-Source Intelligence (OSINT) – Frameworks & Tools
- 2.23Protocols – Hypertext Transfer Protocol (HTTP)
- 2.24Protocols – Hypertext Transfer Protocol (HTTP) – Cookies
- 2.25Protocols – Hypertext Transfer Protocol (HTTP) – Headers
- 2.26Protocols – Hypertext Transfer Protocol (HTTP) – Request Methods
- 2.27Protocols – Hypertext Transfer Protocol (HTTP) – Status Codes
- 2.28Protocols – Hypertext Transfer Protocol (HTTP) – 1.0, 1.1, 2.0 & 3.0
- 2.29Protocols – Hypertext Transfer Protocol (HTTP) – Cross-Origin Resource Sharing (CORS)
- 2.30Protocols – Hypertext Transfer Protocol (HTTP) – Content Security Policy
- 2.31Protocols – Secure Sockets Layer (SSL)
- 2.32Protocols – Secure Sockets Layer (SSL) – Configuration
- 2.33Protocols – Secure Sockets Layer (SSL) – Weaknesses
- 2.34Interception Proxies – Definitions & Types
- 2.35Interception Proxies – Fiddler
- 2.36Interception Proxies – BurpSuite Proxy
- 2.37Interception Proxies – OWASP Zed Attack Proxy (ZAP) Proxy
- 2.38SSL Proxying – Definition
- 2.39SSL Proxying – Through BurpSuite Pro
- 2.40SSL Proxying – Through OWASP Zed Attack Proxy (ZAP)
- Web Application Reconnaissance23
- 2.18Reconnaissance – WHOIS
- 2.19Reconnaissance – Domain Name System (DNS)
- 2.20Reconnaissance – Virtual Host (vHost) Discovery
- 2.21Open-Source Intelligence (OSINT) – Definitions
- 2.22Open-Source Intelligence (OSINT) – Frameworks & Tools
- 2.23Protocols – Hypertext Transfer Protocol (HTTP)
- 2.24Protocols – Hypertext Transfer Protocol (HTTP) – Cookies
- 2.25Protocols – Hypertext Transfer Protocol (HTTP) – Headers
- 2.26Protocols – Hypertext Transfer Protocol (HTTP) – Request Methods
- 2.27Protocols – Hypertext Transfer Protocol (HTTP) – Status Codes
- 2.28Protocols – Hypertext Transfer Protocol (HTTP) – 1.0, 1.1, 2.0 & 3.0
- 2.29Protocols – Hypertext Transfer Protocol (HTTP) – Cross-Origin Resource Sharing (CORS)
- 2.30Protocols – Hypertext Transfer Protocol (HTTP) – Content Security Policy
- 2.31Protocols – Secure Sockets Layer (SSL)
- 2.32Protocols – Secure Sockets Layer (SSL) – Configuration
- 2.33Protocols – Secure Sockets Layer (SSL) – Weaknesses
- 2.34Interception Proxies – Definitions & Types
- 2.35Interception Proxies – Fiddler
- 2.36Interception Proxies – BurpSuite Proxy
- 2.37Interception Proxies – OWASP Zed Attack Proxy (ZAP) Proxy
- 2.38SSL Proxying – Definition
- 2.39SSL Proxying – Through BurpSuite Pro
- 2.40SSL Proxying – Through OWASP Zed Attack Proxy (ZAP)
- Content Discovery, Authentication and Session Testing20
- 3.41Content Discovery – Logging and Monitoring
- 3.42Content Discovery – Website Spidering
- 3.43Content Discovery – Content Analysis
- 3.44Authentication – Web Authentication Mechanisms – Cookie-Based Authentication
- 3.45Authentication – Web Authentication Mechanisms – Token-Based Authentication
- 3.46Authentication – Web Authentication Mechanisms – Third Party Access (OAuth, API Token)
- 3.47Authentication – Web Authentication Mechanisms – OpenID
- 3.48Authentication – Web Authentication Mechanisms – SAML
- 3.49Authentication – Username Harvesting
- 3.50Authentication – Password Guessing
- 3.51Authentication – Authentication and Authorisation Bypass
- 3.52Session Testing – Brute Forcing Unlinked Files
- 3.53Session Testing – Brute Forcing Directories
- 3.54Session Testing – Burp Sequencer
- 3.55Tools – Fuzzing with ZAP
- 3.56Tools – Fuzzing with ffuf
- 3.57Tools – Fuzzing with Burp Intruder
- 3.58Sessions – Session Management
- 3.59Sessions – Session Attacks
- 3.60Training Platforms – Mutillidae
- Content Discovery, Authentication and Session Testing20
- 3.41Content Discovery – Logging and Monitoring
- 3.42Content Discovery – Website Spidering
- 3.43Content Discovery – Content Analysis
- 3.44Authentication – Web Authentication Mechanisms – Cookie-Based Authentication
- 3.45Authentication – Web Authentication Mechanisms – Token-Based Authentication
- 3.46Authentication – Web Authentication Mechanisms – Third Party Access (OAuth, API Token)
- 3.47Authentication – Web Authentication Mechanisms – OpenID
- 3.48Authentication – Web Authentication Mechanisms – SAML
- 3.49Authentication – Username Harvesting
- 3.50Authentication – Password Guessing
- 3.51Authentication – Authentication and Authorisation Bypass
- 3.52Session Testing – Brute Forcing Unlinked Files
- 3.53Session Testing – Brute Forcing Directories
- 3.54Session Testing – Burp Sequencer
- 3.55Tools – Fuzzing with ZAP
- 3.56Tools – Fuzzing with ffuf
- 3.57Tools – Fuzzing with Burp Intruder
- 3.58Sessions – Session Management
- 3.59Sessions – Session Attacks
- 3.60Training Platforms – Mutillidae
- Injection, Inclusion, and XML External Entity (XXE)11
- 4.61Traversal Attacks – Directory Traversal
- 4.62File Inclusion Attacks – Local File Inclusion (LFI)
- 4.63File Inclusion Attacks – Remote File Inclusion (RFI)
- 4.64SQL Attacks – SQL Injection
- 4.65SQL Attacks – Blind SQL Injection
- 4.66SQL Attacks – Error-Based SQL Injection
- 4.67SQL Attacks – Exploiting SQL injection
- 4.68SQL Attacks – Tools – sqlmap
- 4.69Injection Attacks – Command Injection
- 4.70Injection Attacks – Insecure Deserialisation
- 4.71Injection Attacks – XML External Entity (XXE)
- Injection, Inclusion, and XML External Entity (XXE)11
- 4.61Traversal Attacks – Directory Traversal
- 4.62File Inclusion Attacks – Local File Inclusion (LFI)
- 4.63File Inclusion Attacks – Remote File Inclusion (RFI)
- 4.64SQL Attacks – SQL Injection
- 4.65SQL Attacks – Blind SQL Injection
- 4.66SQL Attacks – Error-Based SQL Injection
- 4.67SQL Attacks – Exploiting SQL injection
- 4.68SQL Attacks – Tools – sqlmap
- 4.69Injection Attacks – Command Injection
- 4.70Injection Attacks – Insecure Deserialisation
- 4.71Injection Attacks – XML External Entity (XXE)
- XML External Entity (XXE) Deep Dive13
- 5.72Client-Side Attacks – Cross-Site Scripting (XSS)
- 5.73Tools – Browser Exploitation Framework (BeEF)
- 5.74Techniques – Asynchronous JavaScript and XML (AJAX)
- 5.75Languages – Extensible Markup Language (XML)
- 5.76Languages – JavaScript Object Notation (JSON)
- 5.77Models – Document Object Model (DOM)
- 5.78Attacks – Application Programming Interface (API)
- 5.79Attacks – Application Programming Interface (API) – Authentication Hijacking
- 5.80Attacks – Application Programming Interface (API) – Data Exposure
- 5.81Attacks – Application Programming Interface (API) – Parameter Tampering
- 5.82Attacks – Application Programming Interface (API) – Unencrypted Communications
- 5.83Principles – Representational State Transfer (REST)
- 5.84Protocols – Simple Object Access Protocol (SOAP)
- XML External Entity (XXE) Deep Dive13
- 5.72Client-Side Attacks – Cross-Site Scripting (XSS)
- 5.73Tools – Browser Exploitation Framework (BeEF)
- 5.74Techniques – Asynchronous JavaScript and XML (AJAX)
- 5.75Languages – Extensible Markup Language (XML)
- 5.76Languages – JavaScript Object Notation (JSON)
- 5.77Models – Document Object Model (DOM)
- 5.78Attacks – Application Programming Interface (API)
- 5.79Attacks – Application Programming Interface (API) – Authentication Hijacking
- 5.80Attacks – Application Programming Interface (API) – Data Exposure
- 5.81Attacks – Application Programming Interface (API) – Parameter Tampering
- 5.82Attacks – Application Programming Interface (API) – Unencrypted Communications
- 5.83Principles – Representational State Transfer (REST)
- 5.84Protocols – Simple Object Access Protocol (SOAP)
- Request Forgery, Logic Flaws and Advanced Tools10
- 6.85Web Attacks – Cross-Site Request Forgery (CSRF)
- 6.86Web Attacks – Server-Side Request Forgery (SSRF)
- 6.87Web Attacks – Application Logic Attacks
- 6.88Programming – Python for Web Application Penetration Testing
- 6.89Tools – WPScan
- 6.90Tools – ExploitDB
- 6.91Tools – BurpSuite Pro Scanner
- 6.92Tools – Metasploit
- 6.93Business of Penetration Testing – Preparation
- 6.94Business of Penetration Testing – Post Assessment and Reporting
- Request Forgery, Logic Flaws and Advanced Tools10
- 6.85Web Attacks – Cross-Site Request Forgery (CSRF)
- 6.86Web Attacks – Server-Side Request Forgery (SSRF)
- 6.87Web Attacks – Application Logic Attacks
- 6.88Programming – Python for Web Application Penetration Testing
- 6.89Tools – WPScan
- 6.90Tools – ExploitDB
- 6.91Tools – BurpSuite Pro Scanner
- 6.92Tools – Metasploit
- 6.93Business of Penetration Testing – Preparation
- 6.94Business of Penetration Testing – Post Assessment and Reporting