Support & Downloads

Quisque actraqum nunc no dolor sit ametaugue dolor. Lorem ipsum dolor sit amet, consyect etur adipiscing elit.

s f

Contact Info
198 West 21th Street, Suite 721
New York, NY 10010
youremail@yourdomain.com
+88 (0) 101 0000 000
Follow Us

OWASP - Top 10

réf : CYB-OW

Training objectives : This training will allow architects and developers to understand the main Web vulnerabilities, to correct them and to prevent them. Through a series of hands-on exercises putting you at the place of a penetration tester, you will acquire knowledge about how attacker proceed to exploit each of the vulnerabilities of the OWASP Top 10.
All along the course, Student will practice on several ways to cover each of the vulnerability, allowing them to discover the mistake and understand how to mitigate.

Objectifs pédagogiques

  • Understand the main Web Vulnerabilities
  • Prevent the main Web Vulnerabilities
  • Correct the main Web Vulnerabilities

Pré-requis

Introduction to application security

A basic understanding of the 10 application security risks according to OWASP

Basic knowledge of the technologies used in Web development (HTML, Javascript, SQL, etc.)

Public concerné

Architects, developers, technical project managers…

Programme

  • Refreshing about HTTP Protocol
  • WEB Application architecture
  • Briefing about OWASP and the Top 10
  • CORS
  • Parameter Tampering
  • Brute-Force Attacks and Weak passwords
  • Credential Stuffing
  • SSO and MFA : security myths
  • SQL Injection
  • Data validation
  • XXE attack
  • TOCTOU (Race Condition)
  • Network Segmentation
  • Error Handling Failures
  • Environment Hardening
  • DevOps and Security
  • Threat Modeling
  • Network Segmentation
  • Certificates and Secure Channels
  • Data Security at Rest
  • Vulnerability Assessments and tools
  • Patch Management
  • Trusted Repositories
  • Case of the SolarWinds Sunburst Attack
  • Insecure Deserialization
  • Log Storage & Format
  • Incident Handling
  • Digital Forensics

Équipe pédagogique

Professionnel expert technologique & pédagogique

Moyens pédagogiques et techniques

  • Espace intranet de formation.
  • Documents supports de formation projetés.
  • Exposés théoriques
  • Étude de cas concrets
  • Mise à disposition en ligne de documents supports à la suite de la formation.

Dispositif de suivi

  • Émargement numérique.
  • Mises en situation.
  • Formulaires d’évaluation de la formation.
  • Certificat de réalisation de l’action de formation.

Vous avez une question ?

    Jours

    3 (21 heures)

    Prix

    2180 € HT

    Télécharger

    Catégories

    Tous

    Certifications

    Initiation

    Forensics

    Hacking & sécurité technique

    Sécurité organisationnelle

     

    Parcel Sandbox