Web Application Security



Référence de la formation

KSE002

Niveau

  • Beginner
  • Intermediate

Nombre de jours

3 days

Prix

2.049,00 € HT

Lieu de la formation

V: v-learning, virtual class



Pre-requis

Since web applications are based on HTTP, HTML and JavaScript, the following is recommended:
• A general understanding of HTTP, the request-response concept, HTTP headers, HTTP cookies.
• Understanding HTML.
• Understanding JavaScript.

The relevant terms are presented in the course, but prior knowledge will help the participant.
Additionally, prior knowledge on web application architecture and in the web infrastructure will help.

Public

Application developers and Everyone who seeks to better understand how to build Secure Applications.

Objectifs de la formation

Most of the focus when dealing with security has been on securing the network infrastructure and the server OS. However, during the last few years the focus has shifted to the application layer. This is because infrastructure (network and OS) security has improved significantly while applications have remained vulnerable. The application layer has become the main target of attack. This is particularly true for web applications which are more vulnerable.

The course discusses how application aspects such as authentication, confidentiality and data integrity apply to web applications. In
addition, participants will learn in depth what web application vulnerabilities are, what causes them, how to prevent them from
design/coding and testing perspectives and what countermeasure are required to prevent exploitation of these vulnerabilities.

Contenu du cours

Table 1: KSE002 - Course Contents
Chapter Description
Introduction • The unique security aspects and challenges of web  applications
• Application layer logical vulnerabilities
• Application layer DoS and DDoS
Confidentiality and data integrity • Encryption and hashing
• SSL
HTTP Authentication and session management attacks and mitigation • HTTP basic and digest authentication
• Certificate based authentication
• Application layer authentication
• Web session management mechanisms
• Session hijacking
• Cookie poisoning
Non-validated input and related attacks • Direct object reference vulnerability and mitigation
• Input validation methodology
• Evasion techniques
Injection attacks and mitigation • SQL injection attack description and examples
• SQL injection evasion techniques
• Command (OS) injection
• LDAP Injection
• Buffer overflow
Cross site scripting attacks and mitigation • Reflected XSS
• Stored XSS
• DOM based XSS
• XSS evasion techniques
• XSS mitigation countermeasures
Cross site request forgery and mitigation • CSRF (XSRF) attack description
• ISRF attack description
• CSRF/ISRF mitigation countermeasures
Regulations and web application security • OpenID
• OAuth
• SAML
• XCAML
• Web application single sign on (SSO) and OpenID
Security of AJAX based web applications • Security of AJAX based web applications
The End • Summary
• Q&A
• Course’s Evaluation

Dates


05 Oct 2020 au 07 Oct 2020


NOTE :
ATTENTION CETTE FORMATION EST SUR MESURE
CE COURS EST REALISABLE TOUTE L'ANNEE AVEC UN MINIMUM DE 5 PARTICIPANTS


Des questions ?

+33 (0) 950 20 91 64


Inscription ou Demande de devis