Web Application Security
Référence de la formation
Nombre de jours
2.049,00 € HT
Lieu de la formation
V: v-learning, virtual class
• A general understanding of HTTP, the request-response concept, HTTP headers, HTTP cookies.
• Understanding HTML.
The relevant terms are presented in the course, but prior knowledge will help the participant.
Additionally, prior knowledge on web application architecture and in the web infrastructure will help.
Application developers and Everyone who seeks to better understand how to build Secure Applications.
Objectifs de la formation
Most of the focus when dealing with security has been on securing the network infrastructure and the server OS. However, during the last few years the focus has shifted to the application layer. This is because infrastructure (network and OS) security has improved significantly while applications have remained vulnerable. The application layer has become the main target of attack. This is particularly true for web applications which are more vulnerable.
The course discusses how application aspects such as authentication, confidentiality and data integrity apply to web applications. In
addition, participants will learn in depth what web application vulnerabilities are, what causes them, how to prevent them from
design/coding and testing perspectives and what countermeasure are required to prevent exploitation of these vulnerabilities.
Contenu du cours
• The unique security aspects and challenges of web applications
• Application layer logical vulnerabilities
• Application layer DoS and DDoS
|Confidentiality and data integrity||
• Encryption and hashing
|HTTP Authentication and session management attacks and mitigation||
• HTTP basic and digest authentication
• Certificate based authentication
• Application layer authentication
• Web session management mechanisms
• Session hijacking
• Cookie poisoning
|Non-validated input and related attacks||
• Direct object reference vulnerability and mitigation
• Input validation methodology
• Evasion techniques
|Injection attacks and mitigation||
• SQL injection attack description and examples
• SQL injection evasion techniques
• Command (OS) injection
• LDAP Injection
• Buffer overflow
|Cross site scripting attacks and mitigation||
• Reflected XSS
• Stored XSS
• DOM based XSS
• XSS evasion techniques
• XSS mitigation countermeasures
|Cross site request forgery and mitigation||
• CSRF (XSRF) attack description
• ISRF attack description
• CSRF/ISRF mitigation countermeasures
|Regulations and web application security||
• Web application single sign on (SSO) and OpenID
|Security of AJAX based web applications||• Security of AJAX based web applications|
• Course’s Evaluation
05 Oct 2020 au 07 Oct 2020