[SCAN-WEB] The security of web applications through the creation of test tools

Duration and location

2 days

If inter : Hôtel Oceania Rennes – Saint-Grégoire, Bd Robert Schuman

35760 Saint-Grégoire, FRANCE

Rates

  • Inter : 1400€ per person
  • Intra : 8400€ (12 participants maximum)
  • On-demand : Contact us

Registration and information

Registration at least 5 business days before the beginning of the training

Training referent : Mr Julien MOINARD
Disability referent : Mr Adrien SCHMOUKER

Email : academy@lootus.net

Tél : +33(0)2 30 96 02 83

For any question including access conditions for the disabled public

Privacy

Our privacy policy is available here

GDPR Notice : Professional training

Register to the training

This training was last updated on March 13th, 2023

Registration to [SCAN-WEB] inquiry

Q

Objectives

  • Learn about the main vulnerabilities through the OWASP presentation
  • Discover offensive methods / techniques
  • Exploit vulnerabilities using the methods of malicious people
  • Design test tools for automated vulnerability detection

Target audience

Tester / quality, web developer, architect, integrator.

Prerequisites

It is recommended to be interested in web security and to have a basic knowledge of how HTTP requests work as well as in the Python language.

Evaluation methods

  • MCQs at the beginning and end of the training
  • Training certificate in accordance with article L.6353-1 of the French Labour Code.

Methods used

  • PowerPoint course material (in French)
  • Teaching methods used: lecture, demonstration, experimentation
  • Practical work with the I²Cx Cyber Range training platform
  • If training in inter, a computer will be provided to each participant
  • If training in intra, the participants must already have a computer at their disposal, with the virtualization tool pre-installed (a download link is provided beforehand), and the following specifications:
      • At least 15GB of available disk space (to deploy the virtual machine;
      • At least 6GB of RAM;
      • At least 2 CPU cores (Inte, i3, i5, i7 or AMD equivalent);
      • 2 free USB ports (USB2);
      • 64 bits OS with administrator privileges (Windows, Linux or Mac OS);
      • An OVA file to easily deploy the virtual machine will be provided.

Program

1. INTRODUCTION TO WEB CYBERSECURITY

2. LACK OF LOGGING AND MONITORING

3. UPDATES AND KNOWN VULNERABILITIES

4. POOR HEADER CONFIGURATIONS

5. PW: HEADER RECOVERY

6. CRYPTOGRAPHIC MISCONFIGURATIONS

7. PW: CRYPTOGRAPHIC QUALITY CONTROL

8. XSS

    9. PW: XSS INJECTION

    10. SENSITIVE DATA EXPOSURE

    11. XXE

    12. BROKEN ACCESS CONTROL

    13. DATABASE INJECTION

    14. PW: DATABASE INJECTION

    15. AUTHORIZATION ERRORS

    16. PW: AUTHORIZATION ERRORS