Web application security




DESCRIPTION

Do you want to secure your web applications? This training teaches you how to detect attacks and secure web applications. In particular, you will be able to: know the different attacks and protect yourself against them, secure access and sessions, implement good practices in terms of web security.

Prerrequisites:
  • Good knowledge of the web.
  • Programming language.

  Download syllabus






DETAILS

  •   Course syllabus

  • Introduction
    Overview of web security
    Terminology, standards and laws
    Think tanks about security
    WASC typology
    Top 10 OWASP

    HTTP protocol
    Client/server, Ajax and DOM
    Headers
    Status codes
    HTTP methods
    Opening on Burp Suite

    Web application vulnerabilities
    Injections: SQL, LDAP, code...
    URL protection
    Insecure storage
    Cross Site Scripting (XSS)
    Session and authentication
    Exposing sensitive data
    CSRF attack, phishing
    Vulnerabilities on configurations
    DDOS-like attacks
    Insecure deserialization
    Vulnerable components
    Site analysis with the OWASP ZAP tool

    Security-related technologies
    Firewalls: tools, techniques
    HTTP request filters
    Message imprint
    SHA-x and MD5 algorithms
    Digital signature
    Public key/ private key
    Key chest and trust chest
    Certificate authorities
    Data encryption
    AES and RSA algorithms
    SSL, TLS protocols
    PKI, X509 certificates
    HTTP authentication
    Certificate authentication
    Network frame analyzer
    HTTP scanning proxy

    Secure Web Applications
    Re-post data
    Timeout and disconnection
    Hide URLs
    Data validation
    Cookies and digital certificates
    Session ID and transaction token
    Session stealing (MITM proxy)
    Diversion
    XSS or Cross Site Scripting
    Using direct references
    CSRF (Anti-CSRF Token)
    DBMS Access security
    SQL / Code injection
    Using JavaScript
    Escaping HTML tags
    Authentication with captcha
    Brute force attacks: cewl + Cupp.py
    Passwords: salting, etc.
    Access control, privileges
    Securing a file upload

    Secure Web Services
    SOAP, REST, gRPC
    Authentication
    Authorization
    Confidentiality and integrity
    Security: OAUTH, SAML, Token
    Web Services security
    Control web application security
    Penetration test, Burp suite
    Security audit
    Vulnerability scanners
    Efficient technology watch
    Security incident reporting
    Mobile devices: threats and risks
    Mobile Hacking Tools
    Mobiles: security

  •   What's included

  • + Experienced instructor
    + Complete syllabus
    + Course material (PDF)
    + Miscellaneous course notes

  •   Who it is for

  • + Pentesters.
    + Web developers.
    + Web project managers.

  •   Certification

  • The training is illustrated by case studies and practical work. It does not yet lead to certification.



BENEFITS. TESTIMONIALS

  • Your Reconvert instructor,
  • Hands-on based teaching,
  • Immediate access to VODs if available,
  • Good quality PDF materials.

Excellent quality, the teacher knows how to create an environment of trust and confidence which makes the training really enjoyable. The course was dynamic and easy to understand. The trainer is an excellent instructor.
J. Ruiz
The Moneytizer, Mexico

The training session with you was awesome, really interesting and full of useful information. I’m currently a Cloud & Big Data engineer with Micropole, Paris. Thanks.
A. Chuttoo
Micropole, France

These 4 days have been enriching. After a training-course in HTML and then CSS, the one on Javascript gave me a lot more knowledge and skills in client side web development.
J. Salgueiro
The Moneytizer, Brazil



Other references :

Click on the logo.


Capgemini Atos Allianz TheMoneytizer CPAM M2iFormation Global Knowledge Ikea Hewlett Packard Department of Defense AKKA Ministry of the Interior AFP Enedis Viveris Titeflex Others


DURATION (H)



Duration : 21 hours.



PRICE & QUOTES

  •   Online Instructor Led

  • Get a quote now.
    Video conference tools : Zoom or Teams.
    Getting a quote does not require any payment or commitment.

    Guide price : $2098




Others trainings

Python programming by hands-on
Learn by hands-on how to program in Python language : syntax, functions, databases.

HTML5 & CSS: how to create modern websites
Learn how to create modern web pages using HTML5 and CSS3 languages.

Creating dynamic PHP web applications
Learn to create PHP applications connected to SQL databases.

Workshop: discovering web development
Discover web development in 30 minutes, and see if this job is for you.

Getting started in algorithms with Java
Learn how to solve a problem by describing it in pseudo code language and then by producing a Java code.

Workshop: learn SQL with MySQL
Learn how to get started with a database by writing simple SQL clauses.

Mastering SQL language with MySQL
Learn how to write and test SQL for your web application data.

Workshop: learn programming with Python
Get started with Python by learning how to install it and create small programs.

Javascript programming
Learn how to create interactivity on the browser with the Javascript language.

E-marketing: techniques and tools
Understand and carry out e-marketing campaigns with professional tools.

How to create a blog without coding
Learn how to create a personal or business blog in your web browser, without programming.

jQuery programming
Learn how to create interactivity with jQuery and use Ajax technology.

Java Database Connectivity
Learn how to perform the interaction between Java code and a relational database.

GIT - source code management
Learn how to manage and deploy all your IT projects with Git and GitHub.

UML: analysis and design
Learn to design object applications with UML by representing entities in classes and interactions between objects.

Java SE programming
Learn how to create Java applications using object-oriented programming.

Java Web Programming
Learn how to create dynamic, data-connected web applications using Java and JEE technology.

JPA and Hibernate persistence
Learn how to use the JPA standard and the Hibernate ORM to manage persistence in your applications.

Spring Web programming
Learn how to use Spring Framework, Spring MVC and Spring Boot to build secure web applications.

Web services with Java REST API
Learn how to create REST services in Java, secure them, deploy them and consume them.

Unit testing with JUnit
Get started with the JUnit reference testing framework and implement unit and integration tests.

Angular: web development
Learn how to develop web applications using the Angular framework.

Python API and REST Web Services
Learn how to create REST services in Python, secure them, deploy them and consume them.

Advanced PHP, Doctrine and Web Services
Learn how to create object-oriented PHP applications using specialized libraries and Web services.

Symfony : web development
Learn Symfony concepts to create modern and secure MVC web applications.

Django: web development with Python
Learn how to develop web applications in Python using the Django framework.