Web application security
Prerrequisites:
- Good knowledge of the web.
- Programming language.
Download syllabus
DETAILS
- Course syllabus
-
Introduction
Overview of web security
Terminology, standards and laws
Think tanks about security
WASC typology
Top 10 OWASP
HTTP protocol
Client/server, Ajax and DOM
Headers
Status codes
HTTP methods
Opening on Burp Suite
Web application vulnerabilities
Injections: SQL, LDAP, code...
URL protection
Insecure storage
Cross Site Scripting (XSS)
Session and authentication
Exposing sensitive data
CSRF attack, phishing
Vulnerabilities on configurations
DDOS-like attacks
Insecure deserialization
Vulnerable components
Site analysis with the OWASP ZAP tool
Security-related technologies
Firewalls: tools, techniques
HTTP request filters
Message imprint
SHA-x and MD5 algorithms
Digital signature
Public key/ private key
Key chest and trust chest
Certificate authorities
Data encryption
AES and RSA algorithms
SSL, TLS protocols
PKI, X509 certificates
HTTP authentication
Certificate authentication
Network frame analyzer
HTTP scanning proxy
Secure Web Applications
Re-post data
Timeout and disconnection
Hide URLs
Data validation
Cookies and digital certificates
Session ID and transaction token
Session stealing (MITM proxy)
Diversion
XSS or Cross Site Scripting
Using direct references
CSRF (Anti-CSRF Token)
DBMS Access security
SQL / Code injection
Using JavaScript
Escaping HTML tags
Authentication with captcha
Brute force attacks: cewl + Cupp.py
Passwords: salting, etc.
Access control, privileges
Securing a file upload
Secure Web Services
SOAP, REST, gRPC
Authentication
Authorization
Confidentiality and integrity
Security: OAUTH, SAML, Token
Web Services security
Control web application security
Penetration test, Burp suite
Security audit
Vulnerability scanners
Efficient technology watch
Security incident reporting
Mobile devices: threats and risks
Mobile Hacking Tools
Mobiles: security
- What's included
-
+ Experienced instructor
+ Complete syllabus
+ Course material (PDF)
+ Miscellaneous course notes - Who it is for
-
+ Pentesters.
+ Web developers.
+ Web project managers. - Certification
-
The training is illustrated by case studies and practical work. It does not yet lead to certification.
BENEFITS. TESTIMONIALS
- Your Reconvert instructor,
- Hands-on based teaching,
- Immediate access to VODs if available,
- Good quality PDF materials.
Excellent quality, the teacher knows how to create an environment of trust and confidence which makes the training really enjoyable. The course was dynamic and easy to understand. The trainer is an excellent instructor.
J. Ruiz
The Moneytizer, Mexico
The training session with you was awesome, really interesting and full of useful information. I’m currently a Cloud & Big Data engineer with Micropole, Paris. Thanks.
A. Chuttoo
Micropole, France
These 4 days have been enriching. After a training-course in HTML and then CSS, the one on Javascript gave me a lot more knowledge and skills in client side web development.
J. Salgueiro
The Moneytizer, Brazil
Other references :
Click on the logo.
Capgemini Atos Allianz TheMoneytizer CPAM M2iFormation Global Knowledge Ikea Hewlett Packard Department of Defense AKKA Ministry of the Interior AFP Enedis Viveris Titeflex Others
DURATION (H)
Duration : 21 hours.
PRICE & QUOTES
- Online Instructor Led
-
Get a quote now.
Video conference tools : Zoom or Teams.
Getting a quote does not require any payment or commitment.Guide price : $2098
Others trainings
Python programming by hands-on
Learn by hands-on how to program in Python language : syntax, functions, databases.
HTML5 & CSS: how to create modern websites
Learn how to create modern web pages using HTML5 and CSS3 languages.
Workshop: discovering web development
Discover web development in 30 minutes, and see if this job is for you.
Getting started in algorithms with Java
Learn how to solve a problem by describing it in pseudo code language and then by producing a Java code.
Workshop: learn SQL with MySQL
Learn how to get started with a database by writing simple SQL clauses.
Workshop: learn programming with Python
Get started with Python by learning how to install it and create small programs.
Javascript programming
Learn how to create interactivity on the browser with the Javascript language.
E-marketing: techniques and tools
Understand and carry out e-marketing campaigns with professional tools.
How to create a blog without coding
Learn how to create a personal or business blog in your web browser, without programming.
Java Database Connectivity
Learn how to perform the interaction between Java code and a relational database.
GIT - source code management
Learn how to manage and deploy all your IT projects with Git and GitHub.
UML: analysis and design
Learn to design object applications with UML by representing entities in classes and interactions between objects.
Java Web Programming
Learn how to create dynamic, data-connected web applications using Java and JEE technology.
JPA and Hibernate persistence
Learn how to use the JPA standard and the Hibernate ORM to manage persistence in your applications.
Spring Web programming
Learn how to use Spring Framework, Spring MVC and Spring Boot to build secure web applications.
Web services with Java REST API
Learn how to create REST services in Java, secure them, deploy them and consume them.
Unit testing with JUnit
Get started with the JUnit reference testing framework and implement unit and integration tests.
Python API and REST Web Services
Learn how to create REST services in Python, secure them, deploy them and consume them.