Web Security - Vulnerability Analysis

Formation présentielle

Durée : 28 heures (4 jours)

Durée :28 heures (4 jours)

€ HT

Se préinscrire

Durée :28 heures (4 jours)

€ HT

Se préinscrire

Durée :28 heures (4 jours)

€ HT

Se préinscrire

Formation créée le 14/10/2022.

Version du programme : 1

Programme de la formation

Objectif de formation : Cette formation englobe analyse et compréhension des différents éléments axés applications web pour une exploration du domaine des vulnérabilité et attaques orientées WEB

Objectifs de la formation

Apply techniques used to audit and test the security of web applications
Apply techniques used to conduct discovery, exploration and investigation of a website and web application features
Apply tools and techniques used to discover and exploit vulnerabilities
Understand and Apply port scanning techniques
Understand application flowcharting and session analysis
Understand Client Injection Attacks
Understand Cross-Site & Server-Side Request Forgery (CSRF / SSRF)
Understand Cross-Site Scripting (XSS)
Understand how a web application manages client sessions
Understand how a web application tracks user activity
Understand how a web application uses SSL/TLS in modern web communications
Understand how to bypass and exploit weak authentication
Understand how to enumerate users
Understand HTTP, HTTPS, and AJAX within the context of security, vulnerabilities, and essential operations
Understand identifying services and configurations
Understand processes and mechanisms used to secure web applications by authentication
Understand spidering web applications
Understand SQL injection attacks and how to identify SQL injection vulnerabilities in applications
Understand the attacks leveraged against flaws in session states
Understand the technologies, programming languages and structures involved in the construction and implementation of a website
Understand the tools and techniques used to audit and identify flaws in the design or implementation in the configuration of a website
Understand the use of proxies, fuzzing, scripting, and application logic attacks
Understand tools and techniques required to perform web application security testing on modern web-based languages such as JavaScript with AJAX

Profil des bénéficiaires

Auditeurs de sécurité
Développeurs chargés de la sécurité des applications web
Responsables DSI
Consultants en sécurité informatique
Responsables sécurité informatique
Toute personne en charge de la sécurité informatique

Avoir des connaissances dans la sécurité des SI, dans la sécurité des applications web et en programmation Web (PHP, JavaScript, HTML)

Contenu de la formation

Web Application Assessment Concepts
- Penetration Testing
- Application Penetration Testing
- Risk Assessment and Management
- OWASP Testing Guide
- Web Application Security Consortium Threat Classification
- Penetration Testing Execution Standard
- Pre-Engagement Interactions
- Intelligence Gathering
- Threat Modelling
- Vulnerability Analysis
- Exploitation
- Post Exploitation
- Reporting
- OWASP Zed Attack Proxy (ZAP)
- BurpSuite
- Browser Exploitation Framework (BeEF)
- Other Tools
Web Application Reconnaissance
- Reconnaissance - WHOIS
- Reconnaissance - Domain Name System (DNS)
- Reconnaissance - Virtual Host (vHost) Discovery
- Open-Source Intelligence (OSINT) - Definitions
- Open-Source Intelligence (OSINT) - Frameworks & Tools
- Protocols - Hypertext Transfer Protocol (HTTP)
- Protocols - Hypertext Transfer Protocol (HTTP) - Cookies
- Protocols - Hypertext Transfer Protocol (HTTP) - Headers
- Protocols - Hypertext Transfer Protocol (HTTP) - Request Methods
- Protocols - Hypertext Transfer Protocol (HTTP) - Status Codes
- Protocols - Hypertext Transfer Protocol (HTTP) - 1.0, 1.1, 2.0 & 3.0
- Protocols – Hypertext Transfer Protocol (HTTP) - Cross-Origin Resource Sharing (CORS)
- Protocols – Hypertext Transfer Protocol (HTTP) - Content Security Policy
- Protocols – Secure Sockets Layer (SSL)
- Protocols – Secure Sockets Layer (SSL) - Configuration
- Protocols – Secure Sockets Layer (SSL) - Weaknesses
- Interception Proxies – Definitions & Types
- Interception Proxies – Fiddler
- Interception Proxies – BurpSuite Proxy
- Interception Proxies – OWASP Zed Attack Proxy (ZAP) Proxy
- SSL Proxying – Definition
- SSL Proxying – Through BurpSuite Pro
- SSL Proxying – Through OWASP Zed Attack Proxy (ZAP)
Content Discovery, Authentication and Session Testing
- Content Discovery – Logging and Monitoring
- Content Discovery – Website Spidering
- Content Discovery – Content Analysis
- Authentication – Web Authentication Mechanisms - Cookie-Based Authentication
- Authentication – Web Authentication Mechanisms - Token-Based Authentication
- Authentication – Web Authentication Mechanisms - Third Party Access (OAuth, API Token)
- Authentication – Web Authentication Mechanisms - OpenID
- Authentication – Web Authentication Mechanisms - SAML
- Authentication – Username Harvesting
- Authentication – Password Guessing
- Authentication – Authentication and Authorisation Bypass
- Session Testing – Brute Forcing Unlinked Files
- Session Testing – Brute Forcing Directories
- Session Testing – Burp Sequencer
- Tools – Fuzzing with ZAP
- Tools – Fuzzing with ffuf
- Tools – Fuzzing with Burp Intruder
- Sessions – Session Management
- Sessions – Session Attacks
- Training Platforms – Mutillidae
Injection, Inclusion, and XML External Entity (XXE)
- Traversal Attacks - Directory Traversal
- File Inclusion Attacks - Local File Inclusion (LFI)
- File Inclusion Attacks - Remote File Inclusion (RFI)
- SQL Attacks - SQL Injection
- SQL Attacks - Blind SQL Injection
- SQL Attacks - Error-Based SQL Injection
- SQL Attacks - Exploiting SQL injection
- SQL Attacks - Tools - sqlmap
- Injection Attacks - Command Injection
- Injection Attacks - Insecure Deserialisation
- Injection Attacks - XML External Entity (XXE)
XML External Entity (XXE) Deep Dive
- Client-Side Attacks - Cross-Site Scripting (XSS)
- Tools - Browser Exploitation Framework (BeEF)
- Techniques - Asynchronous JavaScript and XML (AJAX)
- Languages - Extensible Markup Language (XML)
- Languages - JavaScript Object Notation (JSON)
- Models - Document Object Model (DOM)
- Attacks - Application Programming Interface (API)
- Attacks - Application Programming Interface (API) - Authentication Hijacking
- Attacks - Application Programming Interface (API) - Data Exposure
- Attacks - Application Programming Interface (API) - Parameter Tampering
- Attacks - Application Programming Interface (API) - Unencrypted Communications
- Principles - Representational State Transfer (REST)
- Protocols - Simple Object Access Protocol (SOAP)
Request Forgery, Logic Flaws and Advanced Tools
- Web Attacks - Cross-Site Request Forgery (CSRF)
- Web Attacks - Server-Side Request Forgery (SSRF)
- Web Attacks - Application Logic Attacks
- Programming - Python for Web Application Penetration Testing
- Tools - WPScan
- Tools - ExploitDB
- Tools - BurpSuite Pro Scanner
- Tools - Metasploit
- Business of Penetration Testing - Preparation
- Business of Penetration Testing - Post Assessment and Reporting

Équipe pédagogique

Professionnel expert technique et pédagogique

Suivi de l'exécution et évaluation des résultats

Feuilles de présence
Questions orales ou écrites (QCM)
Mises en situation
Formulaires d'évaluation de la formation
Certificat de réalisation de l’action de formation

Ressources techniques et pédagogiques

Espace numérique de travail
Documents supports de formation projetés
Exposés théoriques
Etude de cas concrets
Quiz en salle
Mise à disposition en ligne de documents supports à la suite de la formation

Qualité et satisfaction

Taux de satisfaction des apprenants, nombre d'apprenants, taux et causes des abandons, taux de retour des enquêtes, taux d'interruption en cours de prestation...