Web Security - Vulnerability Analysis
Formation créée le 14/10/2022.
Version du programme : 1
Programme de la formation
Objectif de formation : Cette formation englobe analyse et compréhension des différents éléments axés applications web pour une exploration du domaine des vulnérabilité et attaques orientées WEB
Objectifs de la formation
- Apply techniques used to audit and test the security of web applications
- Apply techniques used to conduct discovery, exploration and investigation of a website and web application features
- Apply tools and techniques used to discover and exploit vulnerabilities
- Understand and Apply port scanning techniques
- Understand application flowcharting and session analysis
- Understand Client Injection Attacks
- Understand Cross-Site & Server-Side Request Forgery (CSRF / SSRF)
- Understand Cross-Site Scripting (XSS)
- Understand how a web application manages client sessions
- Understand how a web application tracks user activity
- Understand how a web application uses SSL/TLS in modern web communications
- Understand how to bypass and exploit weak authentication
- Understand how to enumerate users
- Understand HTTP, HTTPS, and AJAX within the context of security, vulnerabilities, and essential operations
- Understand identifying services and configurations
- Understand processes and mechanisms used to secure web applications by authentication
- Understand spidering web applications
- Understand SQL injection attacks and how to identify SQL injection vulnerabilities in applications
- Understand the attacks leveraged against flaws in session states
- Understand the technologies, programming languages and structures involved in the construction and implementation of a website
- Understand the tools and techniques used to audit and identify flaws in the design or implementation in the configuration of a website
- Understand the use of proxies, fuzzing, scripting, and application logic attacks
- Understand tools and techniques required to perform web application security testing on modern web-based languages such as JavaScript with AJAX
Profil des bénéficiaires
Pour qui
- Auditeurs de sécurité
- Développeurs chargés de la sécurité des applications web
- Responsables DSI
- Consultants en sécurité informatique
- Responsables sécurité informatique
- Toute personne en charge de la sécurité informatique
Prérequis
- Avoir des connaissances dans la sécurité des SI, dans la sécurité des applications web et en programmation Web (PHP, JavaScript, HTML)
Contenu de la formation
-
Web Application Assessment Concepts
- Penetration Testing
- Application Penetration Testing
- Risk Assessment and Management
- OWASP Testing Guide
- Web Application Security Consortium Threat Classification
- Penetration Testing Execution Standard
- Pre-Engagement Interactions
- Intelligence Gathering
- Threat Modelling
- Vulnerability Analysis
- Exploitation
- Post Exploitation
- Reporting
- OWASP Zed Attack Proxy (ZAP)
- BurpSuite
- Browser Exploitation Framework (BeEF)
- Other Tools
-
Web Application Reconnaissance
- Reconnaissance - WHOIS
- Reconnaissance - Domain Name System (DNS)
- Reconnaissance - Virtual Host (vHost) Discovery
- Open-Source Intelligence (OSINT) - Definitions
- Open-Source Intelligence (OSINT) - Frameworks & Tools
- Protocols - Hypertext Transfer Protocol (HTTP)
- Protocols - Hypertext Transfer Protocol (HTTP) - Cookies
- Protocols - Hypertext Transfer Protocol (HTTP) - Headers
- Protocols - Hypertext Transfer Protocol (HTTP) - Request Methods
- Protocols - Hypertext Transfer Protocol (HTTP) - Status Codes
- Protocols - Hypertext Transfer Protocol (HTTP) - 1.0, 1.1, 2.0 & 3.0
- Protocols – Hypertext Transfer Protocol (HTTP) - Cross-Origin Resource Sharing (CORS)
- Protocols – Hypertext Transfer Protocol (HTTP) - Content Security Policy
- Protocols – Secure Sockets Layer (SSL)
- Protocols – Secure Sockets Layer (SSL) - Configuration
- Protocols – Secure Sockets Layer (SSL) - Weaknesses
- Interception Proxies – Definitions & Types
- Interception Proxies – Fiddler
- Interception Proxies – BurpSuite Proxy
- Interception Proxies – OWASP Zed Attack Proxy (ZAP) Proxy
- SSL Proxying – Definition
- SSL Proxying – Through BurpSuite Pro
- SSL Proxying – Through OWASP Zed Attack Proxy (ZAP)
-
Content Discovery, Authentication and Session Testing
- Content Discovery – Logging and Monitoring
- Content Discovery – Website Spidering
- Content Discovery – Content Analysis
- Authentication – Web Authentication Mechanisms - Cookie-Based Authentication
- Authentication – Web Authentication Mechanisms - Token-Based Authentication
- Authentication – Web Authentication Mechanisms - Third Party Access (OAuth, API Token)
- Authentication – Web Authentication Mechanisms - OpenID
- Authentication – Web Authentication Mechanisms - SAML
- Authentication – Username Harvesting
- Authentication – Password Guessing
- Authentication – Authentication and Authorisation Bypass
- Session Testing – Brute Forcing Unlinked Files
- Session Testing – Brute Forcing Directories
- Session Testing – Burp Sequencer
- Tools – Fuzzing with ZAP
- Tools – Fuzzing with ffuf
- Tools – Fuzzing with Burp Intruder
- Sessions – Session Management
- Sessions – Session Attacks
- Training Platforms – Mutillidae
-
Injection, Inclusion, and XML External Entity (XXE)
- Traversal Attacks - Directory Traversal
- File Inclusion Attacks - Local File Inclusion (LFI)
- File Inclusion Attacks - Remote File Inclusion (RFI)
- SQL Attacks - SQL Injection
- SQL Attacks - Blind SQL Injection
- SQL Attacks - Error-Based SQL Injection
- SQL Attacks - Exploiting SQL injection
- SQL Attacks - Tools - sqlmap
- Injection Attacks - Command Injection
- Injection Attacks - Insecure Deserialisation
- Injection Attacks - XML External Entity (XXE)
-
XML External Entity (XXE) Deep Dive
- Client-Side Attacks - Cross-Site Scripting (XSS)
- Tools - Browser Exploitation Framework (BeEF)
- Techniques - Asynchronous JavaScript and XML (AJAX)
- Languages - Extensible Markup Language (XML)
- Languages - JavaScript Object Notation (JSON)
- Models - Document Object Model (DOM)
- Attacks - Application Programming Interface (API)
- Attacks - Application Programming Interface (API) - Authentication Hijacking
- Attacks - Application Programming Interface (API) - Data Exposure
- Attacks - Application Programming Interface (API) - Parameter Tampering
- Attacks - Application Programming Interface (API) - Unencrypted Communications
- Principles - Representational State Transfer (REST)
- Protocols - Simple Object Access Protocol (SOAP)
-
Request Forgery, Logic Flaws and Advanced Tools
- Web Attacks - Cross-Site Request Forgery (CSRF)
- Web Attacks - Server-Side Request Forgery (SSRF)
- Web Attacks - Application Logic Attacks
- Programming - Python for Web Application Penetration Testing
- Tools - WPScan
- Tools - ExploitDB
- Tools - BurpSuite Pro Scanner
- Tools - Metasploit
- Business of Penetration Testing - Preparation
- Business of Penetration Testing - Post Assessment and Reporting
Équipe pédagogique
Professionnel expert technique et pédagogique
Suivi de l'exécution et évaluation des résultats
- Feuilles de présence
- Questions orales ou écrites (QCM)
- Mises en situation
- Formulaires d'évaluation de la formation
- Certificat de réalisation de l’action de formation
Ressources techniques et pédagogiques
- Espace numérique de travail
- Documents supports de formation projetés
- Exposés théoriques
- Etude de cas concrets
- Quiz en salle
- Mise à disposition en ligne de documents supports à la suite de la formation
Qualité et satisfaction
Taux de satisfaction des apprenants, nombre d'apprenants, taux et causes des abandons, taux de retour des enquêtes, taux d'interruption en cours de prestation...