State of the art of Web Application Attacks
The training is based on a program made up of 50 % of theory and 50 % of practical exercises on the following points:
– Reminder on HTTP
Requests and answers, states and cache management, rerouting, authentication, encryption, implicit actions of browser.
– Current Attacks
Introduction to OWASP “top 10”: injections (HTML and SQL), non-secure direct references, CSRF, versions management, presentation of real examples.
Extensions for browsers (Chrome, Firefox), intercept and replay tools (ZAP, Burp Suite).
– Practical exercises
SQL injection, request manipulation (cookies and parameters), password cracking, data mining.
– Advanced exploitation
Advanced techniques to exploit vulnerabilities like SQL and XXS injection: access to the filing system, filters bypassing, mass exploitation, technical sequences.
– Vulnerabilities outside of “OWASP top 10”
Theory and practice of modern attacks (injections JSON, SSRF, XXE)
- +TECHNICAL PREREQUISITES
To ensure the success of the training, you will need:
– a laptop with wire connectivity (RJ45)
– a browser handling extensions (Firefox ou Chrome)
– Java virtual machine (JRE)
- +EXPECTED PUBLIC
This training targets the following profiles:
– Security Consultants
– Software Engineers
– CIOs, CISOs
– System Administrators
Trainer profile for Web application attacks:
Nicolas Grégoire, founder of the company Agarri, specialized in offensive IT security, with more than 15 years of experience in intrusive tests.
- +PRICE & ADDITIONAL INFORMATION
More information about the training:
Duration : 3 days, from 9 am to 6 pm
Location : DenyAll, 6 avenue de la Cristallerie, 92310 Sèvres, FRANCE
Price : 4200€ before taxes
If you need any further information about this training or another one, don’t hesitate to contact us.