Description

This seminar provides a complete overview of Web threats. It details flaws in browsers, social networks and Web 2.0, new vulnerabilities in SSL/TLS and X509 certificates, as well as J2EE, .NET and PHP applications. It presents solutions to protect and control application security.

Who is this training for ?

For whom ?

DSI, CISO, security managers, developers, designers, project managers integrating security constraints, network, IT, system managers or administrators.

Prerequisites

Training objectives

Identify security threats to Web applications

Know Web security protocols

Understand attack typologies

Secure Web applications

Training program

• Threats, vulnerabilities of web applications
  • Major risks of web applications according to IBM X-Force IBM and OWASP.
  • Cross Site Scripting (XSS), injection and session attacks.
  • Propagation vulnerability with a Web Worm.
  • Attacks on standard configurations.
• Security protocols SSL, TLS
  • SSL v2/v3 and TLS, PKI, X509 certificates, certification authority.
  • Impact of SSL on the security of UTM and IDS/IPS firewalls.
  • Vulnerabilities and attacks on SSL/TLS.
  • Techniques for capturing and analyzing SSL flows.
  • HTTPS stripping attack on secure links.
  • Attacks on X509 certificates, OCSP protocol.
  • SSL and web application performance.
• Targeted attacks on user and browser
  • Attacks on Web Browsers, Rootkit.
  • Smartphone Security for Surfing the Net.
  • Malicious Codes and Social Networks.
  • The specific dangers of Web 2.
  • 0.
  • Social engineering techniques.
• Targeted attacks on authentication
  • Authentication via HTTP, SSL by client X509 certificate.
  • Implement strong authentication, by software.
  • Non-intrusive Web SSO solution (agentless) .
  • Main attacks on authentications.
• Web services security
  • Protocols, security standards XML Encryption, XML Signature, WS-Security/Reliability.
  • Injection attacks (XML injection.
  • ), brute force or by replay.
  • Application firewalls for Web services.
  • Main players and products on the market.
• Effectively secure web applications
  • Hardening: securing the system and the HTTP server.
  • Virtualization and security of web applications.
  • Environments.
  • NET, PHP and Java.
  • The 5 phases of SDL.
  • Fuzzing techniques.
  • Qualify your application with ASVS.
  • WAF: what efficiency, performance?
• Control web application security
  • Pentest, security audit, vulnerability scanners.
  • Organize effective technological monitoring.
  • Declaration of security incidents.
  • Demonstration Implementation of a Web server with type HTTPS Stripping.