Unlock the potential of generative AI across all your managerial functions.
Log in
Or create your account
You have just added to your selection
Your cart is empty, See our trainings

Description

This seminar provides a complete overview of Web threats. It details flaws in browsers, social networks and Web 2.0, new vulnerabilities in SSL/TLS and X509 certificates, as well as J2EE, .NET and PHP applications. It presents solutions to protect and control application security.

Who is this training for ?

For whom ?

DSI, CISO, security managers, developers, designers, project managers integrating security constraints, network, IT, system managers or administrators.

Prerequisites

Training objectives

  • Identify security threats to Web applications
  • Know Web security protocols
  • Understand attack typologies
  • Secure Web applications
  • Training program

      • Major risks of web applications according to IBM X-Force IBM and OWASP.
      • Cross Site Scripting (XSS), injection and session attacks.
      • Propagation vulnerability with a Web Worm.
      • Attacks on standard configurations.
      • SSL v2/v3 and TLS, PKI, X509 certificates, certification authority.
      • Impact of SSL on the security of UTM and IDS/IPS firewalls.
      • Vulnerabilities and attacks on SSL/TLS.
      • Techniques for capturing and analyzing SSL flows.
      • HTTPS stripping attack on secure links.
      • Attacks on X509 certificates, OCSP protocol.
      • SSL and web application performance.
      • Attacks on Web Browsers, Rootkit.
      • Smartphone Security for Surfing the Net.
      • Malicious Codes and Social Networks.
      • The specific dangers of Web 2.
      • 0.
      • Social engineering techniques.
      • Authentication via HTTP, SSL by client X509 certificate.
      • Implement strong authentication, by software.
      • Non-intrusive Web SSO solution (agentless) .
      • Main attacks on authentications.
      • Protocols, security standards XML Encryption, XML Signature, WS-Security/Reliability.
      • Injection attacks (XML injection.
      • ), brute force or by replay.
      • Application firewalls for Web services.
      • Main players and products on the market.
      • Hardening: securing the system and the HTTP server.
      • Virtualization and security of web applications.
      • Environments.
      • NET, PHP and Java.
      • The 5 phases of SDL.
      • Fuzzing techniques.
      • Qualify your application with ASVS.
      • WAF: what efficiency, performance?
      • Pentest, security audit, vulnerability scanners.
      • Organize effective technological monitoring.
      • Declaration of security incidents.
      • Demonstration Implementation of a Web server with type HTTPS Stripping.
    • 910
    • 14 h

    Submit your review

    Translated By Google Translate