Search
Close this search box.

Are you the victim of a security incident? Contact our CERT

Training

Secure code developments techniques

This training program is designed to make development teams aware of the security risks associated with web application development. This module presents the attacks commonly used by hackers. The techniques presented are described in detail and put into practice. The module details the best practices to adopt to protect against the attacks presented.

Course overview

  • Know the main vulnerabilities associated with web applications (OWASP Top 10)
  • Know how to detect the presence of these vulnerabilities
  • Acquire good development practices

Course Curriculum

Introduction

  • Cybersecurity context (CNIL, threats, attackers, data leaks, the black market in vulnerabilities, etc.).
  • OWASP
  • MITRE ATT&CK matrix

Advanced web testing

  • We propose to organize the topics covered in 2 phases.

    The 1st phase covers the essentials of important topics and the OWASP top 10 over 1.5 days:

    • Authentication/Password storage
    • HTTP (using Burp Suite)
    • HTTP field manipulation
    • Session management
    • Path Traversal, LFI
    • Application denial of service
    • Caching
    • RCE
    • XSS
    • SQL Injections
    • CSRF
    • Open Redirect
    • XXE
    • SSRF

    The 2nd phase, lasting 0.5 days, covers a number of topics chosen in consultation with the training audience, according to the technologies used and their skills and aptitudes. Possible topics are:

    • Insecure deserialization (PHP and/or JAVA)
    • Type Juggling (PHP)
    • Log forging
    • Security headers
    • Dependency Confusion
    • OAuth/OpenID
    • Angular and XSS
    • SAMLv2
    • TLS configuration
    • NoSQL injection
    • API security

Method of Assessment

  • Completion of a final online questionnaire covering all the concepts learned.
  • In the case of face-to-face training: practical exercises

Training benefits

  • Training delivered by an expert in web application security who has carried out numerous web intrusion tests.
  • Face-to-face training includes practical exercises carried out by participants themselves on a test environment

Who should attend?

  • Web application developers, whatever the technology used

Entry Requirements

  • Basic knowledge of web environments:
    • 1 web language: PHP, JAVA, ASP .NET, Python, etc.
    • 1 database language: SQL and/or NoSQL
    • 1 operating system: Linux and/or Windows

How and when to access

The participant is considered registered when:

  • The prerequisites and needs are identified and validated
  • The training agreement is signed

Registration requests can be sent up to 10 working days before the start of the training.

Accessibility

Whether you are recognized as having a disability or not, making our training accessible to everyone is part of our commitment.

If you need compensation or adaptation for the content, the supports, the “venue”, the material used, the schedules, the rhythm, we are at your disposal.

Duration

2 days (14h)

OPCO support

Prise en charge OPCO

Download the training sheet in PDF format

Would you like more information?

+33 (0)2 55 59 01 11

Almond commits itself to ensure that the collection and processing of your data, carried out from the site https://almond.eu/, are in conformity with the General Data Protection Regulation (GDPR) and with the modified law n° 78-17 of January 6, 1978, relating to the protection of personal data. The information collected on this form is recorded in a file computerized by Almond, in order to answer the requests for information. You can access the data concerning you, ask for their correction or their deletion. You also have a right of opposition, and a right to limit the processing of your data (see cnil.fr for more information on your rights). You can exercise your rights by contacting Almond's Data Protection Officer at the following address: [email protected]. Your data will be kept within the European Union, in accordance with the regulations in force.