logo-img

Seat reservation

Oops! No seats reserved yet.
loading..



(603) 852 79 35 akasi-commercial@akasigroup.com 1, Tara boulevard # 101, Nashua NH 03062 United States
(603) 852 79 35 akasi-commercial@akasigroup.com 1, Tara boulevard # 101, Nashua NH 03062 United States
0

Course details

Introduction to application security

Course 00176
Beginner
2 days
PDF
Wishlist:
Share
Category: Cyber Security

Description

The aim of this technical training is to instruct programmers in the rules to be to follow in terms of application protection. The omnipresence of AI and the proliferation of cyber-attacks means that security needs to be built in right from the application design phase. design phase. Through practical exercises, participants will acquire the knowledge they need to to detect vulnerabilities and implement countermeasures

What you'll learn

  • Anyone working in application, web or local development and software tools that can open access doors
  • Architects and managers of development teams
  • Anyone who wants to add a high-demand expertise to their CV
  • Anyone with an interest in cybersecurity in general

Targeted audience

  • • Anyone working in application, web or local development and software tools that can open access doors
  • • Architects and managers of development teams
  • • Anyone wishing to add a high-demand expertise to their CV
  • • Anyone with an interest in cyber security in general

Pre-requisites

  • • Understanding development vocabulary
  • • Basic programming skills recommended
  • • A certain level of comfort with Docker for setting up the lab environment

Curriculum

What is OSINT and how attackers use it to gather information about your systems

What is BURP?

Exercise: brute force login

Explanation of the flaw

Exercise: finding exposed URLs where access is not properly controlled in a web application

Mitigation methods

Explanation of the diƯerent cryptographic attacks

Exercise: Identification of a password hash in the application and ‘cracking’ using common Internet tools » à l’aide d’outils communs sur Internet

Explanation of the Padding Oracle flaw and exercise

Mitigation methods and best practices

Explanation of the diƯerent types of XSS

Exercise: Performing a DOM XSS reflection

Exercise : Performing a Stored XSS

Exercice : Capturer le jeton d’authentification d’un administrateur en XSS

CSRF concepts

Mitigations

SQL Injection: Explaining the attack

Awareness and exercise in taking control of a database with sqlmap

Mitigations and best practices

Exercise: Exfiltration and password cracking

Command injection: Explanation

Command injection and reverse shell exercise

Mitigation methods and best practices

Example of XXE

Exercise on XXE, data exfiltration

Mitigation methods and best practices

Explanation of the subject

Examples of problems and threat scenarios

Mitigation methods and best practices

Notions of pipeline, source code management, cloud

Identifying obsolete and vulnerable components

Exercise: Exploiting a vulnerable module for data exfiltration

Mitigation methods (integration of identification modules into the pipeline)

Explanation of the subject

Presentation of the OWASP cheatsheet for best practices

Exploiting secret questions and password bypassing

Mitigation methods and best practices

Explanation of the subject

Exercise: reverse shell based on a serialization flaw in Python

Mitigation methods and best practices

Explanation of SSRF

Lesson 2: Exercise: Displaying an image available only from the Docker infrastructure from outside Docker

Means of mitigation and best practices

Notions d’architecture applicative sécuritaire

Récapitulation des failles vues pendant le cours

Importance de la sécurité des applications

Get this Course

1450,00 €

  • • 2 days instructor-led training course
  • • After-course coaching available

  • Mar 24, 2025 - Mar 25, 2025
    08:00 AM - 05:00 PM UTC
    Montreal or Virtual
    RESERVE SEAT
  • Apr 14, 2025 - Apr 15, 2025
    08:30 AM - 05:00 PM UTC
    Montreal or Virtual
    RESERVE SEAT