Accès code bashing pendant 1 an compris après la formation !
Programme
1er jour : Introduction à la recherche de vulnérabilité dans les applications Web et Mobile
- Introduction to the Web Application Vulnerability Assessment
- Type: Labs
- Audience: Everyone that have already developed web applications
- Technology: Web technologies
- Objective: The objective of this training is to allow the students to discover the offensive side of the Application Security about Web Application and practice it during a lab
- During this training, the students will discover:
- What is a Web Application Vulnerability Assessment?
- The different steps of this kind of assessment
- The methodology used to rate the security issues
- The open referential that can be used to conduct an assessment
- Introduction to the Mobile Application Vulnerability Assessment
- Type: Labs
- Audience: Everyone that have already developed mobile applications
- Technology: Mobile technologies
- Objective: The objective of this training is to allow the students to discover the offensive side of the Application Security about Mobile Application and practice it during a lab
- During this training, the students will discover:
- What is a Mobile Application Vulnerability Assessment?
- The different steps of this kind of assessment
- The methodology used to rate the security issues
- The open referential that can be used to conduct an assessment
2ème jour : Introduction à la sécurité dans le développement avec les notions théoriques
- Démonstration des vulnérabilités les plus communes et des méthodes de défense pour s’en prémunir
- Introduction to Secure Coding
- Type: Theoretical
- Audience: Everyone
- Technology: Independent
- Objective: The objective of this training is to introduce the students to the defensive side of the Application Security
- During this training, the students will discover:
- What is the Application Security?
- Why the security of an application is important for is life in the company information system?
- Principles of Secure Coding
- Common security error meet during development and how to prevent them
- Practical demonstrations of common vulnerabilities
- Type: Demonstration
- Audience: All developers
- Technology: Independent
- Objective: The objective of this training is to present to the students different kinds of application vulnerabilities
- During this training, the students will discover:
- Different kind of vulnerabilities that are commonly present in applications
- How to detect them
- How to validate them
- How to fix them
3ème jour : Mise en pratique des cours théoriques à travers l’implémentation de la sécurité dans un projet vulnérable
- Secure coding labs
- Type: Labs
- Audience: Developers with current competencies in the session development language
- Technology: JAVA or .NET – Single technology by session
- Objective: The objective of this training is to allow the students to manipulate the secure coding concepts and vulnerabilities seen during the trainings « Introduction to Secure Coding » and « Practical demonstrations of common vulnerabilities »
- During this training, the students will discover:
- How to identify the kind of attacks to which the application’s business features are exposed
- Derivate counter-measures from attacks identified
- Implements counter-measures using the target technology build-in features or custom code depending on the attack and the technology capacities
