Description of this training course
This immersive training course will give you the skills you need to understand the basics of cybersecurity, identify common threats and put in place effective safeguards to secure your systems and data.
Training content
Teaching objectives
At the end of the course, participants will be able to :
- Understand the fundamental concepts of cybersecurity, the types of threats and the challenges of IT security.
- Identify common vulnerabilities and understand the attack techniques used by cybercriminals.
- Learn best practices for securing information systems and protecting data against threats.
Introduction to web cybersecurity
This module lays the foundations for understanding the fundamental concepts of cybersecurity, the types of threats and the challenges of IT security.
Topics covered
- Introduction to cybersecurity and its legal aspects
- Regulations: RGPD NIS2 HDS
- Governance and cybersecurity
- Corporate cybersecurity strategies
- ISMS and FMECA risk management
- Ethical hacking
Vulnerabilities and common attacks
This module explores common vulnerabilities and attack techniques used by cybercriminals, to raise awareness of the risks and give participants a better understanding of the threats they face.
Topics covered
- Pentester tools
- The notion of vulnerability
- The Web
- The OWASP Top 10
- Web pentest tools
- Cross-Site Scripting (XSS) vulnerabilities
- Upload vulnerabilities
- SQL injections
- System command injections
- Malware
- Example of a major vulnerability: EternalBlue (demonstration)
- Authentication and session security
- ManInTheMiddle attacks
- Active Directory misconfiguration and best practices
- Social engineering (phishing, vishing, smishing)
- WIFI security
- Cloud security
- Denial of service
Good security practices
This module aims to enable participants to learn best practices for securing information systems and protecting data against threats, with an emphasis on effective prevention and detection measures.
Topics covered
- Kernel protections
- Linux hardening
- Lack of detection and implementation of IDS-IPS
- VPN
- Lack of segmentation
- Peripheral threats
- Backup and traceability
- Data and physical security
- Forensics
- Identifying needs and risks
- SOC and SIEM
- Preventive approach and crisis management
- CERTs
- Security policy
Pedagogical approach
The training is based on a very practical approach, with :
- live demonstrations
- guided exercises
- hands-on labs
- realistic operating scenarios
Participants will work on a deliberately vulnerable application, reproducing situations encountered during real security audits.
Requirements
This course can be run either face-to-face or remotely, depending on participants' needs and constraints. Practical exercises require the use of a virtual machine or a secure laboratory environment, which will be provided to participants.
Target audience
This course is primarily aimed at developers, system administrators, security managers/IT directors and cybersecurity consultants.
Prerequisites
Basic knowledge of web development is recommended for this course.
How to access
Registration for the course can be done online or after a videoconference interview.
Access time
Access to training generally takes 2 to 4 weeks, depending on participants' availability and the organization of the session.
Accessibility
As the training is mainly distance learning, it is accessible to people with reduced mobility. In the case of face-to-face training, it will take place on premises accessible to people with reduced mobility.
Supervision
Training is provided by a cybersecurity expert with almost 10 years' experience in offensive cybersecurity.
Educational follow-up
Course materials in PDF format will be provided to learners. In addition, online cybersecurity training platforms will be used.
Follow-up
Daily online registration will be carried out to track participants' attendance.
Results tracking
At the end of the course, learners will take a multiple-choice test to validate their learning.