Description of this training course
This immersive training course will give you the skills you need to identify, analyze and correct web vulnerabilities. You'll learn how to exploit security flaws in the most common web applications within a legal and ethical framework, thanks to a combination of theoretical courses and practical work in secure environments.
Training content
Teaching objectives
At the end of the course, participants will be able to :
- Understand the basics of web cybersecurity and the issues related to web applications.
- Identify and understand the main web vulnerabilities
- Propose corrective measures and best practices to secure web applications.
- Gain practical experience in web pentesting.
Introduction to web cybersecurity
This first part lays the foundations for understanding how an application security audit works, and the context in which pentesting takes place.
Topics covered
- Introduction to cybersecurity and its legal aspects
- Ethical hacking
- Web pentest tools
- OWASP Top 10
Web vulnerabilities
This section is the heart of the course. Participants will learn to identify, understand and exploit the major vulnerabilities described in the OWASP Top 10 and beyond.
Topics covered
- SQL injections
- System command injections
- File upload vulnerabilities
- Authentication and sessions
- Cross Site Scripting (XSS)
- User rights
- Security configuration issues
- Disclosure of sensitive and technical information
- Logical vulnerabilities
- Race Conditions
- File inclusion and path traversal (LFI/RFI)
- Cross Site Request Forgery (CSRF)
- Open Redirection
- Vulnerable components
- Server side templates injections (SSTI)
- Host Headers poisoning
- Securing a REST API
- JWT vulnerabilities
- CORS misconfigurations
- GraphQL vulnerabilities
Teaching approach
The training is based on a very practical approach, with :
- live demonstrations
- guided exercises
- hands-on labs
- realistic operating scenarios
Participants will work on a deliberately vulnerable application, reproducing situations encountered during real security audits.
Requirements
This course can be run either face-to-face or remotely, depending on participants' needs and constraints. Practical exercises require the use of a virtual machine or a secure laboratory environment, which will be provided to participants.
Target audience
This course is primarily aimed at developers, system administrators, security managers/IT directors and cybersecurity consultants.
Prerequisites
Basic knowledge of web development is recommended for this course.
How to access
Registration for the course can be done online or after a videoconference interview.
Access time
Access to training generally takes 2 to 4 weeks, depending on participants' availability and the organization of the session.
Accessibility
As the training is mainly distance learning, it is accessible to people with reduced mobility. In the case of face-to-face training, it will take place on premises accessible to people with reduced mobility.
Supervision
Training is provided by a cybersecurity expert with almost 10 years' experience in offensive cybersecurity.
Educational follow-up
Course materials in PDF format will be provided to learners. In addition, online cybersecurity training platforms will be used.
Follow-up
Daily online registration will be carried out to track participants' attendance.
Results tracking
At the end of the course, learners will take a multiple-choice test to validate their learning.
FAQ
What tools will I use during the course?
The course will involve you in the use of industry-standard web pentest tools, such as Burp Suite, SQLMap, Kali Linux and other open-source tools.
What will I leave with at the end of the course?
The full course material in PDF format will be provided, as well as additional resources to continue your learning.
How practical is the training?
Yes, the course is hands-on, with numerous exercises and pentesting sessions in secure environments.