Train together, save more! 10% off individual registration, 20% off for pairs.
J'en profite ×
(+212) 6 60 10 42 56
Log in
Forgot password

Or create your account

You have just added to your selection
Your cart is empty, See our trainings
Our trainings

Description

Intrusion on company servers represents a major risk. It is essential to understand and apply the technologies and products to provide a sufficient level of security to deployed applications and more particularly to risky applications such as extranet services and messaging. Resolutely pragmatic, this course will provide you with the keys to protecting an online service based on concrete examples of attacks and appropriate responses.

Who is this training for ?

For whom ?

Network and systems administrators, Webmaster.

Prerequisites

Training objectives

Training program

  • Introduction
    • - Analysis of the exam themes.
    • - Suggested methods.
    • - Practice network slicing.
    • - Build troubleshooting skills based on scenarios.
    • - Scenario Intensive test session in conditions similar to the exam with collective use of the results.
  • Constituents of a web application
    • - The elements of an N-tier application.
    • - The HTTP front-end server, its role and its weaknesses.
    • - The intrinsic risks of these components.
    • - The major players in the market.
  • The HTTP protocol in detail
    • - TCP, HTTP, persistence and pipelining callbacks.
    • - The GET, POST, PUT, DELETE, HEAD and TRACE PDUs.
    • - Header fields , status codes 1xx to 5xx.
    • - Redirection, virtual host, proxy caching and tunneling.
    • - Cookies, attributes, associated options.
    • - The authentications (Basic, Improved Digest.
    • - ).
    • - http acceleration, proxy, Web balancing.
    • - Protocol attacks HTTP Request Smuggling and HTTP Response splitting .
    • - Practical work Installation and use of the Wireshark network analyzer.
    • - Using a specific HTTP analysis proxy.
  • Web application vulnerabilities

    - n'as pas encore du programme

  • The network firewall in the protection of HTTP applications

    - n'as pas encore du programme

  • Securing flows with SSL/TLS
    • - Reminders of the cryptographic techniques used in SSL and TLS.
    • - Manage your server certificates, the X509 standard.
    • - What does the new X509 EV certificate provide? Which certification authority to choose? SSL flow capture and analysis techniques.
    • - The main flaws in X509 certificates.
    • - Using a reverse proxy to SSL acceleration.
    • - The benefits of HSM crypto hardware cards.
    • - Practical work Implementation of SSL under IIS and Apache.
    • - Attacks on HTTPS streams with sslstrip and sslsnif.
  • System and software configuration
    • - The default configuration, the major risk.
    • - Rules to follow when installing an operating system.
    • - Linux or Windows.
    • - Apache or IIS? How to configure Apache and IIS for optimal security? The case of Middleware and the database.
    • - Vs.
    • - D.
    • - S.
    • - (Vulnerability Detection System).
    • - Practical work Web front-end security procedure (Apache or IIS ).
  • Principle of secure development
    • - Development security, what budget? Security in the development cycle.
    • - The role of client-side code, security or ergonomics? Control of the data sent by the customer.
    • - Fight against "Buffer Overflow" type attacks.
    • - The development rules to respect.
    • - How to fight against risks residuals: Headers, malformed URL, Cookie Poisoning.
    • - ?
  • User authentication
    • - Authentication via HTTP: Basic Authentication and Digest Authentication or by the application (HTML form).
    • - Strong authentication: X509 client certificate, SecurID Token, Mobilegov digital DNA.
    • - Other software authentication techniques: CAPTCHA, Keypass, etc.
    • - Password attacks: sniffing, brute force, phishing, keylogger.
    • - Attack on session numbers (session hijacking) or on cookies (cookie poisoning).
    • - Attack on HTTPS authentications (fake server, sslsniff, X509 certificate exploit.
    • - ) .
    • - Practical work "Man in the Middle" attack on user authentication and session theft (session hijacking).
  • The “application” firewall
    • - Reverse-proxy and application firewall, details of the functionalities.
    • - What are the contributions of the application firewall to the security of websites? Insert an application firewall on a system in production .
    • - Market players.
    • - Practical work Implementation of an application firewall.
    • - Security policy management.
    • - Attacks and results.
  • 960
  • 21 h

Submit your review

Training in our centers
Reference
PL-62
Duration
3 Days ( 21 hrs)
Request a quote
Training in your company
Reference
PL-62
Duration
3 Days ( 21 h)
Request a quote
On-demand training

Interested in this topic? Our experts design your customized training!

Contact us
Translated By Google Translate