Web application cybersecurity – OWASP Top 10:2021

Objectives

This training course aims to raise awareness among system and product architects of the cybersecurity concerns, issues, constraints and challenges that can impact their current responsibilities, deliverables and day-to-day work.

  • INTRODUCTION TO CYBERSECURITY
    • Vocabulary and definition
    • Understanding the need and its evolution over time
    • The notion of “attack surface”
  • FRAMEWORKS
    • OWASP Top 10 Presentation
    • CWE Top 25 Presentation
  • VULNERABILITY ECOSYSTEM
    • CVE: Common Vulnerability Enumeration
    • CVSS: Common Vulnerability Scoring System
    • Find and report a vulnerability
  • A01:2021-FAULTY ACCESS CONTROL
    • Presentation of the vulnerability category
    • Exercise/Demo
    • Remediation/Tools
  • A02:2021-CRYPTOGRAPHIC FAILURE
    • Presentation of the vulnerability category
    • Exercise/Demo
    • Remediation/Tools
  • A03:2021-INJECTION
    • Presentation of the vulnerability category
    • Exercise/Demo
    • Remediation/Tools
  • A04:221-INSECURE DESIGN
    • Presentation of the vulnerability category
    • Exercise/Demo
    • Remediation/Tools
  • A05:2021-SECURITY MISCONFIGURATION
    • Presentation of the vulnerability category
    • Exercise/Demo
    • Remediation/Tools
  • A06:2021-VULNERABLE AND OBSOLETE COMPONENTS
    • Presentation of the vulnerability category
    • Exercise/Demo
    • Remediation/Tools
  • A07:2021-FAILED IDENTIFICATION AND AUTHENTICATION
    • Presentation of the vulnerability category
    • Exercise/Demo
    • Remediation/Tools
  • A08:2021-DATA AND SOFTWARE INTEGRITY DEFICIENCY
    • Presentation of the vulnerability category
    • Exercise/Demo
    • Remediation/Tools
  • A09:2021-INSUFFICIENT MONITORING AND LOGGING
    • Presentation of the vulnerability category
    • Exercise/Demo
    • Remediation/Tools
  • A10:2021-SERVER-SIDE REQUEST FORGERY
    • Presentation of the vulnerability category
    • Exercise/Demo
    • Remediation/Tools

No industrial safety experience required. However, knowledge of industrial systems and some notions of IT, electronics and embedded software are desirable.

  • A PC / MAC with Teams installed and unrestricted access to the Internet.

If remote :

  • Stable Internet access via Ethernet or Wi-Fi with a decent bandwidth (1.2 Mb/s minimum downstream is recommended).

This course is aimed at people interested in the design aspects of industrial architecture. Electronics enthusiasts and professionals, as well as IT security professionals (developers, architects, integrators, hardware designers, project managers).

Expert in web cybersecurity.

  • Projected PowerPoint presentation
  • Interactive web platform (Klaxoon)
  • Practical scenario of an attack on a vulnerable WEB application

Assessments at the beginning and end of the course, quizzes, etc.

5 working days before the course start date (if financed by OPCO).

A training certificate complying with the provisions of Article L.6353-1 paragraph 2 is issued to the trainee.

AMONG OUR TRAINING

Radio hacking & security of wireless technologies SDR, LoRa, Bluetooth, Wi-Fi, and GNSS

Cybersecurity and automotive compliance – UN R155 / UNR156 & ISO 21434

Contact us