No industrial safety experience required. However, knowledge of industrial systems and some notions of IT, electronics and embedded software are desirable.

• A PC / MAC with Teams installed and unrestricted access to the Internet.

If remote :

• Stable Internet access via Ethernet or Wi-Fi with a decent bandwidth (1.2 Mb/s minimum downstream is recommended).

This course is aimed at people interested in the design aspects of industrial architecture. Electronics enthusiasts and professionals, as well as IT security professionals (developers, architects, integrators, hardware designers, project managers).

This training course aims to raise awareness among system and product architects of the cybersecurity concerns, issues, constraints and challenges that can impact their current responsibilities, deliverables and day-to-day work.

Expert in web cybersecurity.

• Projected PowerPoint presentation
• Interactive web platform (Klaxoon)
• Practical scenario of an attack on a vulnerable WEB application

Assessments at the beginning and end of the course, quizzes, etc.

A training certificate complying with the provisions of Article L.6353-1 paragraph 2 is issued to the trainee.

5 working days before the course start date (if financed by OPCO).

INTRODUCTION TO CYBERSECURITY

• Vocabulary and definition
• Understanding the need and its evolution over time
• The notion of “attack surface”

FRAMEWORKS

• OWASP Top 10 Presentation
• CWE Top 25 Presentation

VULNERABILITY ECOSYSTEM

• CVE: Common Vulnerability Enumeration
• CVSS: Common Vulnerability Scoring System
• Find and report a vulnerability

A01:2021-FAULTY ACCESS CONTROL

• Presentation of the vulnerability category
• Exercise/Demo
• Remediation/Tools

A02:2021-CRYPTOGRAPHIC FAILURE

• Presentation of the vulnerability category
• Exercise/Demo
• Remediation/Tools

A03:2021-INJECTION

• Presentation of the vulnerability category
• Exercise/Demo
• Remediation/Tools

A04:221-INSECURE DESIGN

• Presentation of the vulnerability category
• Exercise/Demo
• Remediation/Tools

A05:2021-SECURITY MISCONFIGURATION

• Presentation of the vulnerability category
• Exercise/Demo
• Remediation/Tools

A06:2021-VULNERABLE AND OBSOLETE COMPONENTS

• Presentation of the vulnerability category
• Exercise/Demo
• Remediation/Tools

A07:2021-FAILED IDENTIFICATION AND AUTHENTICATION

• Presentation of the vulnerability category
• Exercise/Demo
• Remediation/Tools

A08:2021-DATA AND SOFTWARE INTEGRITY DEFICIENCY

• Presentation of the vulnerability category
• Exercise/Demo
• Remediation/Tools

A09:2021-INSUFFICIENT MONITORING AND LOGGING

• Presentation of the vulnerability category
• Exercise/Demo
• Remediation/Tools

A10:2021-SERVER-SIDE REQUEST FORGERY

• Presentation of the vulnerability category
• Exercise/Demo
• Remediation/Tools

• Date sur demande, toute l'année (Remote learning)