Back

Web Application Security Angular/Spring OWASP Top 10:2021

  • Cybersecurity

Objectives

This training aims to raise awareness among teams about secure development issues, to provide employees with secure development best practices, while highlighting the risks associated with poor practices, and teaching how to secure your code.

DAY 1

Essential Concepts

  • Key Concepts in Cybersecurity:
    • Availability, Integrity, Confidentiality (AIC)
    • Risk Assessment
  • Glossary: CVE, CWE, CVSS

Overview of Web Application Security

  • Causes of Vulnerabilities in Web Applications
  • Differences Between:
    • Security Audit
    • Vulnerability Scan
    • Penetration Testing (Pentest)
  • Key Steps in a Pentest

The Main Vulnerabilities

  • TOP 25 CWE
  • TOP 10 OWASP

Source Code Audit

  • Identification and Detection of Specific Vulnerabilities
  • OWASP Approach to Secure Development

 

DAY 2

Security Measures in Spring

  • Introduction to Spring Security
  • Secure Password Management
  • Authorization and Authentication
  • Protection Against Common Exploits
  • Secure Integrations

Security Measures in Angular

  • Prevention of XSS Attacks
  • Protection Against HTTP Vulnerabilities
  • Implementation of Specific Security Measures

OWASP TOP 10 Proactive Controls

  • Presentation of Proactive Controls for Secure Development

Security in the Software Development Life Cycle

  • Integration of Best Security Practices Throughout the Security in the Software Development Life Cycle

Use of Security Testing Tools

  • Presentation and Use of Tools Dedicated to Application Security

Knowledge of Angular/Spring application development, as well as basic IT and networking concepts, is recommended.

For remote sessions:

  • A stable internet connection via Ethernet or Wi-Fi with a decent speed (a minimum download speed of 1.2 Mb/s is recommended).
  • A PC or Mac with Microsoft Teams installed and unrestricted internet access.

This training is intended for individuals interested in web application security. It is suitable for both enthusiasts and professionals in development, as well as IT security professionals (developers, integrators, designers, project managers).

Web Application Cybersecurity Expert

  • Projected PowerPoint presentation
  • Interactive web platform (Klaxoon)
  • Practical attack/defense scenario on a connected mini-factory

Assessments at the beginning and end of the course, quizzes, etc.

5 working days before the course start date (if financed by OPCO).

A training certificate complying with the provisions of Article L. 6353-1 paragraph 2 is issued to the trainee.

For all information and registrations
Contact us
  • Available all year.
  • 2 days
  • On request
Download the training catalogue
Share
Our SERMA Academy training catalog is managed by our subsidiary SERMA Technologies, certified Qualiopi for the category of action: Training actions.

I subscribe to the training newsletter

AMONG OUR TRAINING

  • Cybersecurity

Cybersecurity and compliance rail – TS 50701
  • Cybersecurity

Cybersecurity of embedded systems and connected objects

Contact us

    Sign up for 

    our newsletter

      Linkedin Youtube
      • HEAD OFFICE
        14 Rue Galilée - CS10055
        33615 Pessac - France
        +33 (0)5 57 26 08 88

      © 2024 SERMA GROUP – Terms and ConditionsData protection policy