Vaadata training courses are for people who work in all levels of the company (technical and non-technical profiles). They help the company's staff to understand the viewpoint of the attacker in order to better protect themselves against hackers.
All courses are given by our security experts. We share with you our passion for offensive security in order to make you aware of the real risks. Training is a tool for going further after a security audit. It makes your staff more autonomous on security topics.
Technical training enables development staff to better understand the mechanisms of various security flaws, to learn how to use the tools to detect these flaws, or to better take security into account in the software development cycle.
Non-technical training makes all employees aware of the risks and good practices. Some of these courses may be for specific profiles: for example, project leaders, or the executive committee.
All courses are designed to be as interactive and as much fun as possible, including: demonstrations of attacks, team brainstorming, using security tools, challenges, etc.
Training is provided in French and English.
Aim: To know how to detect the most common security flaws in Web applications (OWASP Top 10).
Content: Introduction to the flaws of the Web, OWASP Top 10, Pentest methodology, Pentest tools, Practical workshop for finding flaws in a Web application (using a test environment that is made available).
Duration: 1 day (7 hours)
People concerned: Technical staff working on Web development
Prerequisites: Skills in back-end Web development (PHP, C#, J2ee, Ruby, Python, etc)
Aim: To know how to detect the most common security flaws in Web applications (OWASP Top 10), to identify logic flaws, and to integrate security at each step of the SDLC.
Content: Introduction to Web flaws, OWASP Top 10, Pentest Methodology, Pentest Tools, Practical workshop for finding flaws in a Web application (using a test environment that is made available), Using Burp, Logic flaws, Workshop for finding logic flaws in a workflow, SDLC, Workshop for finding security specifications, Test automation, Management of third-party components
Duration: 3 days (21 hours)
People concerned: Technical staff working on Web development & QA
Prerequisites: Skills in back-end Web development (PHP, C#, J2ee, Ruby, Python, etc)
Aim: Training in pentests, acquiring knowledge and methods for performing security audits of Web and mobile applications, becoming a specialist on security issues in a development team.
Content: Pentest methodology and tools, Types of vulnerabilities, HTTP, Javascript and Python, Reconnaissance, Mapping, Semi-automated tools, Burp Suite, Manual tests, Retrieving sensitive data, Exploitation and loopback, Link between tools, Logic flaws, Specific applications , Cryptography, Specific tools for mobile applications, Application filters and firewalls.
Duration: 5 days (35 hours)
People concerned: Web development specialists with a specific interest in security (who plan to become an in-house specialist on security topics)
Prerequisites: Skills in back-end Web development (PHP, C#, J2ee, Ruby, Python, etc)
Aim: To understand the basics of Web security so that you can lead a project that incorporates security issues, understand the vocabulary involved, and interpret security audit reports.
Content: Introduction to the functioning of the Web and its flaws, The viewpoint of the attacker, Types of vulnerabilities, Demonstrations of attacks, Operation of a security audit, Vocabulary of Web security
Duration: 1 day (7 hours)
People concerned: Project leaders, Technical project managers, Digital marketing managers, Chief digital officer, etc.
Prerequisites: Basic technical knowledge of the Web
Aim: To understand how social engineering attacks work, in order to respond appropriately to protect the company
Content: Introduction to Social Engineering, A company’s fingerprint, Phishing, Spear phishing, Voice phishing, Clones, Malware, Impersonation, Appropriate reactions after an Incident
Duration: 1 day (7 hours)
People concerned: All categories of staff
Prerequisites: Work in a public or private company