Web Application SecurityTraining
As many as 70% of web sites have vulnerabilities that could lead to the theft of sensitive corporate data such as credit card information and customer lists.
Hackers are concentrating their efforts on web-based applications - shopping carts, forms, login pages, dynamic content, etc. Accessible 24/7 from anywhere in the world, insecure web pplications provide easy access to backend corporate databases.
Train yourself to protect your application against any such attacks. A proposed training structure is as below.
For further information contact Mohit @ +91 9811500506
DAY 1
MAPPING THE APPLICATION
- Profiling
- Determining Technologies in Use
- Dissecting a Request
- Learning the Behaviour of the Application
- Content discovery
BYPASSING CLIENT CONTROLS
- Bypassing HTML Controls
- JavaScript and VbScript
- Java
- ActiveX
- Securing Client-Side Content
AUTHENTICATION VULNERABILITIES
- Design flaws in authentication mechanisms
- Implementation flaws in authentication
- Securing authentication
VULNERABLE SESSION MANAGEMENT
- Background to session management
- Weaknesses in session token generation
- Weaknesses in session token handling
- Securing session management
VULNERABILITY DETECTION AND COUNTERMEASURES
- Authentication
- Authorization
- SQL and XSS
- Session Management
- Client side
- Web 2.0 component vulnerabilities (RSS, Mashups, Widgets etc.)
SECURING CODE
- Input validations
- Error handling
- Session hardening
- Logs and Tracing
- Traps for hackers
- Assembly hardening
- Guarding application code
BROKEN ACCESS CONTROLS
- Common vulnerabilities
- Attacking access controls
- Attacking access controls
- Securing access controls
- VULNERABILITIES - INJECTION
- Interpreted Languages
- SQL Injection
- LDAP Injection
- Command Injection
- XML Injection
DAY 2
PATH TRAVERSAL
- Common vulnerabilities
- Detecting and exploiting path traversal vulnerabilities
- Avoiding path traversal vulnerabilities
INFORMATION DISCLOSURE
- Common vulnerabilities
- Preventing information leakage
- Google Hacking
ATTACKING OTHER USERS
- Cross-Site Scripting
- Redirection attacks
- HTTP header injection
- Frame injection
- Cross-site request forgery (XSRF)
- Session fixation
- Attacking ActiveX controls
- Advanced exploitation techniques
CLASSIC VULNERABILITIES
- Classic vulnerabilities in web applications
- Buffer overflows
- Integer vulnerabilities
- Format String Bugs
FLAWS IN WEB APPLICATION ARCHITECTURE
- The Tiered Architecture
- Shared Hosting Environments
- Application Service Providers (ASPs)
- Third Party Systems
WEB SERVER FLAWS
- (Mis)Configuration
- Web Server Vulnerabilities
A WEB APPLICATION ASSESSMENT TOOLKIT
- Web Browsers
- Site Spiders
- Vulnerability Scanners
- Local Proxies
- Brute Forcing Tools
- Custom Toolkits
IDENTIFYING VULNERABILITIES IN SOURCE CODE
- Approaches to code review
- Signatures of common vulnerabilities
- Java
- ASP.NET
- PHP
- Perl
- SQL
ADVANCED ATTACKS AND DEFENSE
- XPATH injection
- XML and Schema poisoning
- Blind SQL injection
- XSS proxy attacks
- Browser hijacking
- Intranet scanning
- Javascript exploitation
