CanSecWest Vancouver 2011

Site menu:

Register | Conference | Dojo | Speakers | Agenda | Past Events | Hotel & Travel | Contact

Security Masters Dojo

Advanced and intermediate security training and technology enhancement for information security professionals.

Course: Ultimate Web Hacking (1 day edition)

Instructor:
Mike Andrews (Foundstone, a division of McAfee)

Register for this course.

Description

With every web application that an organization brings online or e-business that goes live, malicious hackers are waiting to attack. This class provides students with the knowledge and tools to identify known and unknown vulnerabilities, develop countermeasures, and perform ongoing assessments of these web applications. In a hands-on setting, Ultimate Web Hacking instructors offer demonstrations on how attackers can access corporate information with little more than a web browser.

Also in this class, the students will learn strategic, tactical and operational countermeasures to prevent hackers from exploiting web-based applications, security considerations unique to secure web applications, thorough knowledge of popular web application and infrastructure vulnerabilities including SQL injection, cross site scripting, authentication/authorization issues and session management weaknesses.

Who Should Take This Class

System and network administrators, security personnel, auditors, consultants, and/or web designers concerned with web security should take this course. Basic UNIX and Windows competency is required for the course to be fully beneficial.

Exercises

All topics are supported by hands-on exercises specifically designed to increase knowledge retention. Classroom exercises provide the basic hands-on experience needed to secure web applications and internet facing software.

PREREQUISITE WARNING Each class has prerequisites for software loads and a laptop is mandatory. These individual class guides will list material the students are expected have knowledge about coming in and software tools that need to be pre-installed before attending so you get the maximum benefit from the focused intermediate or advanced level course. Please pay particular attention to the prerequisites, as the material listed there will not be reviewed in the courses, and will be necessary to get the maximum benefit out of these educational programs.

Course Materials

• Class handouts
• Foundstone authored book
• Foundstone t-shirt
• Free Tools CD with course tools and scripts

Topic

• Introduction to Web applications
• Profiling the environment
• Finding vulnerabilities in configuration management
• Parameter manipulation
• Breaking authentication and user management
• Breaking session management
• Data validation attacks like:
• Cross site scripting
• Cross site request forgery
• SQL Injection
• File system traversal
• Data protection issues
• Other grab bag topics

Prerequisite Knowledge

• Working knowledge of Windows or Unix Operating Systems and command-line tools
• Working knowledge of HTTP, SSL and related protocols
• Working knowledge of shell scripts, SQL, Perl and javascript

Sponsors:

More Information:

Sponsorship Information | Valid XHTML | Valid CSS

Wise words:

"Sen Sen No Waza - to strike the opponent after he has formed the intention to attack and has committed to a specific motion."

Copyright © dragostech.com inc. All Rights Reserved.