What to bring?
Just bring your laptop. All necessary equipment will be provided including wired/wireless network connection, tools and utilities.
As organizations learn to protect infrastructure systems better, attackers are turning their attention over to web applications and traditional firewalls or system lockdowns are simply not sufficient for protecting web application attacks. If you need to secure your web applications, are familiar with the windows and linux operating system and are experienced with hands on security tools, this two day course is for you.
This advanced, hands on, action packed course covers the principles of securing web applications and the common vulnerabilities that are leveraged by attackers as well as general defense techniques to protect against future attacks. By helping you to understand the attacks and mechanics of components that affect security of web applications, this course enables you to properly defend your web applications. For each of the common vulnerabilities, manual and automatic testing methodologies are covered to ensure you can reveal vulnerabilities in existing web applications.
This challenging course is particularly well suited to developers, application security professionals and penetration testers who have interest in web applications. With the information you learn in this class, you will be able to test existing web applications against common exploitation techniques as well as architect, design and develop more secure web applications.
Sample topics include:
- Nikkto and Apache Mod_Security
- Understanding Unicode Exploits
- Web Certificates and Secure Socket Layer
- Authentication and Application Access Control
- Session Management, Application Logs and Analysis
- General Input Validation
- Introduction to SQL Injection, Attack Samples and Database Structure
- Detecting SQL Injection
- Blind SQL Injection
- SQL Injection Mitigation and Vulnerability Testing
- Cross Site Scripting
- Phishing and Mitigations
- HTTP Response Splitting
- Credit Card Handling
What Do I Get?
You get more than just knowledge of the latest tricks and techniques. You take home the following stuff:
- Certificate of Completion
- A bootable BackTrack(tm) distribution - BackTrack is the Top rated Linux live distribution focused on penetration testing. The merging of two very popular distributions (Whax and Auditor Security Collection) has catapulted BackTrack to the #1 spot on the "Top 100 Network Security Tools" list - http://sectools.org.!
Who Should Take the Course?
If you are a web application developer, system or network administrator, security personnel, auditor, and/or consultant concerned with network and system security, then you should take this course.
Trainers:
Faiz Ahmad Shuja, CISSP, GCIH, GSEC
Faiz is a security expert and seasoned entrepreneur. He brings a tremendous amount of designing, implementing, and managing secure infrastructure expertise. He has been involved in intrusion detection/prevention systems, firewalls, honeypots/honeynets, penetration testing, vulnerability analysis, incident handing, and forensics analysis. His specific research interests include enterprise security monitoring, data analysis and security auditing. He is currently the CEO of Rewterz, which offers security consulting and managed security services. Faiz was the Senior Information Security Consultant for Cyber Internet Services (Pvt.) Ltd, Pakistan's largest ISP. The focus of his position was on information security system management and network infrastructure protection. Faiz also designed their Information Security Management System (ISMS) based on BS7799 guidelines and standards. Faiz is the Founder of Pakistan Honeynet Project, a non-profit, all-volunteer organization dedicated to Honeynet research. Pakistan Honeynet Project's goal is to learn and raise awareness about the motives and tactics of the Black Hat community targeting Pakistan's networks. Its aim is to share and dissipate knowledge about the various tools and hacker practices in use on the Internet today. Faiz is also the President of PAKCON, a non-profit organization which organizes yearly cyber security conventions in Pakistan. PAKCON is the brainchild of a group of capable security professionals who have employed their genius and aptitude to provide an overall extensive and comprehensive experience of information security in the form of a wide-ranging convention on information security. Faiz holds a Bachelors degree in Computer Science from the University of Karachi, GIAC Security Essentials (GSEC), GIAC Certified Incident Handler (GCIH) and Certified Information System Security Professional (CISSP) certifications.
Muhammad Omar Khan, CISSP
Omar has been involved in the field of information security for past four years. His core competencies include information security management and best practices, intrusion detection systems, firewalls, honeynets, vulnerability assessment and penetration testing. He also has extensive programming experience in C, C++, PHP and C#.
He is a solution-oriented security specialist with notable success directing a broad range of corporate IT initiatives while participating in planning, analysis and implementation of information security and other solutions in direct support of business objectives. Omar is currently the CTO of Rewterz, which offers security consulting and managed security services. Prior to joining Rewterz, he was System Security Engineer for Cyber Internet Services (Pvt.) Ltd, Pakistan's largest ISP. Omar holds a Bachelors degree in Computer Science from Sir Syed University of Engineering and Technology and Certified Information System Security Professional (CISSP) certification. He is also an active member of Pakistan Honeynet Project and PAKCON.
Muhammad Ahmed Siddiqui, CISSP
Ahmed has been involved in the field of information security for past four years now and has extensive experience in penetration testing, application vulnerability assessment, exploit coding and vulnerability research. He also has broad programming experience in C, VB, ASP, ASP .NET, Java and HTML.
Ahmed is currently working as Chief Architect at Rewterz, which offers security consulting and managed security services. Ahmed is the lead developer of Rewterz's managed security services' platform, Spleen. Ahmed holds a Bachelors degree in Computer Science from Sir Syed University of Engineering and Technology and Certified Information System Security Professional (CISSP) certification. He is also an active member of Pakistan Honeynet Project and PAKCON.
Course Length:
Two days. All course materials, lunch and two tea breaks will be provided. A Certificate of Completion will be offered.
|
