What to bring:
Just bring your laptop. All necessary equipment will be provided
including wired/wireless network connection, tools and utilities.
As organizations learn to protect infrastructure systems better,
attackers are turning their attention over to web applications and
traditional firewalls or system lockdowns are simply not sufficient for
protecting web application attacks. If you need to secure your web
applications, are familiar with the windows and linux operating system
and are experienced with hands on security tools, this two day course is
for you.
This advanced, hands on, action packed course covers the
principles of securing web applications and the common vulnerabilities
that are leveraged by attackers as well as general defense techniques to
protect against future attacks. By helping you to understand the attacks
and mechanics of components that affect security of web applications,
this course enables you to properly defend your web applications. For
each of the common vulnerabilities, manual and automatic testing
methodologies are covered to ensure you can reveal vulnerabilities in
existing web applications.
This challenging course is particularly well suited to developers,
application security professionals and penetration testers who have
interest in web applications. With the information you learn in this
class, you will be able to test existing web applications against common
exploitation techniques as well as architect, design and develop more
secure web applications.
- Sample Topics
- Nikkto and Apache Mod_Security
- Understanding Unicode Exploits
- Web Certificates and Secure Socket Layer
- Authentication and Application Access Control
- Session Management, Application Logs and Analysis
- General Input Validation
- Introduction to SQL Injection, Attack Samples and
Database Structure
- Detecting SQL Injection
- Blind SQL Injection
- SQL Injection Mitigation and Vulnerability Testing
- Cross Site Scripting
- Phishing and Mitigations
- HTTP Response Splitting
- Credit Card Handling
What Do I Get?
You get more than just knowledge of the latest tricks and
techniques. You take home the following stuff:
- Certificate of Completion
- Our customized VMware image
loaded with security tools that will be discussed in training.
- A bootable BackTrack(tm)
distribution - BackTrack is the Top rated Linux live
distribution focused on penetration testing. The merging of two
very popular distributions (Whax and Auditor Security
Collection) has catapulted BackTrack to the #1 spot on the "Top
100 Network Security Tools" list -
http://sectools.org.!
Who Should Take the Course?
If you are a web application developer, system or
network administrator, security personnel, auditor, and/or
consultant concerned with network and system security, then you
should take this course.
Trainers:
Faiz Ahmad Shuja, CISSP, GCIH,
GSEC
A security expert and seasoned entrepreneur, Faiz Ahmad Shuja is Founder
and CEO of rewterz. He brings a tremendous amount of designing,
implementing, and managing secure infrastructure expertise. In his current
role, he is responsible for overall management and guiding the rewterz'
strategy. Prior to this role, Faiz worked as Senior Information Security
Consultant for Cyber Internet Services (Pvt.) Ltd, Pakistan 's largest ISP.
The focus of his position was on information security management and network
infrastructure protection.
In 2003, Faiz founded Pakistan Honeynet Project, a non-profit,
all-volunteer organization dedicated to Honeynet research. Pakistan Honeynet
Project's goal is to learn and raise awareness about the motives and tactics
of the Black Hat community targeting Pakistan 's networks. Its aim is to
share and dissipate knowledge about the various tools and hacker practices
in use on the Internet today. Pakistan Honeynet Project is member of The
Honeynet Project's Research Alliance.
In 2004, Faiz founded PAKCON, a non-profit organization which organizes
yearly cyber security conventions in Pakistan . PAKCON is the brainchild of
a group of capable security professionals who have employed their genius and
aptitude to provide an overall extensive and comprehensive experience of
information security in the form of a wide-ranging convention on information
security.
Faiz holds a Bachelors degree in Computer Science from the University of
Karachi, GIAC Security Essentials Certification (GSEC), GIAC Certified
Incident Handler Certification (GCIH) and Certified Information Systems
Security Professional (CISSP). He has spoken at various conferences and
organizations, including US NSA (National Security Agency), ISS World,
PAKCON, IEEE, and more.
Muhammad Omar Khan, CISSP
Muhammad Omar Khan brings a tremendous amount of information security
management expertise to his role as the Chief Technology Officer. In this
role, Omar is responsible for all aspects of service delivery including
security operations, development and infrastructure. Prior to joining
rewterz, Omar worked for Pakistan 's largest Internet Service Provider,
CYBERNET. Omar earned a Bachelor's degree in Computer Science from Sir Syed
University of Engineering and Technology and Certified Information Systems
Security Professional (CISSP) certification.
Muhammad Ahmed Siddiqui, CISSP
Muhammad Ahmed Siddiqui brings a tremendous amount of penetration
testing, application security assessment, exploit coding, vulnerability
research and secure application development experience to his role as the
Chief Architect. In this role, Ahmed is responsible for managing product
development and implementation, and quality assurance. He is an active
security researcher and has published several security advisories. Ahmed
holds a bachelor's degree in Computer Science from Sir Syed University of
Engineering and Technology and Certified Information Systems Security
Professional (CISSP) certification.
Register Now
Three
days. All course materials, lunch and two tea breaks
will be provided. A Certificate of Completion will
be offered.
