Back to All Events

Ultimate Web Hacking (One Day Edition)


  • secwest.net Vancouver Canada (map)

Description

With every web application that an organization brings online or e-business that goes live, malicious hackers are waiting to attack. This class provides students with the knowledge and tools to identify known and unknown vulnerabilities, develop countermeasures, and perform ongoing assessments of these web applications. In a hands-on setting, Ultimate Web Hacking instructors offer demonstrations on how attackers can access corporate information with little more than a web browser.

Also in this class, the students will learn strategic, tactical and operational countermeasures to prevent hackers from exploiting web-based applications, security considerations unique to secure web applications, thorough knowledge of popular web application and infrastructure vulnerabilities including SQL injection, cross site scripting, authentication/authorization issues and session management weaknesses.

Who Should Take This Class

System and network administrators, security personnel, auditors, consultants, and/or web designers concerned with web security should take this course. Basic UNIX and Windows competency is required for the course to be fully beneficial.

Exercises

All topics are supported by hands-on exercises specifically designed to increase knowledge retention. Classroom exercises provide the basic hands-on experience needed to secure web applications and internet facing software.

Course Materials

  • Class handouts

  • Foundstone authored book

  • Foundstone t-shirt

  • Free Tools CD with course tools and scripts

Topic

  • Introduction to Web applications

  • Profiling the environment

  • Finding vulnerabilities in configuration management

  • Parameter manipulation

  • Breaking authentication and user management

  • Breaking session management

  • Data validation attacks like:

    • Cross site scripting

    • Cross site request forgery

    • SQL Injection

    • File system traversal

  • Data protection issues

  • Other grab bag topics

Prerequisite Knowledge

  • Working knowledge of Windows or Unix Operating Systems and command-line tools

  • Working knowledge of HTTP, SSL and related protocols

  • Working knowledge of shell scripts, SQL, Perl and javascript

 

Instructor: Mike Andrews

No bio