About Us
Overview
Our Team
Partners
Contact Us
Services
Overview
Solutions
Consulting
Education
Overview
Course Description
Web Hacking
Security Assessment
Secure Coding
Defending Servers
Ethical Hacking
Buffer Overflow
Spyware
Research
Overview
Innovations
In The Public
Events & Announcements
Resources
White Papers & Articles
Advisories
Free Tools

Web Application: Attacks and Defense - Advanced Edition

Duration: 2 - 3 days

This class revolves around web application security - the problems that occur when designing and deploying a web application, and how to locate and fix security lapses, and will equip participants with extensive knowledge on investigative and assessment techniques and a variety of tools to locate and fix these security lapses.

This course is designed and developed with following objectives for security professionals

  • Web Application security issues
  • Web attacks on the rise
  • Assessment methodologies
  • Tools and Tricks
  • Web application attack vectors
  • Secure coding and defense
  • Lot of hands on challenges

Target Audience

Security consultants & professionals
Web administrators
Auditors
Application developers

Prerequisites

  • Basic familiarity with Windows & Unix systems
  • Primary understanding of networks
  • Basics of web applications

 

Course Outline

Schedule : Day 1
Module 1 Web Security Fundamentals and Principles
  • Web security trends & opportunities
  • Evolution and security issues
  • Basic security threats
  • Security players and models
  • Web application evolution
  • Web application security concerns
  • Q & A
    		•
    Module 2 Methods, Components & Protocols
  • Web application assessment methods
  • Web application components
  • Languages
  • HTTP protocol
  • Lab
    		•
    Module 3 Web Application Deployment & Security
  • Deployment issues
  • Web server configurations
  • Loopholes like directory browsing & file access
  • Web server vulnerabilities
  • Fingerprinting web servers
  • Defending deployment
  • Lab
    		•
    Module 4 Web Application Footprinting, Discovery & Profiling
  • Footprinting web application
  • Host & Domain footprinting
  • Gathering information on large networks
  • Discovering web applications
  • Profiling web applications
  • Attributes and security
  • Lab
    		•
     
    Schedule : Day 2
    Module 5 Web application attack vectors I
  • Assets to attacks mapping
  • Source code sniffing
  • Error handling & Exception management
  • Source code disclosure
  • Input validation
  • Lab
    		•
    Module 6 Web application attack vectors II
  • SQL injection
  • Malicious code injection client/server side
  • File system access
  • Session hijacking
  • XPATH injection
  • Database hacking
  • Lab
    		•
     
    Schedule : Day 3

    Module 7 Defense
  • Security controls
  • Secure coding
  • Mod Security for open source
  • Content filtering
  • Lab
    		•
    Module 8 Master Lab & Challenge


    For further information please contact us at