IT security audit
about  |  news  |  services  |  careers  |  contacts  |  clients  |  partners Russian version  |  Site map

Contacts

Belarus: Tel: +(375 17) 2169118
UAE: Tel: +(971 26) 457670
Switzerland: Tel: +(412 27) 432087
E-mail: Send message



Web audit

Hacking Web Applications

Web applications are the new frontier of hacking. With this is mind, Hands-on Hacking – Web Applications has been created for IT professionals who wish to understand what really happens whenever an attack is perpetrated to any web architecture component and which vulnerabilities are exploited. The course offers an effective and complete perspective on logical security issues with a focus on web applications.

Training Overview

This course is targeted at IT professionals who wish to delve deeply into the latest security threats and most advanced techniques used by malicious hackers today to compromise web-based architectures – firewall, webserver, middleware, applications, databases. The goals? ID theft, just to mention one… The course offers a set of live simulations and live labs featuring a variety of missions on proprietary targets.

Who Should Attend?

  • IT managers
  • IT security specialists
  • Security officers
  • Software engineers
  • Network administrators
  • Individuals and enthusiasts interested in this topic

Course Contents

An intensive 2-day course covering the following topics:
  • Attacks Profiling: Statistics on Web Server Attacks
  • HTTP Protocol Basics
  • Web Server Structure
  • Classification of Web Application Attacks
    • Authentication
    • Authorization
    • Command Execution
    • Client-side Attacks
    • Information Disclosure
    • Logical Attacks
  • Collecting Information on Our Target: Search Engine Power (Live Session!)
  • Cross Site Scripting in Depth (Live Session!)
    Learn how a technique, considered by some as
    banal, allows in fact attackers to obtain surprising
    results. But also learn how to avoid XSS attacks…
  • Cookie Manipulation (cURL and Mozilla Firefox) (Live Session!)
  • Backdoors with Javascript
    How to install backdoors using Javascript
  • Remote Files Reading/Inclusion
  • Common Errors in PHP Applications
  • Other Vulnerabilties
    • Execution of arbitrary code
    • Execution of commands
    • File disclosure
    • Live session
  • SQL Injection (simple, blind, advanced)
    Attacking a system using SQL vulnerabilities:
    Form, bypassing, Database dump, others.
    Live session
  • Cross Site Request Forgery (CSRF/XSRF)
  • Encoding Attacks
    Bypassing IDS and filtering
  • Other Vulnerabilties
    • AJAX
    • XPath Injection
    • LDAP Injection
  • HTTP Response Splitting
    How to modify HTTP packets content
  • The DON’Ts of Web Developing

What You Will Learn

  • Typical techniques used to attack web architecture components.
  • How to think like a hacker to protect your web-based architecture.
  • How misconfigured web applications impact heavily on security.

Course Style: Live Hacking! Duration

2 days

Prerequisites

Basic programming skills are desirable.





Education Affiliate Provider

© 2006-2008 JLLC Belsec - IT-Security audit