Arete Software (Securing IT)
Contact us
Portfolio Clients Partners Contact us About us Careers
Arete InfoSec Arete Consultant Pvt. Ltd Arete Innovation & Incubation Centre Arete InfoSec Arete Consultant Pvt. Ltd Arete Innovation & Incubation Centre
space
    Government
    Popular Courses
    Corporate
    Professionals
    Students
 

Home » Info Security Training » Web Defenses

Web Defenses

DAY 1

Morning Session

MAPPING THE APPLICATION

  • Profiling
  • Determining Technologies in Use
  • Dissecting a Request
  • Learning the Behaviour of the Application
  • Content discovery

BYPASSING CLIENT CONTROLS

  • Bypassing HTML Controls
  • JavaScript and VbScript
  • Java
  • ActiveX
  • Securing Client-Side Content

AUTHENTICATION VULNERABILITIES

  • Design flaws in authentication mechanisms
  • Implementation flaws in authentication
  • Securing authentication

VULNERABLE SESSION MANAGEMENT

  • Background to session management
  • Weaknesses in session token generation
  • Weaknesses in session token handling
  • Securing session management


Post Lunch Session

Vulnerability Detection and Countermeasures

  • Authentication
  • Authorization
  • SQL and XSS
  • Session Management
  • Client side
  • Web 2.0 component vulnerabilities (RSS, Mashups, Widgets etc.)
  • Etc.

Securing Code

  • Input validations
  • Error handling
  • Session hardening
  • Logs and Tracing
  • Traps for hackers
  • Assembly hardening
  • Guarding application code

BROKEN ACCESS CONTROLS

  • Common vulnerabilities
  • Attacking access controls
  • Attacking access controls
  • Securing access controls

VULNERABILITIES - INJECTION

  • Interpreted Languages
  • SQL Injection
  • LDAP Injection
  • Command Injection
  • XML Injection


DAY 2

Morning Session

PATH TRAVERSAL

  • Common vulnerabilities
  • Detecting and exploiting path traversal vulnerabilities
  • Avoiding path traversal vulnerabilities

INFORMATION DISCLOSURE

  • Common vulnerabilities
  • Preventing informati on leakage
  • Google Hacking

ATTACKING OTHER USERS

  • Cross-Site Scripting
  • Redirection attacks
  • HTTP header injection
  • Frame injection
    Cross-site request forgery (XSRF)
  • Session fixation
  • Attacking ActiveX controls
  • Advanced exploitation techniques

CLASSIC VULNERABILITIES

  • Classic vulnerabilities in web applications
  • Buffer overflows
  • Integer vulnerabilities
  • Format String Bugs

FLAWS IN WEB APPLICATION ARCHITECTURE

  • The Tiered Architecture
  • Shared Hosting Environments
  • Application Service Providers (ASPs)
  • Third Party Systems

WEB SERVER FLAWS

  • (Mis)Configuration
  • Web Server Vulnerabilities


Post Lunch Session

A WEB APPLICATION ASSESSMENT TOOLKIT

  • Web Browsers
  • Site Spiders
  • Vulnerability Scanners
  • Local Proxies
  • Brute Forcing Tools
  • Custom Toolkits

IDENTIFYING VULNERABILITIES IN SOURCE CODE

  • Approaches to code review
  • Signatures of common vulnerabilities
  • Java
  • ASP.NET
  • PHP
  • Perl
  • SQL

Advanced attacks and defense

  • XPATH injection
  • XML and Schema poisoning
  • Blind SQL injection
  • XSS proxy attacks
  • Browser hijacking
  • Intranet scanning
  • Javascript exploitation

Top
   Home  |  Software Development  |  Info Security Products  |  Info Security Service  |  Info Security Training  |  Portfolio  |  Clients  |  Partners  |  Contact us  |  About us   |  Sitemap
   @ copyright 2010 Arete Software. All rights reserved.Terms of use  |  XML-Sitemap  |  An ISO 9001:2008 Certified CompanyW3C Verified Verified CSSProtected by Copyscape Plagiarism Checker - Do not copy content from this page.