About us Contact us E-mail us
 

 

Home  |  Company Profile  |  Case Study
information technology
             
   

Security Services | Compliances | Training

Web Application SecurityTraining

For a Sample Security Audit
email at : mohit@aretecon.com
or call at : 09811500506

Website and web-application security is possibly today's most overlooked aspect of securing the enterprise and should be a priority in any organization. Hackers are concentrating their efforts on web-based applications - shopping carts, forms, login pages, dynamic content, etc. Web applications are
accessible 24 hours a day, 7 days a week and control valuable
data since they often have direct access to backend data such
as customer databases.

Train yourself to protect your application against any such attacks. A proposed training structure is as below.

For further information contact Mohit @ +91 9811500506

DAY 1

MAPPING THE APPLICATION

  • Profiling
  • Determining Technologies in Use
  • Dissecting a Request
  • Learning the Behaviour of the Application
  • Content discovery

BYPASSING CLIENT CONTROLS

  • Bypassing HTML Controls
  • JavaScript and VbScript
  • Java
  • ActiveX
  • Securing Client-Side Content

AUTHENTICATION VULNERABILITIES

  • Design flaws in authentication mechanisms
  • Implementation flaws in authentication
  • Securing authentication

VULNERABLE SESSION MANAGEMENT

  • Background to session management
  • Weaknesses in session token generation
  • Weaknesses in session token handling
  • Securing session management

VULNERABILITY DETECTION AND COUNTERMEASURES

  • Authentication
  • Authorization
  • SQL and XSS
  • Session Management
  • Client side
  • Web 2.0 component vulnerabilities (RSS, Mashups, Widgets etc.)
SECURING CODE

  • Input validations
  • Error handling
  • Session hardening
  • Logs and Tracing
  • Traps for hackers
  • Assembly hardening
  • Guarding application code

BROKEN ACCESS CONTROLS

  • Common vulnerabilities
  • Attacking access controls
  • Attacking access controls
  • Securing access controls
  • VULNERABILITIES - INJECTION

  • Interpreted Languages
  • SQL Injection
  • LDAP Injection
  • Command Injection
  • XML Injection

DAY 2

PATH TRAVERSAL

  • Common vulnerabilities
  • Detecting and exploiting path traversal vulnerabilities
  • Avoiding path traversal vulnerabilities

INFORMATION DISCLOSURE

  • Common vulnerabilities
  • Preventing information leakage
  • Google Hacking

ATTACKING OTHER USERS

  • Cross-Site Scripting
  • Redirection attacks
  • HTTP header injection
  • Frame injection
  • Cross-site request forgery (XSRF)
  • Session fixation
  • Attacking ActiveX controls
  • Advanced exploitation techniques

CLASSIC VULNERABILITIES

  • Classic vulnerabilities in web applications
  • Buffer overflows
  • Integer vulnerabilities
  • Format String Bugs

FLAWS IN WEB APPLICATION ARCHITECTURE

  • The Tiered Architecture
  • Shared Hosting Environments
  • Application Service Providers (ASPs)
  • Third Party Systems

WEB SERVER FLAWS

  • (Mis)Configuration
  • Web Server Vulnerabilities

A WEB APPLICATION ASSESSMENT TOOLKIT

  • Web Browsers
  • Site Spiders
  • Vulnerability Scanners
  • Local Proxies
  • Brute Forcing Tools
  • Custom Toolkits

IDENTIFYING VULNERABILITIES IN SOURCE CODE

  • Approaches to code review
  • Signatures of common vulnerabilities
  • Java
  • ASP.NET
  • PHP
  • Perl
  • SQL

ADVANCED ATTACKS AND DEFENSE

  • XPATH injection
  • XML and Schema poisoning
  • Blind SQL injection
  • XSS proxy attacks
  • Browser hijacking
  • Intranet scanning
  • Javascript exploitation