Web-based applications are becoming a favorite point of attack, not only because more and more companies are providing Web services, online shops, banking applications, employee portals and other interactive applications with Web frontends, but also because new methods are available for attacking and manipulating these systems.

"Extreme Hacking: Web Applications" is concerned with attacks on Web applications and the databases located behind them.

This intensive course teaches you about methods used by attackers, and both well-known and lesser-known techniques for attacking web applications and the databases and backends located behind them, all with a very practical approach enhanced by means of numerous laboratory exercises. By means of numerous exercises, we explain the theory and practice behind buzzwords such as "SQL injection", "hidden manipulation", "cross-site scripting" and many others.

Each course participant has the use of an individual notebook containing an extensive assortment of tools, making it possible to gain personal, practical experience with the attacker's point of view. The trainers carry out security audits on a regular basis, and are known as experts in the field of applications security.

Examples of the subject areas covered:

Systems covered:
Unix or Windows-based Web servers, databases, application servers, etc.

Target group:
Administrators and security officers who are not afraid to see security through the eyes of the attacker, and thus to delve very deeply into the attacker's world. It is also of interest to developers and administrators of Web servers and e-business systems.

Prerequisite:
Basic knowledge of web servers, HTTP and HTML.
Prior participation in the course "Extreme Hacking“ is helpful.

Further information www.cirosec.de.

Max. number of attendees: 15 people

Price: 2.000,– €

Date: January 21st – 22nd 2008 – the two days before IT-Defense 2008