Web-based applications are becoming a favorite point of attack, not only because more and more companies are providing Web services, online shops, banking applications, employee portals and other interactive applications with Web frontends, but also because new methods are available for attacking and manipulating these systems.
"Extreme Hacking: Web Applications" is concerned with attacks on Web applications and the databases located behind them.
This intensive course teaches you about methods used by attackers, and both well-known and lesser-known techniques for attacking web applications and the databases and backends located behind them, all with a very practical approach enhanced by means of numerous laboratory exercises. By means of numerous exercises, we explain the theory and practice behind buzzwords such as "SQL injection", "hidden manipulation", "cross-site scripting" and many others.
Each course participant has the use of an individual notebook containing an extensive assortment of tools, making it possible to gain personal, practical experience with the attacker's point of view. The trainers carry out security audits on a regular basis, and are known as experts in the field of applications security.
Examples of the subject areas covered:
• |
Load Balancer Spotting and Fingerprinting |
• |
Proxy Spotting and Fingerprinting |
• |
Web Server Fingerprinting |
• |
Crawler |
• |
Classic Software Vulnerabilities in Web Server Services (Buffer Overflows, etc.) |
• |
Directory Listings |
• |
Vulnerabilities in the Application Logic |
• |
Command Injection |
• |
Vulnerabilities During Data Upload |
• |
Classic Software Vulnerabilities within the Application (Buffer Overflows, etc.) |
• |
Directory Traversal |
• |
SSL Man in the Middle and SSL Vulnerabilities |
• |
Systematic Password Guessing |
• |
Systematic Guessing/Predicting of Session IDs |
• |
(Advanced) Cross-Site Scripting |
• |
Session Fixation |
• |
Web Spoofing |
• |
Phishing |
• |
(Advanced) SQL Injection |
Systems covered:
Unix or Windows-based Web servers, databases, application servers, etc.
Target group:
Administrators and security officers who are not afraid to see security through the eyes of the attacker, and thus to delve very deeply into the attacker's world. It is also of interest to developers and administrators of Web servers and e-business systems.
Prerequisite:
Basic knowledge of web servers, HTTP and HTML.
Prior participation in the course "Extreme Hacking“ is helpful.
Further information www.cirosec.de.
Max. number of attendees:
15 people
Price:
2.000,– €
Date: January 21st – 22nd 2008 – the two days before IT-Defense 2008
Location:
Sofitel am Alten Wall
Alter Wall 40
20457 Hamburg
Germany |