PROGRAMM
VERANSTALTUNGSORT
REGISTRATION / FEES
HACKING TRAINING
ANMELDUNG
KONTAKT/IMPRESSUM
 
IT-DEFENSE
 
     
 
HACKING EXTREME WEB APPLICATIONS – SPECIAL EDITION
   

Web-based applications are becoming a favorite point of attack, not only because more and more companies are providing Web services, online shops, banking applications, employee portals and other interactive applications with Web frontends, but also because new methods are available for attacking and manipulating these systems.

"Extreme Hacking: Web Applications" is concerned with attacks on Web applications and the databases located behind them.

This intensive course teaches you about methods used by attackers, and both well-known and lesser-known techniques for attacking web applications and the databases and backends located behind them, all with a very practical approach enhanced by means of numerous laboratory exercises. By means of numerous exercises, we explain the theory and practice behind buzzwords such as "SQL injection", "hidden manipulation", "cross-site scripting" and many others.

Each course participant has the use of an individual notebook containing an extensive assortment of tools, making it possible to gain personal, practical experience with the attacker's point of view. The trainers carry out security audits on a regular basis, and are known as experts in the field of applications security.

Examples of the subject areas covered:

Load Balancer Spotting and Fingerprinting
Proxy Spotting and Fingerprinting
Web Server Fingerprinting
Crawler
Classic Software Vulnerabilities in Web Server Services (Buffer Overflows, etc.)
Directory Listings
Vulnerabilities in the Application Logic
Command Injection
Vulnerabilities During Data Upload
Classic Software Vulnerabilities within the Application (Buffer Overflows, etc.)
Directory Traversal
SSL Man in the Middle and SSL Vulnerabilities
Systematic Password Guessing
Systematic Guessing/Predicting of Session IDs
(Advanced) Cross-Site Scripting
Session Fixation
Web Spoofing
Phishing
(Advanced) SQL Injection

Systems covered:
Unix or Windows-based Web servers, databases, application servers, etc.

Target group:
Administrators and security officers who are not afraid to see security through the eyes of the attacker, and thus to delve very deeply into the attacker's world. It is also of interest to developers and administrators of Web servers and e-business systems.

Prerequisite:
Basic knowledge of web servers, HTTP and HTML.
Prior participation in the course "Extreme Hacking“ is helpful.

Further information www.cirosec.de.

Max. number of attendees: 15 people

Price: 2.000,– €

Date: February 09th – 10th 2009 – the two days before IT-Defense 2009

Location:
Dorint Sanssouci Berlin/Potsdam
Jägerallee 20
14469 Potsdam
Germany