Arete Software (Securing IT)
Contact us
Portfolio    |     Clients    |    Partners    |    Contact us    |    About us    |    Careers   
Arete InfoSec Arete Consultant Pvt. Ltd Arete Innovation & Incubation Centre
space
    Government
    Popular Courses
    Corporate
    Professionals
    Students
 
Home » Info Security Training » Web Defenses

Web Defenses

DAY 1

Morning Session

MAPPING THE APPLICATION

  • Profiling
  • Determining Technologies in Use
  • Dissecting a Request
  • Learning the Behaviour of the Application
  • Content discovery

BYPASSING CLIENT CONTROLS

  • Bypassing HTML Controls
  • JavaScript and VbScript
  • Java
  • ActiveX
  • Securing Client-Side Content

AUTHENTICATION VULNERABILITIES

  • Design flaws in authentication mechanisms
  • Implementation flaws in authentication
  • Securing authentication

VULNERABLE SESSION MANAGEMENT

  • Background to session management
  • Weaknesses in session token generation
  • Weaknesses in session token handling
  • Securing session management


Post Lunch Session


Vulnerability Detection and Countermeasures

  • Authentication
  • Authorization
  • SQL and XSS
  • Session Management
  • Client side
  • Web 2.0 component vulnerabilities (RSS, Mashups, Widgets etc.)
  • Etc.

Securing Code

  • Input validations
  • Error handling
  • Session hardening
  • Logs and Tracing
  • Traps for hackers
  • Assembly hardening
  • Guarding application code

BROKEN ACCESS CONTROLS

  • Common vulnerabilities
  • Attacking access controls
  • Attacking access controls
  • Securing access controls

VULNERABILITIES - INJECTION

  • Interpreted Languages
  • SQL Injection
  • LDAP Injection
  • Command Injection
  • XML Injection


DAY 2


Morning Session

PATH TRAVERSAL

  • Common vulnerabilities
  • Detecting and exploiting path traversal vulnerabilities
  • Avoiding path traversal vulnerabilities

INFORMATION DISCLOSURE

  • Common vulnerabilities
  • Preventing informati on leakage
  • Google Hacking

ATTACKING OTHER USERS

  • Cross-Site Scripting
  • Redirection attacks
  • HTTP header injection
  • Frame injection
    Cross-site request forgery (XSRF)
  • Session fixation
  • Attacking ActiveX controls
  • Advanced exploitation techniques

CLASSIC VULNERABILITIES

  • Classic vulnerabilities in web applications
  • Buffer overflows
  • Integer vulnerabilities
  • Format String Bugs

FLAWS IN WEB APPLICATION ARCHITECTURE

  • The Tiered Architecture
  • Shared Hosting Environments
  • Application Service Providers (ASPs)
  • Third Party Systems

WEB SERVER FLAWS

  • (Mis)Configuration
  • Web Server Vulnerabilities


Post Lunch Session

A WEB APPLICATION ASSESSMENT TOOLKIT

  • Web Browsers
  • Site Spiders
  • Vulnerability Scanners
  • Local Proxies
  • Brute Forcing Tools
  • Custom Toolkits

IDENTIFYING VULNERABILITIES IN SOURCE CODE

  • Approaches to code review
  • Signatures of common vulnerabilities
  • Java
  • ASP.NET
  • PHP
  • Perl
  • SQL

Advanced attacks and defense

  • XPATH injection
  • XML and Schema poisoning
  • Blind SQL injection
  • XSS proxy attacks
  • Browser hijacking
  • Intranet scanning
  • Javascript exploitation

Top

         
    Home
    About us
    Portfolio
    Clients
    Partners
    Contacts us
    Sitemap
    Terms of use
Software Development
Corporate Website
ERP
E-Commerce
CMS
Portal
Hosting
Content Writing
Info. Security Products
Web Application Scanner
Network Security
Password Recovery
Forensics
Info Security Services
Managed Security
Comliances & Certification
VAPT
Info Security Training
Cyber Forensics
Ethical Hacking
Government Training
Corporate Training
Professionals Training
Students Training
         
© Copyright 2010 Arete Software. All rights reserved. An ISO 9001:2008 Certified Company  |  XML-Sitemap