Foundstone Ultimate Hacking: Web
With every application that an organization brings online or with every e-business that goes live, malicious hackers are waiting to attack. This class provides security professionals with the knowledge and tools to recognize software vulnerabilities, develop countermeasures, and perform ongoing assessments of these Internet-facing applications. In a hands-on setting, instructors offer demonstrations on how attackers can access corporate information with little more than a web browser.
What You'll Learn
- Strategic, tactical, and operational countermeasures to prevent hackers from exploiting web-based applications
- Security considerations unique to secure web applications
- Thorough knowledge of popular web application and infrastructure vulnerabilities including SQL injection, cross site scripting, authentication/authorization issues, and session management weaknesses
- Configuration and usage of web security tools including Nikto, Paros, Fiddler, Brutus, OpenSSL, and SSLDigger
Who Needs to Attend
Developers, system and network administrators, QA testing personnel, auditors, consultants, and/or web designers concerned with web security should take this course.
Basic UNIX and Microsoft Windows competency is recommended.
- Foundstone Building Secure Software
- Foundstone Writing Secure Code: Java (J2EE)
- Foundstone Writing Secure Code - ASP.NET (C#)
1. Web Technology and Testing Tools
- Preparation and Planning
- HTTP Overview
- Profiling the Environment
2. Data Validation Attacks
- Parameter Manipulation
- Cross-Site Scripting
- Data Validation
- SQL Injection
- Other Browser Attacks
3. Other Web Attacks
- Information Disclosure
- User Management
- Session Management
- Other Injection Attacks
4. Authorization, Non-Browser Clients, and Automated Scanners
- Other Clients
- Automated Web Application Vulnerability Scanning
All topics are supported by hands-on exercises specifically designed to increase knowledge retention. Classroom exercises provide the basic hands-on experience needed to secure web applications and Internet-facing software.