Security

Foundstone Ultimate Hacking: Web

Classroom Learning
Classroom Learning
Also available via

Who Needs to Attend

System and network administrators, security personnel, auditors, consultants, and/or web designers concerned with web security should take this course. Basic UNIX and Windows competency is required for the course to be fully beneficial

 

Prerequisites

We recommend experience in web development and web programming, a basic UNIX and Windows NT competency, and a basic understanding of security principles.

 

Follow-On Courses

 

With every application that an organization brings online or with every e-business that goes live, malicious hackers are waiting to attack. This class provides security professionals with the knowledge and tools to recognize software vulnerabilities, develop countermeasures, and perform ongoing assessments of these Internet-facing applications. In a hands-on setting, instructors offer demonstrations on how attackers can access corporate information with little more than a web browser.

Continuing Education Credit
This course qualifies for up to 32 hours of CPE for CISSP/SSCP holders and 28 hours of CE for CISA/CISM holders.

What You'll Learn

 

  • Strategic, tactical, and operational countermeasures to prevent hackers from exploiting web-based applications
  • Security considerations unique to secure web applications
  • Thorough knowledge of popular web application and infrastructure vulnerabilities including SQL injection, cross site scripting, authentication/authorization issues, and session management weaknesses
  • Configuration and usage of web security tools including Nikto, Paros, Fiddler, Brutus, OpenSSL, and SSLDigger

Course Outline

 

Day 1: Web Technology and Testing Tools

1. Introduction and Example Attacks

2. Preparation and Planning

3. HTTP Overview

  • HTTP Methods
  • HTTP Headers
    • Cookies
    • Referer
    • User Agent
  • Using MITM Proxies (Fiddler, Paros)
  • HTTP Authentication
    • Basic
    • Digest
    • Forms
  • HTTP Response Codes

4. Profiling the Environment

  • Profiling Web Server Types
  • Profiling Application Technology including Cookies, Extensions, URL Patterns, and Comments
  • Known Vulnerabilities
  • SSL
  • Site Mapping
  • Spidering and Mirroring Sites with Wget, SpiderZilla, Paros (manual)
  • Client-Side Information Leakage

Day 2: Common Application Weaknesses

1. Parameter Manipulation

2. Cross-Site Scripting

  • Reflected XSS
  • Stored XSS
  • Attacking Intranets from Outside
  • XSS Exploitation Frameworks

3. Data Validation

  • Ineffective Methods
  • Input Validation
  • Output Encoding
  • Trust Boundaries
  • Data Encoding
  • XSS Specific Validation

4. SQL Injection

  • Basic Injection
  • Union Queries
    • Blind Injection
  • SQL Injection Tools
  • Other Enumeration Techniques
  • Stored Procedures
  • SQL-Specific Data Validation

5. Other Browser Attacks

  • URL Redirection
  • HTTP Header Injection
  • HTTP Response Splitting
  • Browser Exploits

Day 3: Less Notorious Application Weaknesses

6. Information Disclosure

  • Page Caching
  • Autocomplete
  • Cookie Leakage
  • Error Messages

7. Authentication

  • Authentication vs. Identification
  • Authentication Mechanisms
  • Best Practices

8. User Management

  • Broken User Management
  • User Management Fundamentals
  • Information Leakage through Password Reminder Schemes, etc.
  • Password Storage
  • Brute Force Attacks
  • Account Lockout
  • Reverse Brute Force Attacks

9. Session Management

  • Session Management Recap
  • Weak Session Identifiers
  • Analyzing Session Tokens
  • Sessions Maintained on Client Side

10. Cross-Site Request Forgery

11. Other Injection Attacks

  • LDAP Injection
  • XPATH Injection
  • XML Injection
  • Directory Traversal
  • Command Injection

Day 4: Authorization, Non-Browser Clients, and Automated Scanners

12. Authorization

  • Authorization Models
  • What Happens When It Goes Wrong
  • Privilege Escalation
    • Horizontal
    • Vertical
  • Bad Authorization Design and Implementation

13. Other Clients

  • Rich Web Clients
    • AJAX
    • JSON
    • Java/Flash/Silverlight/Flex
  • Thick Clients
    • SOAP
    • Intercepting Communications
    • Common Patterns and Anti-Patterns
  • Mobile Devices
    • WAP
    • Intercepting Communications

14. Automated Web Application Vulnerability Scanning

  • Full-Featured
  • Point Scanners/Manual Assistants
  • Strengths and Weaknesses

15. Wrap-Up/Methodology

  • Web App Testing Methodology Development

Labs

 

All topics are supported by hands-on exercises specifically designed to increase knowledge retention. Classroom exercises provide the basic hands-on experience needed to secure web applications and Internet-facing software.

Classroom Dates and Locations

DateClick to Sort Location DetailsClick to Sort  
Nov 30 - Dec 3, 2010Washington, DCRegister

 

Don’t see the location or date you need? No problem – just use our By Request service.

Course Code: 9815

Also Available

Online IT Library $399
2 College Credits$200

Resources

PDF of this course

 

Foundstone