Võta ühendust:
+372 618 1720
info@koolitus.ee

Web Application Security (WAS)

ITK-496

Aeg: 27.02 - 07.12.2018, kell 09:00 Maht: 32 ak. tundi Koht: 8. korrus, Lõõtsa 12, Tallinn
Hind:
1 400 € (+ km 20%)

Koolituse kokkuvõte:

Koolitus toimub koostöös Clarified Security-ga.

This training focuses on attacks so that the need for defence is better understood. OWASP project should be the bible of everyone dealing with WebApp development and security and OWASP ASVS (Application Security Verification Standard) is one of the golden standards of WebApp security testing. This training will cover all WebApp attack types and instills this knowledge with lot of hands-on exercises. With first-hand experience in those attacks, participants are better armed with understanding the attacks and why they are conducted.

Trainers will engage participants with lectures, live attack demonstrations and practical examples followed by individual hands-on exercise scenarios. Training is interactive, practical, and besides active participation also full of attack stories that help to change the perspective and understanding of real life security threats.

Koolitus toimub neljal päeval:

  • 27.02-28.02 WAS Client-Side attacks
  • 06.-07.03 WAS Server-Side attacks

NB! Koolitus on inglise keeles.

Kellele koolitus on suunatud:

WebApp developers, maintainers, web server or hosting providers/administrators, information security specialists and managers, testers

Koolitaja: Marko Belzetski


Koolituse sisukord:

Web Application security essentials (4 parts, 8 lectures with practical demos and exercises for each vulnerability, including complex attack scenarios):

Client-Side attacks

  • Introduction, Client-Server system
  • OWASP (Top 10, ASVS)
  • Input data
  • GET vs POST
  • HTTP vs HTTPS
  • Controlling the thick client (Java applet, Flash, etc.,)
  • XSS (Cross-Site-Scripting)
  • Session security, cookies, session hijacking
  • OSRF/CSRF (On-Site and Cross-Site Request Forgery)
  • UI Redress Attacks (inc ClickJacking, CursorJacking)
  • Combined client side attacks

Server-Side attacks

  • Password security, crypto, brute-force, dictionary, sensitive data
  • Authentication and authorization errors, "remember me" features
  • Business logic implementation errors
  • Direct Object Reference mistakes
  • SQL injection
  • Code and Command injection
  • source code and structure defence, attack code upload, configuration
  • File handling (file extensions, public folder, execution, enumeration and quessing, meta info)
  • File inclusion (LFI, RFI, RCE, NULL-Byte)
  • File upload
  • Other file insertion vectors (log files)
  • Configuration (Java/PHP, error messages (what to show & what to log), Apache, file permissions)
  • Google hacking

Seotud koolitused

15.04-19.04.2019 5 päeva Security+ 990 € (+ km 20%)
1 päeva Secure Logging (LogSec) 350 € (+ km 20%)