Web Application: Attacks and Defense - Shreeraj Shah

Bellua Cyber Security Asia 2005 - The Workshops,

Shreeraj Shah
Web Application: Attacks and Defense

Date:21-22 March 2005
Length:2 Days
Venue: Hotel Borobudur, Jakarta - Indonesia.
Cost: US$1500 including refreshments, lunch, materials and certificate of completion.
Requirement:
Students should bring their laptop to participate in interactive hands-on training.
Synopsis:
Beginning with an introduction to Web applications, the participants will be offered an insight into web hacks and their resulting effects, followed by thorough assessment methodologies and defense strategies for varying environments.
Introduction to web applications
  • Components of a web application
  • Basics of web technologies and protocol information
  • Evolution of technologies and impact on security
  • Understanding other basic web security-related concepts
  • Learning tools like netcat, achilles etc. to understand its usage and application. (Hands on for the group)
Web Hacking - Areas of attack
Various attacks will be covered in detail with demonstration followed by hands on exercises. Following is a brief list of attacks.
  • Cross-site scripting attacks
  • SQL Query Injection
  • Session Hijacking
  • Buffer Overflows
  • Java Decompilation
  • HTTP brute forcing
  • Trojan Horses and Malware products
  • Form Manipulation, Query Poisoning
  • Input Validation,Parameter Tampering
  • Authentication
  • Information leakage
  • File operations
  • Client-side manipulations
  • Cryptography
  • Error/Exception handling
Attack and Defense strategies
  • Impact of attacks
  • Risk analysis
  • Countermeasures
  • Defense strategies and methods
Assessment Methodology and Defending Applications
  • Reconnaissance - Profiling a web application
  • Black-box and White-box testing
  • Exploiting vulnerabilities
  • Defending applications
  • Secure coding strategies
Web Services Assessment
  • Footprinting
  • Discovery
  • Technology Identification
  • Attack vector for web services
  • Defense methods
Hands-on
The training programme will end with an "assessment challenge" - a live Web Application. Working with time constraints, participants are expected to analyze the application, identify and exploit loopholes and apply all defense strategies learnt, to secure the application.
Date:21-22 March 2005
Length:2 Days
Venue: Hotel Borobudur, Jakarta - Indonesia.
Cost: US$1500 including refreshments, lunch, materials and certificate of completion.

Shreeraj Shah
About the Tutor

Shreeraj Shah founded Net-Square in January 2000, to establish the company as a strong security research and security software development company.

He leads research and development arm of Net Square. He has over 7 years of experience with system security architecture, system administration, network architecture, web application development, security consulting and has performed network penetration testing and application evaluation exercises for many significant companies in the IT arena. In the past Shreeraj worked with Foundstone, Chase Bank and IBM in area of web security. Shreeraj graduated from Marist College with a Masters in Computer Science, and has a strong research background in computer networking, application development, and object-oriented programming. He received his graduate degree in Computer Engineering from Gujarat University, and an MBA from Nirma Institute of Management, India.

Shreeraj is the author of a book titled "Web Hacking: Attacks and Defense" published by Addison Wesley. Shreeraj spoke at many conferences including HackInTheBox, RSA, Blackhat...

PT Bellua Asia Pacific - Bellua Cyber Security Conferences & Workshops