Hack In The Box Training

Due to some reason, I can’t attend Hack In The Box Tech Training I – Web Application – Attack and Defence. I am selling my seat ticket to other people who are interest at the price of RM1800.

For those who are interested, please contact me at 012 454 6360 or email to paul [at] takizo.com

What will Web Application – Attack and Defence covered?

Introduction to web applications
1. Components of a web application
2. Basics of web technologies and protocol information
3. Evolution of technologies and impact on security
4. Understanding other basic web security-related concepts
5. Learning tools like netcat, achilles etc. to understand its usage and
6. Application. (Hands on for the group)

Web Hacking – Areas of attack

Various attacks will be covered in detail with demonstration followed by hands on exercises. Following is a brief list of attacks.

1. Cross-site scripting attacks
2. SQL Query Injection
3. Session Hijacking
4. Buffer Overflows
5. Java Decompilation
6. HTTP brute forcing
7. Trojan Horses and Malware products
8. Form Manipulation, Query Poisoning
9. Input Validation,Parameter Tampering
10. Authentication
11. Information leakage
12. File operations
13. Client-side manipulations
14. Cryptography
15. Error/Exception handling

Attack and Defense strategies
1. Impact of attacks
2. Risk analysis
3. Countermeasures
4. Defense strategies and methods

Assessment Methodology and Defending Applications
1. Footprinting and Discovery
2. Reconnaissance – Profiling a web application
3. Black-box and White-box testing
4. Exploiting vulnerabilities
5. Defending applications
6. Secure coding strategies

Web Services Assessment
1. Footprinting
2. Discovery
3. Technology Identification
4. Attack vector for web services
5. Defense methods
6. Toolkit – wsChess (http://www.net-square.com/wschess) play around and learn more from Author of the toolkit.

Hands-on : The training programme will end with an “assessment challenge” – a live Web Application. Working with time constraints, participants are expected to analyze the application, identify and exploit loopholes and apply all defense strategies learnt, to secure the application.

For more information, check our Hack In The Box website